Mailing-List: contact commits-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@couchdb.apache.org
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: jan@apache.org
To: commits@couchdb.apache.org
Message-Id: <1d548d5b79804db18cadd40c332a9321@git.apache.org>
Subject: chttpd commit: updated refs/heads/fix-users-doc-in-conflict to
 9100e32 [Forced Update!]
Date: Mon, 25 Apr 2016 16:29:16 +0000 (UTC)

Repository: couchdb-chttpd
Updated Branches:
  refs/heads/fix-users-doc-in-conflict 1a1ba2a29 -> 9100e321d (forced update)


restore 1.x behaviour: user docs in conflict cannot login

Adds config option chttpd_auth/allow_conflicted_user_docs to toggle
this behaviour. The default is to not allow conflicted user docs to
log in successfully.


Project: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/commit/9100e321
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/tree/9100e321
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/diff/9100e321

Branch: refs/heads/fix-users-doc-in-conflict
Commit: 9100e321d43690f448895371af83971358793a1a
Parents: 1ca8642
Author: Jan Lehnardt <jan@apache.org>
Authored: Sun Apr 24 01:28:32 2016 +0200
Committer: Jan Lehnardt <jan@apache.org>
Committed: Mon Apr 25 18:29:07 2016 +0200

----------------------------------------------------------------------
 src/chttpd_auth_cache.erl | 32 +++++++++++++++++++++++++++-----
 1 file changed, 27 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/blob/9100e321/src/chttpd_auth_cache.erl
----------------------------------------------------------------------
diff --git a/src/chttpd_auth_cache.erl b/src/chttpd_auth_cache.erl
index 8a64ae7..8f0c576 100644
--- a/src/chttpd_auth_cache.erl
+++ b/src/chttpd_auth_cache.erl
@@ -48,10 +48,7 @@ get_user_creds(_Req, UserName) when is_binary(UserName) ->
 	        couch_util:get_value(<<"roles">>, UserProps))
         end
     end,
-    case Resp of
-        nil -> nil;
-        _ -> {ok, Resp, nil}
-    end.
+    maybe_validate_user_creds(Resp).
 
 update_user_creds(_Req, UserDoc, _Ctx) ->
     {_, Ref} = spawn_monitor(fun() ->
@@ -163,7 +160,7 @@ changes_callback({error, _}, EndSeq) ->
     exit({seq, EndSeq}).
 
 load_user_from_db(UserName) ->
-    try fabric:open_doc(dbname(), docid(UserName), [?ADMIN_CTX, ejson_body]) of
+    try fabric:open_doc(dbname(), docid(UserName), [?ADMIN_CTX, ejson_body, conflicts]) of
 	{ok, Doc} ->
 	    {Props} = couch_doc:to_json_obj(Doc, []),
 	    Props;
@@ -209,3 +206,28 @@ update_doc_ignoring_conflict(DbName, Doc, Options) ->
         throw:conflict ->
             ok
     end.
+
+maybe_validate_user_creds(nil) ->
+    nil;
+maybe_validate_user_creds(UserCreds) ->
+    AllowConflictedUserDocs = config:get_boolean("chttpd_auth", "allow_conflicted_user_docs", false),
+    maybe_validate_user_creds(UserCreds, AllowConflictedUserDocs).
+
+maybe_validate_user_creds(UserCreds, false) ->
+    {ok, UserCreds, nil};
+maybe_validate_user_creds(UserCreds, true) ->
+    validate_user_creds(UserCreds).
+
+% throws if UserCreds includes a _conflicts member
+% returns UserCreds otherwise
+validate_user_creds(UserCreds) ->
+    case couch_util:get_value(<<"_conflicts">>, UserCreds) of
+        undefined ->
+            ok;
+        _ConflictList ->
+            throw({unauthorized,
+                <<"User document conflicts must be resolved before the document",
+                  " is used for authentication purposes.">>
+            })
+    end,
+    {ok, UserCreds, nil}.