You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ja...@apache.org on 2016/04/25 18:29:16 UTC
chttpd commit: updated refs/heads/fix-users-doc-in-conflict to
9100e32 [Forced Update!]
Repository: couchdb-chttpd
Updated Branches:
refs/heads/fix-users-doc-in-conflict 1a1ba2a29 -> 9100e321d (forced update)
restore 1.x behaviour: user docs in conflict cannot login
Adds config option chttpd_auth/allow_conflicted_user_docs to toggle
this behaviour. The default is to not allow conflicted user docs to
log in successfully.
Project: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/commit/9100e321
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/tree/9100e321
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/diff/9100e321
Branch: refs/heads/fix-users-doc-in-conflict
Commit: 9100e321d43690f448895371af83971358793a1a
Parents: 1ca8642
Author: Jan Lehnardt <ja...@apache.org>
Authored: Sun Apr 24 01:28:32 2016 +0200
Committer: Jan Lehnardt <ja...@apache.org>
Committed: Mon Apr 25 18:29:07 2016 +0200
----------------------------------------------------------------------
src/chttpd_auth_cache.erl | 32 +++++++++++++++++++++++++++-----
1 file changed, 27 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/blob/9100e321/src/chttpd_auth_cache.erl
----------------------------------------------------------------------
diff --git a/src/chttpd_auth_cache.erl b/src/chttpd_auth_cache.erl
index 8a64ae7..8f0c576 100644
--- a/src/chttpd_auth_cache.erl
+++ b/src/chttpd_auth_cache.erl
@@ -48,10 +48,7 @@ get_user_creds(_Req, UserName) when is_binary(UserName) ->
couch_util:get_value(<<"roles">>, UserProps))
end
end,
- case Resp of
- nil -> nil;
- _ -> {ok, Resp, nil}
- end.
+ maybe_validate_user_creds(Resp).
update_user_creds(_Req, UserDoc, _Ctx) ->
{_, Ref} = spawn_monitor(fun() ->
@@ -163,7 +160,7 @@ changes_callback({error, _}, EndSeq) ->
exit({seq, EndSeq}).
load_user_from_db(UserName) ->
- try fabric:open_doc(dbname(), docid(UserName), [?ADMIN_CTX, ejson_body]) of
+ try fabric:open_doc(dbname(), docid(UserName), [?ADMIN_CTX, ejson_body, conflicts]) of
{ok, Doc} ->
{Props} = couch_doc:to_json_obj(Doc, []),
Props;
@@ -209,3 +206,28 @@ update_doc_ignoring_conflict(DbName, Doc, Options) ->
throw:conflict ->
ok
end.
+
+maybe_validate_user_creds(nil) ->
+ nil;
+maybe_validate_user_creds(UserCreds) ->
+ AllowConflictedUserDocs = config:get_boolean("chttpd_auth", "allow_conflicted_user_docs", false),
+ maybe_validate_user_creds(UserCreds, AllowConflictedUserDocs).
+
+maybe_validate_user_creds(UserCreds, false) ->
+ {ok, UserCreds, nil};
+maybe_validate_user_creds(UserCreds, true) ->
+ validate_user_creds(UserCreds).
+
+% throws if UserCreds includes a _conflicts member
+% returns UserCreds otherwise
+validate_user_creds(UserCreds) ->
+ case couch_util:get_value(<<"_conflicts">>, UserCreds) of
+ undefined ->
+ ok;
+ _ConflictList ->
+ throw({unauthorized,
+ <<"User document conflicts must be resolved before the document",
+ " is used for authentication purposes.">>
+ })
+ end,
+ {ok, UserCreds, nil}.