You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ro...@apache.org on 2023/02/15 09:31:40 UTC
[couchdb] 01/01: Upgrade hash algorithm for proxy auth
This is an automated email from the ASF dual-hosted git repository.
ronny pushed a commit to branch upgrade-proxy-hash
in repository https://gitbox.apache.org/repos/asf/couchdb.git
commit a499691d7add02d500e24cec3820854f58346625
Author: Ronny Berndt <ro...@apache.org>
AuthorDate: Wed Feb 15 10:29:48 2023 +0100
Upgrade hash algorithm for proxy auth
Use configured hash algorithms for proxy auth.
---
src/couch/src/couch_httpd_auth.erl | 38 ++++++++++++++++++++++++++------------
1 file changed, 26 insertions(+), 12 deletions(-)
diff --git a/src/couch/src/couch_httpd_auth.erl b/src/couch/src/couch_httpd_auth.erl
index 4a7b217d1..eb292a649 100644
--- a/src/couch/src/couch_httpd_auth.erl
+++ b/src/couch/src/couch_httpd_auth.erl
@@ -201,20 +201,34 @@ proxy_auth_user(Req) ->
undefined ->
Req#httpd{user_ctx = #user_ctx{name = ?l2b(UserName), roles = Roles}};
Secret ->
- ExpectedToken = couch_util:to_hex(
- couch_util:hmac(sha, Secret, UserName)
- ),
- case header_value(Req, XHeaderToken) of
- Token when Token == ExpectedToken ->
- Req#httpd{
- user_ctx = #user_ctx{
- name = ?l2b(UserName),
- roles = Roles
- }
- };
- _ ->
+ HashAlgorithms = couch_util:get_config_hash_algorithms(),
+ Token = header_value(Req, XHeaderToken),
+ VerifyTokens = fun(HashAlg) ->
+ Hmac = couch_util:hmac(HashAlg, Secret, UserName),
+ couch_passwords:verify(Hmac, Token)
+ end,
+ case lists:any(VerifyTokens, HashAlgorithms) of
+ true -> Req#httpd{
+ user_ctx = #user_ctx{
+ name = ?l2b(UserName),
+ roles = Roles
+ }
+ };
+ false ->
nil
+
end
+%% case header_value(Req, XHeaderToken) of
+%% Token when Token == ExpectedToken ->
+%% Req#httpd{
+%% user_ctx = #user_ctx{
+%% name = ?l2b(UserName),
+%% roles = Roles
+%% }
+%% };
+%% _ ->
+%% nil
+%% end
end;
false ->
Req#httpd{user_ctx = #user_ctx{name = ?l2b(UserName), roles = Roles}}