You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by rn...@apache.org on 2014/06/02 15:43:59 UTC
couch commit: updated refs/heads/master to 16af74e
Repository: couchdb-couch
Updated Branches:
refs/heads/master a932b9a23 -> 16af74eb8
Break up admin overlay code for reuse
Project: http://git-wip-us.apache.org/repos/asf/couchdb-couch/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-couch/commit/16af74eb
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-couch/tree/16af74eb
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-couch/diff/16af74eb
Branch: refs/heads/master
Commit: 16af74eb82181cfd097194aa216a9b9fb9c146fd
Parents: a932b9a
Author: Robert Newson <rn...@apache.org>
Authored: Mon Jun 2 14:43:35 2014 +0100
Committer: Robert Newson <rn...@apache.org>
Committed: Mon Jun 2 14:43:35 2014 +0100
----------------------------------------------------------------------
src/couch_auth_cache.erl | 51 +++++++++++++++++++++++++------------------
1 file changed, 30 insertions(+), 21 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb-couch/blob/16af74eb/src/couch_auth_cache.erl
----------------------------------------------------------------------
diff --git a/src/couch_auth_cache.erl b/src/couch_auth_cache.erl
index afc3b1f..c863ca1 100644
--- a/src/couch_auth_cache.erl
+++ b/src/couch_auth_cache.erl
@@ -15,7 +15,7 @@
-behaviour(config_listener).
% public API
--export([get_user_creds/1]).
+-export([get_user_creds/1, get_admin/1, add_roles/2]).
% gen_server API
-export([start_link/0, init/1, handle_call/3, handle_info/2, handle_cast/2]).
@@ -45,38 +45,47 @@ get_user_creds(UserName) when is_list(UserName) ->
get_user_creds(?l2b(UserName));
get_user_creds(UserName) ->
- UserCreds = case config:get("admins", ?b2l(UserName)) of
+ UserCreds = case get_admin(UserName) of
+ nil ->
+ get_from_cache(UserName);
+ Props ->
+ case get_from_cache(UserName) of
+ nil ->
+ Props;
+ UserProps when is_list(UserProps) ->
+ add_roles(Props, couch_util:get_value(<<"roles">>, UserProps))
+ end
+ end,
+ validate_user_creds(UserCreds).
+
+add_roles(Props, ExtraRoles) ->
+ CurrentRoles = couch_util:get_value(<<"roles">>, Props),
+ lists:keyreplace(<<"roles">>, 1, Props, {<<"roles">>, CurrentRoles ++ ExtraRoles}).
+
+get_admin(UserName) when is_binary(UserName) ->
+ get_admin(?b2l(UserName));
+get_admin(UserName) when is_list(UserName) ->
+ case config:get("admins", UserName) of
"-hashed-" ++ HashedPwdAndSalt ->
% the name is an admin, now check to see if there is a user doc
% which has a matching name, salt, and password_sha
[HashedPwd, Salt] = string:tokens(HashedPwdAndSalt, ","),
- case get_from_cache(UserName) of
- nil ->
- make_admin_doc(HashedPwd, Salt, []);
- UserProps when is_list(UserProps) ->
- make_admin_doc(HashedPwd, Salt, couch_util:get_value(<<"roles">>, UserProps))
- end;
+ make_admin_doc(HashedPwd, Salt);
"-pbkdf2-" ++ HashedPwdSaltAndIterations ->
[HashedPwd, Salt, Iterations] = string:tokens(HashedPwdSaltAndIterations, ","),
- case get_from_cache(UserName) of
- nil ->
- make_admin_doc(HashedPwd, Salt, Iterations, []);
- UserProps when is_list(UserProps) ->
- make_admin_doc(HashedPwd, Salt, Iterations, couch_util:get_value(<<"roles">>, UserProps))
- end;
+ make_admin_doc(HashedPwd, Salt, Iterations);
_Else ->
- get_from_cache(UserName)
- end,
- validate_user_creds(UserCreds).
+ nil
+ end.
-make_admin_doc(HashedPwd, Salt, ExtraRoles) ->
- [{<<"roles">>, [<<"_admin">>|ExtraRoles]},
+make_admin_doc(HashedPwd, Salt) ->
+ [{<<"roles">>, [<<"_admin">>]},
{<<"salt">>, ?l2b(Salt)},
{<<"password_scheme">>, <<"simple">>},
{<<"password_sha">>, ?l2b(HashedPwd)}].
-make_admin_doc(DerivedKey, Salt, Iterations, ExtraRoles) ->
- [{<<"roles">>, [<<"_admin">>|ExtraRoles]},
+make_admin_doc(DerivedKey, Salt, Iterations) ->
+ [{<<"roles">>, [<<"_admin">>]},
{<<"salt">>, ?l2b(Salt)},
{<<"iterations">>, list_to_integer(Iterations)},
{<<"password_scheme">>, <<"pbkdf2">>},