couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From fdman...@apache.org
Subject svn commit: r1075891 - in /couchdb/trunk: share/www/script/test/users_db.js src/couchdb/couch_js_functions.hrl
Date Tue, 01 Mar 2011 16:34:01 GMT
Author: fdmanana
Date: Tue Mar  1 16:34:01 2011
New Revision: 1075891

URL: http://svn.apache.org/viewvc?rev=1075891&view=rev
Log:
Fix authentication failure when a username contains colons

Closes COUCHDB-1072.

Modified:
    couchdb/trunk/share/www/script/test/users_db.js
    couchdb/trunk/src/couchdb/couch_js_functions.hrl

Modified: couchdb/trunk/share/www/script/test/users_db.js
URL: http://svn.apache.org/viewvc/couchdb/trunk/share/www/script/test/users_db.js?rev=1075891&r1=1075890&r2=1075891&view=diff
==============================================================================
--- couchdb/trunk/share/www/script/test/users_db.js (original)
+++ couchdb/trunk/share/www/script/test/users_db.js Tue Mar  1 16:34:01 2011
@@ -111,6 +111,17 @@ couchTests.users_db = function(debug) {
       T(e.reason == "doc.roles must be an array");
     }
     jchrisUserDoc.roles = [];
+
+    // character : is not allowed in usernames
+    var joeUserDoc = CouchDB.prepareUserDoc({
+      name: "joe:erlang"
+    }, "qwerty");
+    try {
+      usersDb.save(joeUserDoc);
+      T(false, "shouldn't allow : in usernames");
+    } catch(e) {
+      TEquals("Character `:` is not allowed in usernames.", e.reason);
+    }
   };
 
   usersDb.deleteDb();

Modified: couchdb/trunk/src/couchdb/couch_js_functions.hrl
URL: http://svn.apache.org/viewvc/couchdb/trunk/src/couchdb/couch_js_functions.hrl?rev=1075891&r1=1075890&r2=1075891&view=diff
==============================================================================
--- couchdb/trunk/src/couchdb/couch_js_functions.hrl (original)
+++ couchdb/trunk/src/couchdb/couch_js_functions.hrl Tue Mar  1 16:34:01 2011
@@ -93,6 +93,15 @@
         if (newDoc.name[0] === '_') {
             throw({forbidden: 'Username may not start with underscore.'});
         }
+
+        var badUserNameChars = [':'];
+
+        for (var i = 0; i < badUserNameChars.length; i++) {
+            if (newDoc.name.indexOf(badUserNameChars[i]) >= 0) {
+                throw({forbidden: 'Character `' + badUserNameChars[i] +
+                        '` is not allowed in usernames.'});
+            }
+        }
     }
 ">>).
 



Mime
View raw message