couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rnew...@apache.org
Subject [02/13] couch commit: updated refs/heads/master to 311ba94
Date Wed, 12 Aug 2015 15:54:02 GMT
Don't guess authentication handler name


Project: http://git-wip-us.apache.org/repos/asf/couchdb-couch/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-couch/commit/760832da
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-couch/tree/760832da
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-couch/diff/760832da

Branch: refs/heads/master
Commit: 760832daf8b74d9d36c9bda4c15b2a782c2ff2b4
Parents: 553ab08
Author: ILYA Khlopotov <iilyak@ca.ibm.com>
Authored: Wed Jul 29 12:11:50 2015 -0700
Committer: ILYA Khlopotov <iilyak@ca.ibm.com>
Committed: Tue Aug 11 11:44:44 2015 -0700

----------------------------------------------------------------------
 include/couch_db.hrl     |  4 ++--
 src/couch_httpd.erl      | 39 ++++++++++++++-------------------------
 src/couch_httpd_auth.erl | 22 ++++++++++++++--------
 3 files changed, 30 insertions(+), 35 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb-couch/blob/760832da/include/couch_db.hrl
----------------------------------------------------------------------
diff --git a/include/couch_db.hrl b/include/couch_db.hrl
index 5a365a1..3f3b1d8 100644
--- a/include/couch_db.hrl
+++ b/include/couch_db.hrl
@@ -91,10 +91,10 @@
     design_url_handlers,
     auth,
     default_fun,
-    url_handlers
+    url_handlers,
+    authentication_handlers = []
 }).
 
-
 -record(doc, {
     id = <<"">>,
     revs = {0, []},

http://git-wip-us.apache.org/repos/asf/couchdb-couch/blob/760832da/src/couch_httpd.erl
----------------------------------------------------------------------
diff --git a/src/couch_httpd.erl b/src/couch_httpd.erl
index 16fffcd..dc01ea2 100644
--- a/src/couch_httpd.erl
+++ b/src/couch_httpd.erl
@@ -32,6 +32,8 @@
 -export([http_1_0_keep_alive/2]).
 -export([validate_host/1]).
 
+-define(HANDLER_NAME_IN_MODULE_POS, 6).
+
 start_link() ->
     start_link(http).
 start_link(http) ->
@@ -161,8 +163,14 @@ set_auth_handlers() ->
     AuthenticationSrcs = make_fun_spec_strs(
         config:get("httpd", "authentication_handlers", "")),
     AuthHandlers = lists:map(
-        fun(A) -> {make_arity_1_fun(A), ?l2b(A)} end, AuthenticationSrcs),
-    ok = application:set_env(couch, auth_handlers, AuthHandlers).
+        fun(A) -> {auth_handler_name(A), make_arity_1_fun(A)} end, AuthenticationSrcs),
+    AuthenticationFuns = AuthHandlers ++ [
+        {<<"local">>, fun couch_httpd_auth:party_mode_handler/1} %% should be
last
+    ],
+    ok = application:set_env(couch, auth_handlers, AuthenticationFuns).
+
+auth_handler_name(SpecStr) ->
+    lists:nth(?HANDLER_NAME_IN_MODULE_POS, re:split(SpecStr, "[\\W_]", [])).
 
 % SpecStr is a string like "{my_module, my_fun}"
 %  or "{my_module, my_fun, <<"my_arg">>}"
@@ -290,7 +298,6 @@ handle_request_int(MochiReq, DefaultFun,
     },
 
     HandlerFun = couch_util:dict_find(HandlerKey, UrlHandlers, DefaultFun),
-    {ok, AuthHandlers} = application:get_env(couch, auth_handlers),
 
     {ok, Resp} =
     try
@@ -299,7 +306,7 @@ handle_request_int(MochiReq, DefaultFun,
         check_request_uri_length(RawUri),
         case couch_httpd_cors:is_preflight_request(HttpReq) of
         #httpd{} ->
-            case authenticate_request(HttpReq, AuthHandlers) of
+            case authenticate_request(HttpReq) of
             #httpd{} = Req ->
                 HandlerFun(Req);
             Response ->
@@ -401,27 +408,9 @@ check_request_uri_length(Uri, MaxUriLen) when is_list(MaxUriLen) ->
             ok
     end.
 
