You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@couchdb.apache.org by rn...@apache.org on 2020/01/20 13:14:28 UTC

[couchdb] branch infinite-loop-auth created (now b946457)

This is an automated email from the ASF dual-hosted git repository.

rnewson pushed a change to branch infinite-loop-auth
in repository https://gitbox.apache.org/repos/asf/couchdb.git.


      at b946457  Fix infinite loop in default_authentication_handler

This branch includes the following new commits:

     new b946457  Fix infinite loop in default_authentication_handler

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[couchdb] 01/01: Fix infinite loop in default_authentication_handler

Posted by rn...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

rnewson pushed a commit to branch infinite-loop-auth
in repository https://gitbox.apache.org/repos/asf/couchdb.git

commit b94645752f374847e70821137cc6eba53d83c944
Author: Robert Newson <rn...@apache.org>
AuthorDate: Mon Jan 20 13:13:39 2020 +0000

    Fix infinite loop in default_authentication_handler
---
 src/chttpd/src/chttpd_auth.erl     | 8 +++++---
 src/couch/src/couch_httpd_auth.erl | 5 -----
 2 files changed, 5 insertions(+), 8 deletions(-)

diff --git a/src/chttpd/src/chttpd_auth.erl b/src/chttpd/src/chttpd_auth.erl
index 45e1190..607f09a 100644
--- a/src/chttpd/src/chttpd_auth.erl
+++ b/src/chttpd/src/chttpd_auth.erl
@@ -55,10 +55,12 @@ party_mode_handler(#httpd{method='POST', path_parts=[<<"_session">>]} = Req) ->
     % See #1947 - users should always be able to attempt a login
     Req#httpd{user_ctx=#user_ctx{}};
 party_mode_handler(Req) ->
-    case config:get("chttpd", "require_valid_user", "false") of
-    "true" ->
+    RequireValidUser = config:get_boolean("chttpd", "require_valid_user", false),
+    ExceptUp = config:get_boolean("chttpd", "require_valid_user_except_for_up", true),
+    case RequireValidUser andalso not ExceptUp of
+    true ->
         throw({unauthorized, <<"Authentication required.">>});
-    "false" ->
+    false ->
         case config:get("admins") of
         [] ->
             Req#httpd{user_ctx = ?ADMIN_USER};
diff --git a/src/couch/src/couch_httpd_auth.erl b/src/couch/src/couch_httpd_auth.erl
index 96de5bf..5e44503 100644
--- a/src/couch/src/couch_httpd_auth.erl
+++ b/src/couch/src/couch_httpd_auth.erl
@@ -88,11 +88,6 @@ basic_name_pw(Req) ->
 default_authentication_handler(Req) ->
     default_authentication_handler(Req, couch_auth_cache).
 
-default_authentication_handler(#httpd{path_parts=[<<"_up">>]}=Req, AuthModule) ->
-    case config:get_boolean("chttpd", "require_valid_user_except_for_up", false) of
-        true -> Req#httpd{user_ctx=?ADMIN_USER};
-        _False -> default_authentication_handler(Req, AuthModule)
-    end;
 default_authentication_handler(Req, AuthModule) ->
     case basic_name_pw(Req) of
     {User, Pass} ->