couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Filipe Manana (Updated) (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (COUCHDB-1320) OAuth authentication doesn't work with VHost entry
Date Fri, 25 Nov 2011 20:25:40 GMT

     [ https://issues.apache.org/jira/browse/COUCHDB-1320?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Filipe Manana updated COUCHDB-1320:
-----------------------------------

    Attachment: fdmanana-0001-Fix-OAuth-authentication-with-VHosts-URL-rewriting.patch

Martin, I've spent  some time testing this well.
The patch you provided didn't seem to fix it.

I added some tests to confirm the fix, which uses VHosts + URL rewriting.
A big part of the problem here is that the OAuth handler is executed 2 times:

1) after the VHost dispatch happens and before the rewriter is called;

2) after the rewriter is called. This time the OAuth handler gets a rewritten patch which
will cause the OAuth signature check to fail, since the client's provided signature is based
on the first path (pre VHost dispatch, and pre rewriting phase)

The patch I'm attaching here explains this in the commit message.
Also, leaving it for BenoƮt to confirm if this is an ok fix.
                
> OAuth authentication doesn't work with VHost entry
> --------------------------------------------------
>
>                 Key: COUCHDB-1320
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-1320
>             Project: CouchDB
>          Issue Type: Bug
>          Components: HTTP Interface
>    Affects Versions: 1.1
>         Environment: Ubuntu
>            Reporter: Martin Higham
>            Assignee: Filipe Manana
>         Attachments: Fix-OAuth-that-broke-with-vhost.patch, fdmanana-0001-Fix-OAuth-authentication-with-VHosts-URL-rewriting.patch
>
>
> If you have a vhost entry that modifies the path (such as my host.com = /mainDB/_design/main/_rewrite
) trying to authenticate a request to this host using OAuth fails.
> couch_httpd_oauth uses the modified path rather than the original x-couchdb-vhost-path
when calculating the signature.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

Mime
View raw message