Permalink
Browse files

cleanup patch for merge to trunk

git-svn-id: https://svn.apache.org/repos/asf/couchdb/branches/account@896982 13f79535-47bb-0310-9956-ffa450edef68
  • Loading branch information...
1 parent 3a1f041 commit aa44e253f47089e249612c496df85798922ac546 @jchris jchris committed Jan 7, 2010
View
7 share/www/script/couch_test_runner.js
@@ -164,10 +164,13 @@ function setupAdminParty(fun) {
}, "admins");
}
});
- } else {
- // not a logged in admin.
+ } else if (userCtx.roles.indexOf("_admin") != -1) {
+ // admin party!
readyToRun = true;
fun();
+ } else {
+ // not an admin
+ alert("Error: You need to be an admin to run the tests.");
};
}
});
View
1 share/www/script/jquery.couch.js
@@ -136,7 +136,6 @@
},
logout: function(options) {
options = options || {};
- // TODO this should also login as the logged-out guy using basic auth
$.ajax({
type: "DELETE", url: "/_session", dataType: "json",
username : "_", password : "_",
View
2 share/www/script/test/oauth.js
@@ -115,8 +115,6 @@ couchTests.oauth = function(debug) {
usersDb.createDb();
// Create a user
- // T(CouchDB.createUser("jason", "testpassword", "test@somemail.com", ['test'], adminBasicAuthHeaderValue()).ok);
- // Create a user
var jasonUserDoc = CouchDB.prepareUserDoc({
username: "jason",
roles: ["test"]
View
1 share/www/script/test/users_db.js
@@ -43,6 +43,7 @@ couchTests.users_db = function(debug) {
}
});
T(s.name == "jchris@apache.org");
+ T(s.user_doc._id == "org.couchdb.user:jchris@apache.org")
T(s.info.authenticated == "{couch_httpd_auth, default_authentication_handler}");
T(s.info.user_db == "test_suite_users");
TEquals(["{couch_httpd_oauth, oauth_authentication_handler}",
View
3 src/couchdb/couch_db.hrl
@@ -110,7 +110,8 @@
{
name=null,
roles=[],
- handler
+ handler,
+ user_doc
}).
% This should be updated anytime a header change happens that requires more
View
2 src/couchdb/couch_httpd.erl
@@ -233,7 +233,7 @@ authenticate_request(#httpd{} = Req, [AuthSrc|Rest]) ->
AuthFun = make_arity_1_fun(AuthSrc),
R = case AuthFun(Req) of
#httpd{user_ctx=#user_ctx{}=UserCtx}=Req2 ->
- Req2#httpd{user_ctx=UserCtx#user_ctx{handler=AuthSrc}};
+ Req2#httpd{user_ctx=UserCtx#user_ctx{handler=?l2b(AuthSrc)}};
Else -> Else
end,
authenticate_request(R, Rest);
View
22 src/couchdb/couch_httpd_auth.erl
@@ -75,7 +75,8 @@ default_authentication_handler(Req) ->
ExpectedHash when ExpectedHash == PasswordHash ->
Req#httpd{user_ctx=#user_ctx{
name=?l2b(User),
- roles=proplists:get_value(<<"roles">>, UserProps, [])
+ roles=proplists:get_value(<<"roles">>, UserProps, []),
+ user_doc={UserProps}
}};
_Else ->
throw({unauthorized, <<"Name or password is incorrect.">>})
@@ -114,8 +115,9 @@ get_user(UserName) ->
UserProps when is_list(UserProps) ->
DocRoles = proplists:get_value(<<"roles">>, UserProps),
[{<<"roles">>, [<<"_admin">> | DocRoles]},
- {<<"salt">>, ?l2b(Salt)},
- {<<"password_sha">>, ?l2b(HashedPwd)}]
+ {<<"salt">>, ?l2b(Salt)},
+ {<<"password_sha">>, ?l2b(HashedPwd)},
+ {<<"user_doc">>, {UserProps}}]
end;
Else ->
get_user_props_from_db(UserName)
