Improve basic auth credentials handling in replicator #3586

Previously, there were two ways to pass in basic auth credentials for endpoints -- using URL's userinfo part and encoding the them in an `"Authorization": "basic ..."` header. Neither one is ideal for these reasons: * Passwords in userinfo doesn't allow using ":", "@" and other characters. However, even after switching to always unquoting them like we did recently [1], would break authentication for usernames or passwords previously containing "+" or "%HH" patterns, as "+" might now be decoded to a " ". * Base64 encoded headers need an extra step to encode them. Also, quite often these encoded headers are confused as being "encrypted" and shared in a clear channel. To improve this, revert the recent commit to unquote URL userinfo parts to restore backwards compatibility, and introduce a way to pass in basic auth credentials in the "auth" object. The "auth" object was already added a while back to allow authentication plugins to store their credentials in it. The format is: ``` "source": { "url": "https://host/db", "auth": { "basic": { "username":"myuser", "password":"mypassword" } } } ``` {"auth" : "basic" : {...}} object is checked first, and if credentials are provided, they will be used. If they are not then userinfo and basic auth header will be parsed. Internally, there was a good amount duplication related to parsing credentials from userinfo and headers in replication ID generation logic and in the auth session plugin. As a cleanup, consolidate that logic in the `couch_replicator_utils` module. [1] f672b91

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Improve basic auth credentials handling in replicator #3586

Improve basic auth credentials handling in replicator #3586

Commits on Jun 1, 2021