Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Style cleanup (thanks dch). Add commented-out hash_algorithm to brows…

…erid.ini
  • Loading branch information...
commit 40b3be99301622596128ac4decd8e7c72f72ec0e 1 parent 6ec4b7c
Ryan Ramage ryanramage authored
1  etc/couchdb/default.d/browserid.ini
View
@@ -5,6 +5,7 @@
enabled = false
verify_url = https://verifier.login.persona.org/verify
audience = http://example.com
+; hash_algorithm = <choose one of: none, hmac, gravatar. If hmac, set hash_secret below >
; hash_secret = <long crypto-random string, e.g. from https://api.wordpress.org/secret-key/1.1/>
[httpd_global_handlers]
29 src/couch_httpd_browserid.erl
View
@@ -24,17 +24,10 @@
%% * Do something sane with providers other than browserid.org
% hash_if_required looks for hash_algorithm in browserid section of config
-% If it exist and isn't an empty string, uses that algorithm.
-% If it does not exist, check hmac to provide backward compatibility.
+% if not found, default to hmac to keep backward compat.
hash_if_required(Email) -> ok
- , Algo = couch_config:get("browserid", "hash_algorithm", undefined)
- , case Algo
- of undefined -> ok
- , hash_if_required(hmac, Email)
- ; Algorithm -> ok
- , hash_if_required(Algorithm, Email)
- end
- .
+ , Algorithm = couch_config:get("browserid", "hash_algorithm", hmac)
+ , hash_if_required(Algorithm, Email).
% hash_if_required (hmac) looks for hash_secret in browserid section of config
% If it exist and isn't an empty string, uses it as hmac key according to code from
@@ -44,7 +37,7 @@ hash_if_required(Email) -> ok
% If you use hash_secret, make sure the string is long enough and cryptographically random
% Tip: use one of the strings from https://api.wordpress.org/secret-key/1.1/ :)
-hash_if_required(hmac, Email) ->ok
+hash_if_required(hmac, Email) -> ok
, Hashkey = couch_config:get("browserid", "hash_secret", undefined)
, case Hashkey
of undefined -> ok
@@ -57,28 +50,22 @@ hash_if_required(hmac, Email) ->ok
% hash_if_required (gravatar) looks provides the same hasing as gravatar,
% and is based on the code from https://github.com/kanso/gravatar/blob/master/gravatar.js#L17
-hash_if_required(gravatar, Email) ->ok
+hash_if_required(gravatar, Email) -> ok
, Trim = re:replace(Email, "(^\\s+)|(\\s+$)", "", [global,{return,list}])
, Lower = string:to_lower(Trim)
, <<Md5:128/integer>> = crypto:md5(Lower)
, ?l2b(lists:flatten(io_lib:format("~40.16.0b", [Md5])))
;
-% hash_if_required (none) returns the Email
-hash_if_required(none, Email) -> ok
- , hash_not_required(Email)
- ;
+hash_if_required(none, Email) -> Email;
% hash_if_required (_) returns the Email, and warns user.
hash_if_required(_, Email) -> ok
- , Message = <<"Invalid hash_algorithm specified. Using none for hashing.">>
+ , Message = <<"No hash_algorithm specified. Not using hash email address.">>
, ?LOG_ERROR("~s", [Message])
- , hash_not_required(Email)
+ , hash_if_required(none, Email)
.
-hash_not_required(Email) ->ok
- , Email.
-
handle_id_req(#httpd{method='GET'}=Req) -> ok
, case code:priv_dir(browserid_couchdb)
Please sign in to comment.
Something went wrong with that request. Please try again.