couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From iil...@apache.org
Subject [1/2] couch commit: updated refs/heads/master to ad97a06
Date Wed, 06 Jul 2016 21:14:44 GMT
Repository: couchdb-couch
Updated Branches:
  refs/heads/master 01cbf20c7 -> ad97a0622


Remove maybe_upgrade_password_hash

Starting from 411c130ea63c3423d7ea71743095dfb446680da6 we accidentially
upgrading user's password to pbkdf.
Removing upgrade code.


Project: http://git-wip-us.apache.org/repos/asf/couchdb-couch/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-couch/commit/ba297157
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-couch/tree/ba297157
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-couch/diff/ba297157

Branch: refs/heads/master
Commit: ba29715785efdf4f25a3bb0127646fbf3489eff3
Parents: 01cbf20
Author: ILYA Khlopotov <iilyak@ca.ibm.com>
Authored: Wed Jul 6 13:51:03 2016 -0700
Committer: ILYA Khlopotov <iilyak@ca.ibm.com>
Committed: Wed Jul 6 14:00:42 2016 -0700

----------------------------------------------------------------------
 src/couch_httpd_auth.erl | 28 ++++------------------------
 1 file changed, 4 insertions(+), 24 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb-couch/blob/ba297157/src/couch_httpd_auth.erl
----------------------------------------------------------------------
diff --git a/src/couch_httpd_auth.erl b/src/couch_httpd_auth.erl
index ff0f73c..15d3ac6 100644
--- a/src/couch_httpd_auth.erl
+++ b/src/couch_httpd_auth.erl
@@ -23,7 +23,7 @@
 -export([cookie_auth_header/2]).
 -export([handle_session_req/1, handle_session_req/2]).
 
--export([authenticate/2, verify_totp/2, maybe_upgrade_password_hash/6]).
+-export([authenticate/2, verify_totp/2]).
 -export([ensure_cookie_auth_secret/0, make_cookie_time/0]).
 -export([cookie_auth_cookie/4, cookie_scheme/1]).
 -export([maybe_value/3]).
@@ -97,12 +97,9 @@ default_authentication_handler(Req, AuthModule) ->
                 Password = ?l2b(Pass),
                 case authenticate(Password, UserProps) of
                     true ->
-                        UserProps2 = maybe_upgrade_password_hash(
-                            Req, UserName, Password, UserProps,
-                            AuthModule, AuthCtx),
                         Req#httpd{user_ctx=#user_ctx{
                             name=UserName,
-                            roles=couch_util:get_value(<<"roles">>, UserProps2,
[])
+                            roles=couch_util:get_value(<<"roles">>, UserProps,
[])
                         }};
                     false ->
                         authentication_warning(Req, UserName),
@@ -308,11 +305,9 @@ handle_session_req(#httpd{method='POST', mochi_req=MochiReq}=Req, AuthModule)
->
     case authenticate(Password, UserProps) of
         true ->
             verify_totp(UserProps, Form),
-            UserProps2 = maybe_upgrade_password_hash(
-                Req, UserName, Password, UserProps, AuthModule, AuthCtx),
             % setup the session cookie
             Secret = ?l2b(ensure_cookie_auth_secret()),
-            UserSalt = couch_util:get_value(<<"salt">>, UserProps2),
+            UserSalt = couch_util:get_value(<<"salt">>, UserProps),
             CurrentTime = make_cookie_time(),
             Cookie = cookie_auth_cookie(Req, ?b2l(UserName), <<Secret/binary, UserSalt/binary>>,
CurrentTime),
             % TODO document the "next" feature in Futon
@@ -326,7 +321,7 @@ handle_session_req(#httpd{method='POST', mochi_req=MochiReq}=Req, AuthModule)
->
                 {[
                     {ok, true},
                     {name, UserName},
-                    {roles, couch_util:get_value(<<"roles">>, UserProps2, [])}
+                    {roles, couch_util:get_value(<<"roles">>, UserProps, [])}
                 ]});
         false ->
             authentication_warning(Req, UserName),
@@ -395,21 +390,6 @@ maybe_value(_Key, undefined, _Fun) -> [];
 maybe_value(Key, Else, Fun) ->
     [{Key, Fun(Else)}].
 
-maybe_upgrade_password_hash(Req, UserName, Password, UserProps,
-        AuthModule, AuthCtx) ->
-    IsAdmin = lists:member(<<"_admin">>, couch_util:get_value(<<"roles">>,
UserProps, [])),
-    case {IsAdmin, couch_util:get_value(<<"password_scheme">>, UserProps, <<"simple">>)}
of
-    {false, <<"simple">>} ->
-        UserProps2 = proplists:delete(<<"password_sha">>, UserProps),
-        UserProps3 = [{<<"password">>, Password} | UserProps2],
-        NewUserDoc = couch_doc:from_json_obj({UserProps3}),
-        ok = AuthModule:update_user_creds(Req, NewUserDoc, AuthCtx),
-        {ok, NewUserProps, _} = AuthModule:get_user_creds(Req, UserName),
-        NewUserProps;
-    _ ->
-        UserProps
-    end.
-
 authenticate(Pass, UserProps) ->
     UserSalt = couch_util:get_value(<<"salt">>, UserProps, <<>>),
     {PasswordHash, ExpectedHash} =


Mime
View raw message