Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

cleanup patch for merge to trunk

git-svn-id: https://svn.apache.org/repos/asf/couchdb/branches/account@896982 13f79535-47bb-0310-9956-ffa450edef68
  • Loading branch information...
commit aa44e253f47089e249612c496df85798922ac546 1 parent 3a1f041
Chris Anderson jchris authored
7 share/www/script/couch_test_runner.js
@@ -164,10 +164,13 @@ function setupAdminParty(fun) {
164 164 }, "admins");
165 165 }
166 166 });
167   - } else {
168   - // not a logged in admin.
  167 + } else if (userCtx.roles.indexOf("_admin") != -1) {
  168 + // admin party!
169 169 readyToRun = true;
170 170 fun();
  171 + } else {
  172 + // not an admin
  173 + alert("Error: You need to be an admin to run the tests.");
171 174 };
172 175 }
173 176 });
1  share/www/script/jquery.couch.js
@@ -136,7 +136,6 @@
136 136 },
137 137 logout: function(options) {
138 138 options = options || {};
139   - // TODO this should also login as the logged-out guy using basic auth
140 139 $.ajax({
141 140 type: "DELETE", url: "/_session", dataType: "json",
142 141 username : "_", password : "_",
2  share/www/script/test/oauth.js
@@ -115,8 +115,6 @@ couchTests.oauth = function(debug) {
115 115 usersDb.createDb();
116 116
117 117 // Create a user
118   - // T(CouchDB.createUser("jason", "testpassword", "test@somemail.com", ['test'], adminBasicAuthHeaderValue()).ok);
119   - // Create a user
120 118 var jasonUserDoc = CouchDB.prepareUserDoc({
121 119 username: "jason",
122 120 roles: ["test"]
1  share/www/script/test/users_db.js
@@ -43,6 +43,7 @@ couchTests.users_db = function(debug) {
43 43 }
44 44 });
45 45 T(s.name == "jchris@apache.org");
  46 + T(s.user_doc._id == "org.couchdb.user:jchris@apache.org")
46 47 T(s.info.authenticated == "{couch_httpd_auth, default_authentication_handler}");
47 48 T(s.info.user_db == "test_suite_users");
48 49 TEquals(["{couch_httpd_oauth, oauth_authentication_handler}",
3  src/couchdb/couch_db.hrl
@@ -110,7 +110,8 @@
110 110 {
111 111 name=null,
112 112 roles=[],
113   - handler
  113 + handler,
  114 + user_doc
114 115 }).
115 116
116 117 % This should be updated anytime a header change happens that requires more
2  src/couchdb/couch_httpd.erl
@@ -233,7 +233,7 @@ authenticate_request(#httpd{} = Req, [AuthSrc|Rest]) ->
233 233 AuthFun = make_arity_1_fun(AuthSrc),
234 234 R = case AuthFun(Req) of
235 235 #httpd{user_ctx=#user_ctx{}=UserCtx}=Req2 ->
236   - Req2#httpd{user_ctx=UserCtx#user_ctx{handler=AuthSrc}};
  236 + Req2#httpd{user_ctx=UserCtx#user_ctx{handler=?l2b(AuthSrc)}};
237 237 Else -> Else
238 238 end,
239 239 authenticate_request(R, Rest);
22 src/couchdb/couch_httpd_auth.erl
@@ -75,7 +75,8 @@ default_authentication_handler(Req) ->
75 75 ExpectedHash when ExpectedHash == PasswordHash ->
76 76 Req#httpd{user_ctx=#user_ctx{
77 77 name=?l2b(User),
78   - roles=proplists:get_value(<<"roles">>, UserProps, [])
  78 + roles=proplists:get_value(<<"roles">>, UserProps, []),
  79 + user_doc={UserProps}
79 80 }};
80 81 _Else ->
81 82 throw({unauthorized, <<"Name or password is incorrect.">>})
@@ -114,8 +115,9 @@ get_user(UserName) ->
114 115 UserProps when is_list(UserProps) ->
115 116 DocRoles = proplists:get_value(<<"roles">>, UserProps),
116 117 [{<<"roles">>, [<<"_admin">> | DocRoles]},
117   - {<<"salt">>, ?l2b(Salt)},
118   - {<<"password_sha">>, ?l2b(HashedPwd)}]
  118 + {<<"salt">>, ?l2b(Salt)},
  119 + {<<"password_sha">>, ?l2b(HashedPwd)},
  120 + {<<"user_doc">>, {UserProps}}]
119 121 end;
120 122 Else ->
121 123 get_user_props_from_db(UserName)
