Only allow strings in user doc "roles" array1675-fix-roles-validation

We validate that _security documents only contain strings but we have
not done the same for the roles field in user docs. This is a breaking
change as users may have been inserting other things (notably,
objects) in this field.

COUCHDB-1675

2 files changed, 16 insertions, 0 deletions

diff --git a/share/www/script/test/users_db.js b/share/www/script/test/users_db.js
index 44e6c8878..4d6e4de58 100644
--- a/share/www/script/test/users_db.js
+++ b/share/www/script/test/users_db.js
@@ -112,6 +112,16 @@ couchTests.users_db = function(debug) {
     }
     jchrisUserDoc.roles = [];
 
+    // "roles" must be an array of strings
+    jchrisUserDoc.roles = [12];
+    try {
+      usersDb.save(jchrisUserDoc);
+      T(false && "should only allow us to save doc when roles is an array of strings");
+    } catch(e) {
+      TEquals(e.reason, "doc.roles can only contain strings");
+    }
+    jchrisUserDoc.roles = [];
+
     // "roles" must exist
     delete jchrisUserDoc.roles;
     try {
diff --git a/src/couchdb/couch_js_functions.hrl b/src/couchdb/couch_js_functions.hrl
index 2ecd85142..774b72457 100644
--- a/src/couchdb/couch_js_functions.hrl
+++ b/src/couchdb/couch_js_functions.hrl
@@ -39,6 +39,12 @@
             throw({forbidden: 'doc.roles must be an array'});
         }
 
+        for (var idx = 0; idx < newDoc.roles.length; idx++) {
+            if (typeof newDoc.roles[idx] !== 'string') {
+                throw({forbidden: 'doc.roles can only contain strings'});
+            }
+        }
+
         if (newDoc._id !== ('org.couchdb.user:' + newDoc.name)) {
             throw({
                 forbidden: 'Doc ID must be of the form org.couchdb.user:name'