You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ko...@apache.org on 2019/11/21 21:07:27 UTC
[couchdb] branch master updated: Don't require auth on login
attempts (#2321)
This is an automated email from the ASF dual-hosted git repository.
kocolosk pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/couchdb.git
The following commit(s) were added to refs/heads/master by this push:
new 5ec35a9 Don't require auth on login attempts (#2321)
5ec35a9 is described below
commit 5ec35a949349751f34a0eca5fb2fc0267168fdc2
Author: Adam Kocoloski <ko...@apache.org>
AuthorDate: Thu Nov 21 13:07:16 2019 -0800
Don't require auth on login attempts (#2321)
Previously with require_valid_user=true configured a user would need to
supply Basic auth credentials in order to login via the _session
endpoint (or have some otgher Catch-22 way of using an existing
session). This patch makes it so that any attempt to POST to _session
is allowed to proceed.
Closes #1947.
---
src/chttpd/src/chttpd_auth.erl | 3 +++
src/couch/test/eunit/couchdb_auth_tests.erl | 21 ++++++++++++++++++++-
2 files changed, 23 insertions(+), 1 deletion(-)
diff --git a/src/chttpd/src/chttpd_auth.erl b/src/chttpd/src/chttpd_auth.erl
index 6602468..45e1190 100644
--- a/src/chttpd/src/chttpd_auth.erl
+++ b/src/chttpd/src/chttpd_auth.erl
@@ -51,6 +51,9 @@ cookie_authentication_handler(Req) ->
proxy_authentication_handler(Req) ->
couch_httpd_auth:proxy_authentication_handler(Req).
+party_mode_handler(#httpd{method='POST', path_parts=[<<"_session">>]} = Req) ->
+ % See #1947 - users should always be able to attempt a login
+ Req#httpd{user_ctx=#user_ctx{}};
party_mode_handler(Req) ->
case config:get("chttpd", "require_valid_user", "false") of
"true" ->
diff --git a/src/couch/test/eunit/couchdb_auth_tests.erl b/src/couch/test/eunit/couchdb_auth_tests.erl
index ed2c064..19d32d0 100644
--- a/src/couch/test/eunit/couchdb_auth_tests.erl
+++ b/src/couch/test/eunit/couchdb_auth_tests.erl
@@ -21,9 +21,16 @@ setup(PortType) ->
Addr = config:get("httpd", "bind_address", "127.0.0.1"),
lists:concat(["http://", Addr, ":", port(PortType), "/_session"]).
+setup_require_valid_user(PortType) ->
+ ok = config:set("chttpd", "require_valid_user", "true", _Persist=false),
+ setup(PortType).
+
teardown(_, _) ->
ok.
+teardown_require_valid_user(_, _) ->
+ config:set("chttpd", "require_valid_user", "false", _Persist=false).
+
auth_test_() ->
Tests = [
@@ -31,6 +38,10 @@ auth_test_() ->
fun should_not_return_authenticated_field/2,
fun should_return_list_of_handlers/2
],
+ RequireValidUserTests = [
+ % See #1947 - this should work even with require_valid_user
+ fun should_return_username_on_post_to_session/2
+ ],
{
"Auth tests",
{
@@ -38,7 +49,8 @@ auth_test_() ->
fun() -> test_util:start_couch([chttpd]) end, fun test_util:stop_couch/1,
[
make_test_cases(clustered, Tests),
- make_test_cases(backdoor, Tests)
+ make_test_cases(backdoor, Tests),
+ make_require_valid_user_test_cases(clustered, RequireValidUserTests)
]
}
}.
@@ -49,6 +61,13 @@ make_test_cases(Mod, Funs) ->
{foreachx, fun setup/1, fun teardown/2, [{Mod, Fun} || Fun <- Funs]}
}.
+make_require_valid_user_test_cases(Mod, Funs) ->
+ {
+ lists:flatten(io_lib:format("~s require_valid_user=true", [Mod])),
+ {foreachx, fun setup_require_valid_user/1, fun teardown_require_valid_user/2,
+ [{Mod, Fun} || Fun <- Funs]}
+ }.
+
should_return_username_on_post_to_session(_PortType, Url) ->
?_assertEqual(<<"rocko">>,
begin