Skip to content
This repository has been archived by the owner on Aug 11, 2021. It is now read-only.

Commit

Permalink
Browse files Browse the repository at this point in the history
auth logic is now comprehensible
  • Loading branch information
othiym23 committed Aug 30, 2014
1 parent c2ba4a7 commit 9d88b46
Showing 1 changed file with 17 additions and 5 deletions.
22 changes: 17 additions & 5 deletions lib/request.js
Expand Up @@ -41,12 +41,16 @@ function regRequest (method, uri, options, cb_) {
}

var adduserChange = /^\/?-\/user\/org\.couchdb\.user:([^\/]+)\/-rev/
, uc = where.match(adduserChange)
, isUserChange = where.match(adduserChange)
, adduserNew = /^\/?-\/user\/org\.couchdb\.user:([^\/]+)/
, nu = where.match(adduserNew)
, isNewUser = where.match(adduserNew)
, alwaysAuth = this.conf.get("always-auth")
, isDel = method === "DELETE"
, isWrite = what || isDel
, isDelete = method === "DELETE"
, isWrite = what || isDelete

if (isUserChange && !isWrite) {
return cb(new Error("trying to change user document without writing(?!)"))
}

// resolve to a full url on the registry
if (!where.match(/^https?:\/\//)) {
Expand All @@ -73,7 +77,15 @@ function regRequest (method, uri, options, cb_) {
this.log.verbose("request", "after pass 2, where is", where)
}

var authed = (alwaysAuth || isWrite) && !nu || uc || isDel
// most of the time we don't want to auth
var authed = false
// new users can *not* use auth, because they don't *have* auth yet
if (isNewUser) {
authed = false
}
else if (alwaysAuth || isWrite) {
authed = true
}
if (!authed) this.log.verbose("request", "no auth needed")

var self = this
Expand Down

0 comments on commit 9d88b46

Please sign in to comment.