couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From KlausTrainer <...@git.apache.org>
Subject [GitHub] couchdb pull request: Use cookie authentication during replication
Date Mon, 10 Mar 2014 23:45:39 GMT
GitHub user KlausTrainer opened a pull request:

    https://github.com/apache/couchdb/pull/172

    Use cookie authentication during replication

    In `couch_replicator_httpc:setup/1`, if the URL contains basic auth
    credentials, the replicator now removes those credentials from the URL
    and inserts them into a new ets table, whose identifier is stored in the
    returned `httpdb` record in a new field named `credentials`.
    
    Then, if during replication there's a HTTP status code 401, the
    replicator does a POST-request to the remote DB's `/_session` endpoint,
    in which the request body contains the user name and password from the
    basic auth credentials stored in the ets table.  If that request is
    successful, the session cookie is inserted into the ets table together
    with the current timestamp returned by `os:timestamp/0`.  From that
    point on, `couch_replicator_httpc:send_req/3` always retrieves the
    cookie from the ets table and sets it as value in the "Cookie" request
    header.  When a new session cookie is set, the cookie value, together
    with a new timestamp, will be updated in the ets table accordingly.
    Now, after having started a new session, the request that generated the
    response status code 401 is repeated.
    
    In order to prevent the replicator from wrongly starting a new session
    after getting a 401 status code and then repeating the request again
    (and thereby causing an infinite loop), it is checked whether the
    difference between the current timestamp returned by `os:timestamp/0`
    and the timestamp stored together with the session cookie is greater
    than one minute.  A new session is started and the request is repeated
    only if the difference is greater than one minute.  Otherwise it is
    proceeded as ever, i.e., the response with the 401 status code is
    returned.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/KlausTrainer/couchdb 2069-cookie-auth-replication

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/couchdb/pull/172.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #172
    
----
commit 97b7b4e4b2aa48f9f03fb781f0754cc1e2b14543
Author: Klaus Trainer <klaus_trainer@apache.org>
Date:   2014-03-09T19:10:53Z

    Use cookie authentication during replication
    
    In `couch_replicator_httpc:setup/1`, if the URL contains basic auth
    credentials, the replicator now removes those credentials from the URL
    and inserts them into a new ets table, whose identifier is stored in the
    returned `httpdb` record in a new field named `credentials`.
    
    Then, if during replication there's a HTTP status code 401, the
    replicator does a POST-request to the remote DB's `/_session` endpoint,
    in which the request body contains the user name and password from the
    basic auth credentials stored in the ets table.  If that request is
    successful, the session cookie is inserted into the ets table together
    with the current timestamp returned by `os:timestamp/0`.  From that
    point on, `couch_replicator_httpc:send_req/3` always retrieves the
    cookie from the ets table and sets it as value in the "Cookie" request
    header.  When a new session cookie is set, the cookie value, together
    with a new timestamp, will be updated in the ets table accordingly.
    Now, after having started a new session, the request that generated the
    response status code 401 is repeated.
    
    In order to prevent the replicator from wrongly starting a new session
    after getting a 401 status code and then repeating the request again
    (and thereby causing an infinite loop), it is checked whether the
    difference between the current timestamp returned by `os:timestamp/0`
    and the timestamp stored together with the session cookie is greater
    than one minute.  A new session is started and the request is repeated
    only if the difference is greater than one minute.  Otherwise it is
    proceeded as ever, i.e., the response with the 401 status code is
    returned.

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message