couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j..@apache.org
Subject [17/27] git commit: Support auth cookies with : characters
Date Thu, 06 Dec 2012 21:06:54 GMT
Support auth cookies with : characters

The parts of a couchdb authentication cookie are separated by
colons. One of these parts can contain colons and, more rarely, runs
of colons. The string:tokens function silently drops any empty token,
thus giving a spurious failure for valid input. The fix changes this
mechanism to one that losslessly decodes this part.

COUCHDB-1607


Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/d9566c83
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/d9566c83
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/d9566c83

Branch: refs/heads/1597-update-erlang-oauth-1-3-0
Commit: d9566c831d002be16f866f0065a905bc23773cf9
Parents: 2774531
Author: Robert Newson <rnewson@apache.org>
Authored: Sun Nov 18 19:02:07 2012 +0000
Committer: Robert Newson <rnewson@apache.org>
Committed: Sun Nov 18 19:02:07 2012 +0000

----------------------------------------------------------------------
 src/couchdb/couch_httpd_auth.erl |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb/blob/d9566c83/src/couchdb/couch_httpd_auth.erl
----------------------------------------------------------------------
diff --git a/src/couchdb/couch_httpd_auth.erl b/src/couchdb/couch_httpd_auth.erl
index 0b4ba8f..5226a56 100644
--- a/src/couchdb/couch_httpd_auth.erl
+++ b/src/couchdb/couch_httpd_auth.erl
@@ -160,7 +160,7 @@ cookie_authentication_handler(#httpd{mochi_req=MochiReq}=Req) ->
     Cookie ->
         [User, TimeStr | HashParts] = try
             AuthSession = couch_util:decodeBase64Url(Cookie),
-            [_A, _B | _Cs] = string:tokens(?b2l(AuthSession), ":")
+            [_A, _B | _Cs] = re:split(?b2l(AuthSession), ":", [{return, list}])
         catch
             _:_Error ->
                 Reason = <<"Malformed AuthSession cookie. Please clear your cookies.">>,


Mime
View raw message