You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ja...@apache.org on 2011/11/13 13:07:14 UTC
git commit: Fix OAuth validation when using the rewriter.
Updated Branches:
refs/heads/master 2b80b5995 -> c307ba95c
Fix OAuth validation when using the rewriter.
Patch by Klaus Trainer.
Closes COUCHDB-1321
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/c307ba95
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/c307ba95
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/c307ba95
Branch: refs/heads/master
Commit: c307ba95c6edcb0708b948c5fc55d8a6a6192e40
Parents: 2b80b59
Author: Jan Lehnardt <ja...@apache.org>
Authored: Sun Nov 13 13:06:16 2011 +0100
Committer: Jan Lehnardt <ja...@apache.org>
Committed: Sun Nov 13 13:07:05 2011 +0100
----------------------------------------------------------------------
share/www/script/test/oauth.js | 24 ++++++++++++++++++++++++
src/couchdb/couch_httpd_oauth.erl | 13 +++++++++++--
src/couchdb/couch_httpd_rewrite.erl | 8 +++++++-
3 files changed, 42 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/c307ba95/share/www/script/test/oauth.js
----------------------------------------------------------------------
diff --git a/share/www/script/test/oauth.js b/share/www/script/test/oauth.js
index 82ebe8a..9915bff 100644
--- a/share/www/script/test/oauth.js
+++ b/share/www/script/test/oauth.js
@@ -22,10 +22,13 @@ couchTests.oauth = function(debug) {
var dbA = new CouchDB("test_suite_db_a", {"X-Couch-Full-Commit":"false"});
var dbB = new CouchDB("test_suite_db_b", {"X-Couch-Full-Commit":"false"});
+ var dbC = new CouchDB("test_suite_db_c", {"X-Couch-Full-Commit":"false"});
dbA.deleteDb();
dbA.createDb();
dbB.deleteDb();
dbB.createDb();
+ dbC.deleteDb();
+ dbC.createDb();
// Simple secret key generator
function generateSecret(length) {
@@ -197,6 +200,27 @@ couchTests.oauth = function(debug) {
});
T(result.ok);
+ // Test if rewriting doesn't break OAuth (c.f. COUCHDB-1321)
+ var dbC = new CouchDB("test_suite_db_c", {
+ "X-Couch-Full-Commit":"false",
+ "Authorization": adminBasicAuthHeaderValue()
+ });
+ var ddocId = "_design/"+ i + consumerKey;
+ var ddoc = {
+ _id: ddocId,
+ language: "javascript",
+ _attachments:{
+ "bar": {
+ content_type:"text/plain",
+ data: "VGhpcyBpcyBhIGJhc2U2NCBlbmNvZGVkIHRleHQ="
+ }
+ },
+ rewrites: [{"from": "foo/:a", "to": ":a"}]
+ };
+ T(dbC.save(ddoc).ok);
+ xhr = oauthRequest("GET", CouchDB.protocol + host + "/test_suite_db_c/" + ddocId + "/_rewrite/foo/bar", message, accessor);
+ T(xhr.status == expectedCode);
+
// Test auth via admin user defined in .ini
var message = {
parameters: {
http://git-wip-us.apache.org/repos/asf/couchdb/blob/c307ba95/src/couchdb/couch_httpd_oauth.erl
----------------------------------------------------------------------
diff --git a/src/couchdb/couch_httpd_oauth.erl b/src/couchdb/couch_httpd_oauth.erl
index 05ee10e..4d58a88 100644
--- a/src/couchdb/couch_httpd_oauth.erl
+++ b/src/couchdb/couch_httpd_oauth.erl
@@ -130,7 +130,16 @@ serve_oauth(#httpd{mochi_req=MochiReq}=Req, Fun, FailSilently) ->
end,
HeaderParams = oauth_uri:params_from_header_string(AuthHeader),
%Realm = couch_util:get_value("realm", HeaderParams),
- Params = proplists:delete("realm", HeaderParams) ++ MochiReq:parse_qs(),
+
+ % get requested path
+ RequestedPath = case MochiReq:get_header_value("x-couchdb-requested-path") of
+ undefined -> MochiReq:get(raw_path);
+ RequestedPath0 -> RequestedPath0
+ end,
+ {_, QueryString, _} = mochiweb_util:urlsplit_path(RequestedPath),
+
+ Params = proplists:delete("realm", HeaderParams) ++ mochiweb_util:parse_qs(QueryString),
+
?LOG_DEBUG("OAuth Params: ~p", [Params]),
case couch_util:get_value("oauth_version", Params, "1.0") of
"1.0" ->
@@ -147,7 +156,7 @@ serve_oauth(#httpd{mochi_req=MochiReq}=Req, Fun, FailSilently) ->
couch_httpd:send_error(Req, 400, <<"invalid_consumer">>, <<"Invalid consumer (key or signature method).">>);
Consumer ->
Signature = couch_util:get_value("oauth_signature", Params),
- URL = couch_httpd:absolute_uri(Req, MochiReq:get(raw_path)),
+ URL = couch_httpd:absolute_uri(Req, RequestedPath),
Fun(URL, proplists:delete("oauth_signature", Params),
Consumer, Signature)
end
http://git-wip-us.apache.org/repos/asf/couchdb/blob/c307ba95/src/couchdb/couch_httpd_rewrite.erl
----------------------------------------------------------------------
diff --git a/src/couchdb/couch_httpd_rewrite.erl b/src/couchdb/couch_httpd_rewrite.erl
index 8480c1e..bf93478 100644
--- a/src/couchdb/couch_httpd_rewrite.erl
+++ b/src/couchdb/couch_httpd_rewrite.erl
@@ -165,6 +165,12 @@ handle_rewrite_req(#httpd{
% normalize final path (fix levels "." and "..")
RawPath1 = ?b2l(iolist_to_binary(normalize_path(RawPath))),
+ % in order to do OAuth correctly,
+ % we have to save the requested path
+ Headers = mochiweb_headers:enter("x-couchdb-requested-path",
+ MochiReq:get(raw_path),
+ MochiReq:get(headers)),
+
?LOG_DEBUG("rewrite to ~p ~n", [RawPath1]),
% build a new mochiweb request
@@ -172,7 +178,7 @@ handle_rewrite_req(#httpd{
MochiReq:get(method),
RawPath1,
MochiReq:get(version),
- MochiReq:get(headers)),
+ Headers),
% cleanup, It force mochiweb to reparse raw uri.
MochiReq1:cleanup(),