@@ -250,8 +252,8 @@ cookie_authentication_handler(#httpd{mochi_req=MochiReq}=Req) ->
Secret = ?l2b(SecretStr),
case get_user(?l2b(User)) of
nil -> Req;
- Result ->
- UserSalt = proplists:get_value(<<"salt">>, Result, <<"">>),
+ UserProps ->
+ UserSalt = proplists:get_value(<<"salt">>, UserProps, <<"">>),
FullSecret = <<Secret/binary, UserSalt/binary>>,
ExpectedHash = crypto:sha_mac(FullSecret, User ++ ":" ++ TimeStr),
Hash = ?l2b(string:join(HashParts, ":")),
@@ -264,7 +266,8 @@ cookie_authentication_handler(#httpd{mochi_req=MochiReq}=Req) ->
?LOG_DEBUG("Successful cookie auth as: ~p", [User]),
Req#httpd{user_ctx=#user_ctx{
name=?l2b(User),
- roles=proplists:get_value(<<"roles">>, Result, [])
+ roles=proplists:get_value(<<"roles">>, UserProps, []),
+ user_doc=proplists:get_value(<<"user_doc">>, UserProps, null)
}, auth={FullSecret, TimeLeft < Timeout*0.9}};
_Else ->
Req
@@ -351,7 +354,8 @@ handle_session_req(#httpd{method='POST', mochi_req=MochiReq}=Req) ->
{[
{ok, true},
{name, proplists:get_value(<<"username">>, User, null)},
- {roles, proplists:get_value(<<"roles">>, User, [])}
+ {roles, proplists:get_value(<<"roles">>, User, [])},
+ {user_doc, proplists:get_value(<<"user_doc">>, User, null)}
]});
_Else ->
% clear the session
@@ -375,7 +379,7 @@ handle_session_req(#httpd{method='GET', user_ctx=UserCtx}=Req) ->
{handlers, [?l2b(H) || H <- couch_httpd:make_fun_spec_strs(
couch_config:get("httpd", "authentication_handlers"))]}
] ++ maybe_value(authenticated, UserCtx#user_ctx.handler)}}
- ]})
+ ] ++ maybe_value(user_doc, UserCtx#user_ctx.user_doc)})
end;
% logout by deleting the session
handle_session_req(#httpd{method='DELETE'}=Req) ->
@@ -391,7 +395,7 @@ handle_session_req(Req) ->
send_method_not_allowed(Req, "GET,HEAD,POST,DELETE").
maybe_value(Key, undefined) -> [];
-maybe_value(Key, Else) -> [{Key, ?l2b(Else)}].
+maybe_value(Key, Else) -> [{Key, Else}].
to_int(Value) when is_binary(Value) ->
to_int(?b2l(Value));
View
1 src/couchdb/couch_httpd_db.erl
@@ -328,6 +328,7 @@ delete_db_req(#httpd{user_ctx=UserCtx}=Req, DbName) ->
do_db_req(#httpd{user_ctx=UserCtx,path_parts=[DbName|_]}=Req, Fun) ->
LDbName = ?b2l(DbName),
+ % I hope this lookup is cheap.
case couch_config:get("couch_httpd_auth", "authentication_db") of
LDbName ->
% make sure user's db always has the auth ddoc
View
2 src/couchdb/couch_httpd_oauth.erl
@@ -36,7 +36,7 @@ oauth_authentication_handler(#httpd{mochi_req=MochiReq}=Req) ->
% Look up the consumer key and get the roles to give the consumer
set_user_ctx(Req, AccessToken) ->
- % weird that this is in the config and not a db
+ % TODO move to db storage
Name = case couch_config:get("oauth_token_users", AccessToken) of
undefined -> throw({bad_request, unknown_oauth_token});
Value -> ?l2b(Value)
View
1 src/couchdb/couch_server.erl
@@ -79,7 +79,6 @@ check_dbname(#server{dbname_regexp=RegExp}, DbName) ->
ok
end.
-% move to auth?
is_admin(User, ClearPwd) ->
case couch_config:get("admins", User) of
"-hashed-" ++ HashedPwdAndSalt ->

0 comments on commit aa44e25

Please sign in to comment.