couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j..@apache.org
Subject svn commit: r810436 - in /couchdb/branches/0.10.x: ./ etc/default/couchdb share/www/script/test/cookie_auth.js src/couchdb/couch_httpd_auth.erl
Date Wed, 02 Sep 2009 09:39:20 GMT
Author: jan
Date: Wed Sep  2 09:39:20 2009
New Revision: 810436

URL: http://svn.apache.org/viewvc?rev=810436&view=rev
Log:
merge r810435: use the same password hash calculation for user creation via ini file and user
db, patch by Benoit Chesneau, closes COUCHDB-492

Modified:
    couchdb/branches/0.10.x/   (props changed)
    couchdb/branches/0.10.x/etc/default/couchdb   (props changed)
    couchdb/branches/0.10.x/share/www/script/test/cookie_auth.js
    couchdb/branches/0.10.x/src/couchdb/couch_httpd_auth.erl

Propchange: couchdb/branches/0.10.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Sep  2 09:39:20 2009
@@ -3,4 +3,4 @@
 /couchdb/branches/form:729440-730015
 /couchdb/branches/list-iterator:782292-784593
 /couchdb/branches/tail_header:775760-778477
-/couchdb/trunk:806983,807208-807478,807771,808574,808632,808716,808876,809134,810350,810358
+/couchdb/trunk:806983,807208-807478,807771,808574,808632,808716,808876,809134,809977,810015,810028,810350,810358,810435

Propchange: couchdb/branches/0.10.x/etc/default/couchdb
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Sep  2 09:39:20 2009
@@ -3,5 +3,5 @@
 /couchdb/branches/form/etc/default/couchdb:729440-730015
 /couchdb/branches/list-iterator/etc/default/couchdb:782292-784593
 /couchdb/branches/tail_header/etc/default/couchdb:775760-778477
-/couchdb/trunk/etc/default/couchdb:806983,807208-807478,807771,808574,808632,808716,808876,809134,810350,810358
+/couchdb/trunk/etc/default/couchdb:806983,807208-807478,807771,808574,808632,808716,808876,809134,809977,810015,810028,810350,810358,810435
 /incubator/couchdb/trunk/etc/default/couchdb:642419-694440

Modified: couchdb/branches/0.10.x/share/www/script/test/cookie_auth.js
URL: http://svn.apache.org/viewvc/couchdb/branches/0.10.x/share/www/script/test/cookie_auth.js?rev=810436&r1=810435&r2=810436&view=diff
==============================================================================
--- couchdb/branches/0.10.x/share/www/script/test/cookie_auth.js (original)
+++ couchdb/branches/0.10.x/share/www/script/test/cookie_auth.js Wed Sep  2 09:39:20 2009
@@ -40,7 +40,7 @@
       T(usersDb.save({
         _id: "a1",
         salt: "123",
-        password_sha: "8da1CtkFvb58LWrnup5chgdZVUs=",
+        password_sha: hex_sha1(password + "123"),
         username: "Jason Davies",
         author: "Jason Davies",
         type: "user",

Modified: couchdb/branches/0.10.x/src/couchdb/couch_httpd_auth.erl
URL: http://svn.apache.org/viewvc/couchdb/branches/0.10.x/src/couchdb/couch_httpd_auth.erl?rev=810436&r1=810435&r2=810436&view=diff
==============================================================================
--- couchdb/branches/0.10.x/src/couchdb/couch_httpd_auth.erl (original)
+++ couchdb/branches/0.10.x/src/couchdb/couch_httpd_auth.erl Wed Sep  2 09:39:20 2009
@@ -48,7 +48,6 @@
     AuthorizationHeader = header_value(Req, "Authorization"),
     case AuthorizationHeader of
     "Basic " ++ Base64Value ->
-        io:format("~n~nBase64Value: '~p'~n~n", [Base64Value]),
         case string:tokens(?b2l(couch_util:decodeBase64(Base64Value)),":") of
         [User, Pass] ->
             {User, Pass};
@@ -285,6 +284,9 @@
         couch_util:encodeBase64Url(SessionData ++ ":" ++ ?b2l(Hash)),
         [{path, "/"}, {http_only, true}]). % TODO add {secure, true} when SSL is detected
 
+hash_password(Password, Salt) ->
+    ?l2b(couch_util:to_hex(crypto:sha(<<Password/binary, Salt/binary>>))).
+
 % Login handler with user db
 handle_login_req(#httpd{method='POST', mochi_req=MochiReq}=Req, #db{}=Db) ->
     ReqBody = MochiReq:recv_body(),
@@ -301,7 +303,7 @@
         Result -> Result
     end,
     UserSalt = proplists:get_value(<<"salt">>, User, <<>>),
-    PasswordHash = couch_util:encodeBase64(crypto:sha(<<UserSalt/binary, Password/binary>>)),
+    PasswordHash = hash_password(Password, UserSalt),
     case proplists:get_value(<<"password_sha">>, User, nil) of
         ExpectedHash when ExpectedHash == PasswordHash ->
             Secret = ?l2b(couch_config:get("couch_httpd_auth", "secret", nil)),
@@ -380,7 +382,7 @@
         end,
             
         UserSalt = couch_util:new_uuid(),
-        PasswordHash = couch_util:encodeBase64(crypto:sha(<<UserSalt/binary, Password/binary>>)),
+        PasswordHash = hash_password(Password, UserSalt),
         DocId = couch_util:new_uuid(),
         {ok, UserDoc} = user_doc(DocId, UserName, UserSalt, PasswordHash, Email, Active,
Roles1),
         {ok, _Rev} = couch_db:update_doc(Db, UserDoc, []),
@@ -435,7 +437,7 @@
             Hash = case Password of
                 <<>> -> CurrentPasswordHash;
                 _Else ->
-                    H = couch_util:encodeBase64(crypto:sha(<<UserSalt/binary, Password/binary>>)),
+                    H = hash_password(Password, UserSalt),
                     H
                 end,
             Hash;
@@ -447,11 +449,11 @@
                 _P when length(OldPassword) == 0 ->
                     throw({forbidden, <<"Old password is incorrect.">>});
                 _Else ->
-                    OldPasswordHash = couch_util:encodeBase64(crypto:sha(<<UserSalt/binary,
OldPassword1/binary>>)),
+                    OldPasswordHash = hash_password(OldPassword1, UserSalt),
                     ?LOG_DEBUG("~p == ~p", [CurrentPasswordHash, OldPasswordHash]),
                     Hash1 = case CurrentPasswordHash of
                         ExpectedHash when ExpectedHash == OldPasswordHash ->
-                            H = couch_util:encodeBase64(crypto:sha(<<UserSalt/binary,
Password/binary>>)),
+                            H = hash_password(Password, UserSalt),
                             H;
                         _ ->
                             throw({forbidden, <<"Old password is incorrect.">>})



Mime
View raw message