You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ro...@apache.org on 2023/02/15 09:31:39 UTC
[couchdb] branch upgrade-proxy-hash created (now a499691d7)
This is an automated email from the ASF dual-hosted git repository.
ronny pushed a change to branch upgrade-proxy-hash
in repository https://gitbox.apache.org/repos/asf/couchdb.git
at a499691d7 Upgrade hash algorithm for proxy auth
This branch includes the following new commits:
new a499691d7 Upgrade hash algorithm for proxy auth
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[couchdb] 01/01: Upgrade hash algorithm for proxy auth
Posted by ro...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
ronny pushed a commit to branch upgrade-proxy-hash
in repository https://gitbox.apache.org/repos/asf/couchdb.git
commit a499691d7add02d500e24cec3820854f58346625
Author: Ronny Berndt <ro...@apache.org>
AuthorDate: Wed Feb 15 10:29:48 2023 +0100
Upgrade hash algorithm for proxy auth
Use configured hash algorithms for proxy auth.
---
src/couch/src/couch_httpd_auth.erl | 38 ++++++++++++++++++++++++++------------
1 file changed, 26 insertions(+), 12 deletions(-)
diff --git a/src/couch/src/couch_httpd_auth.erl b/src/couch/src/couch_httpd_auth.erl
index 4a7b217d1..eb292a649 100644
--- a/src/couch/src/couch_httpd_auth.erl
+++ b/src/couch/src/couch_httpd_auth.erl
@@ -201,20 +201,34 @@ proxy_auth_user(Req) ->
undefined ->
Req#httpd{user_ctx = #user_ctx{name = ?l2b(UserName), roles = Roles}};
Secret ->
- ExpectedToken = couch_util:to_hex(
- couch_util:hmac(sha, Secret, UserName)
- ),
- case header_value(Req, XHeaderToken) of
- Token when Token == ExpectedToken ->
- Req#httpd{
- user_ctx = #user_ctx{
- name = ?l2b(UserName),
- roles = Roles
- }
- };
- _ ->
+ HashAlgorithms = couch_util:get_config_hash_algorithms(),
+ Token = header_value(Req, XHeaderToken),
+ VerifyTokens = fun(HashAlg) ->
+ Hmac = couch_util:hmac(HashAlg, Secret, UserName),
+ couch_passwords:verify(Hmac, Token)
+ end,
+ case lists:any(VerifyTokens, HashAlgorithms) of
+ true -> Req#httpd{
+ user_ctx = #user_ctx{
+ name = ?l2b(UserName),
+ roles = Roles
+ }
+ };
+ false ->
nil
+
end
+%% case header_value(Req, XHeaderToken) of
+%% Token when Token == ExpectedToken ->
+%% Req#httpd{
+%% user_ctx = #user_ctx{
+%% name = ?l2b(UserName),
+%% roles = Roles
+%% }
+%% };
+%% _ ->
+%% nil
+%% end
end;
false ->
Req#httpd{user_ctx = #user_ctx{name = ?l2b(UserName), roles = Roles}}