@@ -250,8 +252,8 @@ cookie_authentication_handler(#httpd{mochi_req=MochiReq}=Req) ->
250 252 Secret = ?l2b(SecretStr),
251 253 case get_user(?l2b(User)) of
252 254 nil -> Req;
253   - Result ->
254   - UserSalt = proplists:get_value(<<"salt">>, Result, <<"">>),
  255 + UserProps ->
  256 + UserSalt = proplists:get_value(<<"salt">>, UserProps, <<"">>),
255 257 FullSecret = <<Secret/binary, UserSalt/binary>>,
256 258 ExpectedHash = crypto:sha_mac(FullSecret, User ++ ":" ++ TimeStr),
257 259 Hash = ?l2b(string:join(HashParts, ":")),
@@ -264,7 +266,8 @@ cookie_authentication_handler(#httpd{mochi_req=MochiReq}=Req) ->
264 266 ?LOG_DEBUG("Successful cookie auth as: ~p", [User]),
265 267 Req#httpd{user_ctx=#user_ctx{
266 268 name=?l2b(User),
267   - roles=proplists:get_value(<<"roles">>, Result, [])
  269 + roles=proplists:get_value(<<"roles">>, UserProps, []),
  270 + user_doc=proplists:get_value(<<"user_doc">>, UserProps, null)
268 271 }, auth={FullSecret, TimeLeft < Timeout*0.9}};
269 272 _Else ->
270 273 Req
@@ -351,7 +354,8 @@ handle_session_req(#httpd{method='POST', mochi_req=MochiReq}=Req) ->
351 354 {[
352 355 {ok, true},
353 356 {name, proplists:get_value(<<"username">>, User, null)},
354   - {roles, proplists:get_value(<<"roles">>, User, [])}
  357 + {roles, proplists:get_value(<<"roles">>, User, [])},
  358 + {user_doc, proplists:get_value(<<"user_doc">>, User, null)}
355 359 ]});
356 360 _Else ->
357 361 % clear the session
@@ -375,7 +379,7 @@ handle_session_req(#httpd{method='GET', user_ctx=UserCtx}=Req) ->
375 379 {handlers, [?l2b(H) || H <- couch_httpd:make_fun_spec_strs(
376 380 couch_config:get("httpd", "authentication_handlers"))]}
377 381 ] ++ maybe_value(authenticated, UserCtx#user_ctx.handler)}}
378   - ]})
  382 + ] ++ maybe_value(user_doc, UserCtx#user_ctx.user_doc)})
379 383 end;
380 384 % logout by deleting the session
381 385 handle_session_req(#httpd{method='DELETE'}=Req) ->
@@ -391,7 +395,7 @@ handle_session_req(Req) ->
391 395 send_method_not_allowed(Req, "GET,HEAD,POST,DELETE").
392 396
393 397 maybe_value(Key, undefined) -> [];
394   -maybe_value(Key, Else) -> [{Key, ?l2b(Else)}].
  398 +maybe_value(Key, Else) -> [{Key, Else}].
395 399
396 400 to_int(Value) when is_binary(Value) ->
397 401 to_int(?b2l(Value));
1  src/couchdb/couch_httpd_db.erl
@@ -328,6 +328,7 @@ delete_db_req(#httpd{user_ctx=UserCtx}=Req, DbName) ->
328 328
329 329 do_db_req(#httpd{user_ctx=UserCtx,path_parts=[DbName|_]}=Req, Fun) ->
330 330 LDbName = ?b2l(DbName),
  331 + % I hope this lookup is cheap.
331 332 case couch_config:get("couch_httpd_auth", "authentication_db") of
332 333 LDbName ->
333 334 % make sure user's db always has the auth ddoc
2  src/couchdb/couch_httpd_oauth.erl
@@ -36,7 +36,7 @@ oauth_authentication_handler(#httpd{mochi_req=MochiReq}=Req) ->
36 36
37 37 % Look up the consumer key and get the roles to give the consumer
38 38 set_user_ctx(Req, AccessToken) ->
39   - % weird that this is in the config and not a db
  39 + % TODO move to db storage
40 40 Name = case couch_config:get("oauth_token_users", AccessToken) of
41 41 undefined -> throw({bad_request, unknown_oauth_token});
42 42 Value -> ?l2b(Value)
1  src/couchdb/couch_server.erl
@@ -79,7 +79,6 @@ check_dbname(#server{dbname_regexp=RegExp}, DbName) ->
79 79 ok
80 80 end.
81 81
82   -% move to auth?
83 82 is_admin(User, ClearPwd) ->
84 83 case couch_config:get("admins", User) of
85 84 "-hashed-" ++ HashedPwdAndSalt ->

0 comments on commit aa44e25

Please sign in to comment.
Something went wrong with that request. Please try again.