-% Try authentication handlers in order until one sets a user_ctx
-% the auth funs also have the option of returning a response
-% move this to couch_httpd_auth?
-authenticate_request(#httpd{user_ctx=#user_ctx{}} = Req, _AuthHandlers) ->
-    Req;
-authenticate_request(#httpd{} = Req, []) ->
-    case config:get("couch_httpd_auth", "require_valid_user", "false") of
-    "true" ->
-        throw({unauthorized, <<"Authentication required.">>});
-    "false" ->
-        Req#httpd{user_ctx=#user_ctx{}}
-    end;
-authenticate_request(#httpd{} = Req, [{AuthFun, AuthSrc} | RestAuthHandlers]) ->
-    R = case AuthFun(Req) of
-        #httpd{user_ctx=#user_ctx{}=UserCtx}=Req2 ->
-            Req2#httpd{user_ctx=UserCtx#user_ctx{handler=AuthSrc}};
-        Else -> Else
-    end,
-    authenticate_request(R, RestAuthHandlers);
-authenticate_request(Response, _AuthSrcs) ->
-    Response.
+authenticate_request(Req) ->
+    {ok, AuthenticationFuns} = application:get_env(couch, auth_handlers),
+    chttpd:authenticate_request(Req, couch_auth_cache, AuthenticationFuns).
 
 increment_method_stats(Method) ->
     couch_stats:increment_counter([couchdb, httpd_request_methods, Method]).

http://git-wip-us.apache.org/repos/asf/couchdb-couch/blob/760832da/src/couch_httpd_auth.erl
----------------------------------------------------------------------
diff --git a/src/couch_httpd_auth.erl b/src/couch_httpd_auth.erl
index 0e78946..e867b01 100644
--- a/src/couch_httpd_auth.erl
+++ b/src/couch_httpd_auth.erl
@@ -13,6 +13,8 @@
 -module(couch_httpd_auth).
 -include_lib("couch/include/couch_db.hrl").
 
+-export([party_mode_handler/1]).
+
 -export([default_authentication_handler/1, default_authentication_handler/2,
 	 special_test_authentication_handler/1]).
 -export([cookie_authentication_handler/1, cookie_authentication_handler/2]).
@@ -24,12 +26,20 @@
 -export([authenticate/2, verify_totp/2, maybe_upgrade_password_hash/6]).
 -export([ensure_cookie_auth_secret/0, make_cookie_time/0]).
 -export([cookie_auth_cookie/4, cookie_scheme/1]).
--export([auth_name/1, maybe_value/3]).
+-export([maybe_value/3]).
 
 -import(couch_httpd, [header_value/2, send_json/2,send_json/4, send_method_not_allowed/2]).
 
 -compile({no_auto_import,[integer_to_binary/1, integer_to_binary/2]}).
 
+party_mode_handler(Req) ->
+    case config:get("couch_httpd_auth", "require_valid_user", "false") of
+    "true" ->
+        throw({unauthorized, <<"Authentication required.">>});
+    "false" ->
+        Req#httpd{user_ctx=#user_ctx{}}
+    end.
+
 special_test_authentication_handler(Req) ->
     case header_value(Req, "WWW-Authenticate") of
     "X-Couch-Test-Auth " ++ NamePass ->
@@ -346,10 +356,10 @@ handle_session_req(#httpd{method='GET', user_ctx=UserCtx}=Req, _AuthModule)
->
                 ]}},
                 {info, {[
                     {authentication_db, ?l2b(config:get("couch_httpd_auth", "authentication_db"))},
-                    {authentication_handlers, [auth_name(H) || H <- couch_httpd:make_fun_spec_strs(
-                            config:get("httpd", "authentication_handlers"))]}
+                    {authentication_handlers, [
+                       N || {N, _Fun} <- Req#httpd.authentication_handlers]}
                 ] ++ maybe_value(authenticated, UserCtx#user_ctx.handler, fun(Handler) ->
-                        auth_name(?b2l(Handler))
+                        Handler
                     end)}}
             ]})
     end;
@@ -418,10 +428,6 @@ verify_iterations(Iterations) when is_integer(Iterations) ->
             ok
     end.
 
-auth_name(String) when is_list(String) ->
-    [_,_,_,_,_,Name|_] = re:split(String, "[\\W_]", [{return, list}]),
-    ?l2b(Name).
-
 make_cookie_time() ->
     {NowMS, NowS, _} = os:timestamp(),
     NowMS * 1000000 + NowS.


Mime
View raw message