couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j..@apache.org
Subject [1/2] git commit: updated refs/heads/master to 6ce887f
Date Wed, 07 Aug 2013 14:24:56 GMT
Updated Branches:
  refs/heads/master 0373c8184 -> 6ce887fad


add `users_db_public` config var


Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/6ce887fa
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/6ce887fa
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/6ce887fa

Branch: refs/heads/master
Commit: 6ce887fadc04cd06d7c09291df17799d63429b17
Parents: b4480fa
Author: Jan Lehnardt <jan@apache.org>
Authored: Wed Aug 7 15:45:16 2013 +0200
Committer: Jan Lehnardt <jan@apache.org>
Committed: Wed Aug 7 16:24:29 2013 +0200

----------------------------------------------------------------------
 share/www/script/test/users_db_security.js | 42 +++++++++++++++++++++++++
 src/couch_mrview/src/couch_mrview_http.erl | 12 ++++---
 2 files changed, 49 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb/blob/6ce887fa/share/www/script/test/users_db_security.js
----------------------------------------------------------------------
diff --git a/share/www/script/test/users_db_security.js b/share/www/script/test/users_db_security.js
index 2ab5fe0..888ed00 100644
--- a/share/www/script/test/users_db_security.js
+++ b/share/www/script/test/users_db_security.js
@@ -269,6 +269,11 @@ couchTests.users_db_security = function(debug) {
           value: "name,type"
         },
         {
+          section: "couch_httpd_auth",
+          key: "users_db_public",
+          value: "true"
+        },
+        {
           section: "admins",
           key: "jan",
           value: "apple"
@@ -282,6 +287,8 @@ couchTests.users_db_security = function(debug) {
         TEquals(undefined, res.password_scheme);
         TEquals(undefined, res.derived_key);
 
+        TEquals(true, CouchDB.login("jchris", "couch").ok);
+
         var all = usersDb.allDocs({ include_docs: true });
         T(all.rows);
         if (all.rows) {
@@ -303,6 +310,41 @@ couchTests.users_db_security = function(debug) {
       // log in one last time so run_on_modified_server can clean up the admin account
       TEquals(true, CouchDB.login("jan", "apple").ok);
     });
+
+    run_on_modified_server([
+      {
+        section: "couch_httpd_auth",
+        key: "iterations",
+        value: "1"
+      },
+      {
+        section: "couch_httpd_auth",
+        key: "public_fields",
+        value: "name,type"
+      },
+      {
+        section: "couch_httpd_auth",
+        key: "users_db_public",
+        value: "false"
+      },
+      {
+        section: "admins",
+        key: "jan",
+        value: "apple"
+      }
+    ], function() {
+      TEquals(true, CouchDB.login("jchris", "couch").ok);
+
+      try {
+        var all = usersDb.allDocs({ include_docs: true });
+        T(false); // should never hit
+      } catch(e) {
+        TEquals("forbidden", e.error, "should throw");
+      }
+
+      // log in one last time so run_on_modified_server can clean up the admin account
+      TEquals(true, CouchDB.login("jan", "apple").ok);
+    });
   };
 
   usersDb.deleteDb();

http://git-wip-us.apache.org/repos/asf/couchdb/blob/6ce887fa/src/couch_mrview/src/couch_mrview_http.erl
----------------------------------------------------------------------
diff --git a/src/couch_mrview/src/couch_mrview_http.erl b/src/couch_mrview/src/couch_mrview_http.erl
index 61db4c0..6e571f3 100644
--- a/src/couch_mrview/src/couch_mrview_http.erl
+++ b/src/couch_mrview/src/couch_mrview_http.erl
@@ -111,12 +111,14 @@ all_docs_req(Req, Db, Keys) ->
                                   "authentication_db",
                                   "_users") of
             DbName ->
-                case couch_config:get("couch_httpd_auth", "public_fields") of
-                undefined ->
+                UsersDbPublic = couch_config:get("couch_httpd_auth", "users_db_public", "false"),
+                PublicFields = couch_config:get("couch_httpd_auth", "public_fields"),
+                case {UsersDbPublic, PublicFields} of
+                {"true", PublicFields} when PublicFields =/= undefined ->
+                    do_all_docs_req(Req, Db, Keys);
+                {_, _} ->
                     throw({forbidden, <<"Only admins can access _all_docs",
-                                        " of system databases.">>});
-                _ ->
-                    do_all_docs_req(Req, Db, Keys)
+                                        " of system databases.">>})
                 end;
             _ ->
                 throw({forbidden, <<"Only admins can access _all_docs",


Mime
View raw message