Require server or db admin user for db/_compact and db/_view_cleanup endpoints following rnewson's suggestion

5 files changed, 131 insertions, 3 deletions

diff --git a/src/chttpd/src/chttpd_auth_request.erl b/src/chttpd/src/chttpd_auth_request.erl
index 90176c824..ab160ee79 100644
--- a/src/chttpd/src/chttpd_auth_request.erl
+++ b/src/chttpd/src/chttpd_auth_request.erl
@@ -61,6 +61,10 @@ authorize_request_int(#httpd{path_parts=[_DbName], method='PUT'}=Req) ->
     require_admin(Req);
 authorize_request_int(#httpd{path_parts=[_DbName], method='DELETE'}=Req) ->
     require_admin(Req);
+authorize_request_int(#httpd{path_parts=[_DbName, <<"_compact">>]}=Req) ->
+    require_admin(Req);
+authorize_request_int(#httpd{path_parts=[_DbName, <<"_view_cleanup">>]}=Req) ->
+    require_admin(Req);
 authorize_request_int(#httpd{path_parts=[_DbName|_]}=Req) ->
     db_authorization_check(Req).
 
diff --git a/src/chttpd/test/chttpd_security_tests.erl b/src/chttpd/test/chttpd_security_tests.erl
new file mode 100644
index 000000000..a964f3006
--- /dev/null
+++ b/src/chttpd/test/chttpd_security_tests.erl
@@ -0,0 +1,124 @@
+% Licensed under the Apache License, Version 2.0 (the "License"); you may not
+% use this file except in compliance with the License. You may obtain a copy of
+% the License at
+%
+%   http://www.apache.org/licenses/LICENSE-2.0
+%
+% Unless required by applicable law or agreed to in writing, software
+% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+% License for the specific language governing permissions and limitations under
+% the License.
+
+-module(chttpd_security_tests).
+
+-include_lib("couch/include/couch_eunit.hrl").
+-include_lib("couch/include/couch_db.hrl").
+
+-define(USER, "chttpd_db_test_admin").
+-define(PASS, "pass").
+-define(AUTH, {basic_auth, {?USER, ?PASS}}).
+-define(CONTENT_JSON, {"Content-Type", "application/json"}).
+-define(FIXTURE_TXT, ?ABS_PATH(?FILE)).
+
+setup() ->
+    ok = config:set("admins", ?USER, ?PASS, _Persist=false),
+    TmpDb = ?tempdb(),
+    Addr = config:get("chttpd", "bind_address", "127.0.0.1"),
+    Port = mochiweb_socket_server:get(chttpd, port),
+    Url = lists:concat(["http://", Addr, ":", Port, "/", ?b2l(TmpDb)]),
+    create_db(Url),
+    create_design_doc(Url),
+    Url.
+
+teardown(Url) ->
+    delete_db(Url),
+    ok = config:delete("admins", ?USER, _Persist=false).
+
+create_db(Url) ->
+    {ok, Status, _, _} = test_request:put(Url, [?CONTENT_JSON, ?AUTH], "{}"),
+    ?assert(Status =:= 201 orelse Status =:= 202).
+
+create_design_doc(Url) ->
+    {ok, Status, _, _} = test_request:put(lists:concat([Url, '/_design/test']), [?CONTENT_JSON, ?AUTH], 
+            "{\"id\":\"_design/test\"}"),
+    ?assert(Status =:= 201 orelse Status =:= 202).
+
+
+delete_db(Url) ->
+    {ok, 200, _, _} = test_request:delete(Url, [?AUTH]).
+
+all_test_() ->
+    {
+        "chttpd security tests",
+        {
+            setup,
+            fun chttpd_test_util:start_couch/0, fun chttpd_test_util:stop_couch/1,
+            {
+                foreach,
+                fun setup/0, fun teardown/1,
+                [
+                    fun should_allow_admin_db_compaction/1,
+                    fun should_disallow_anonymous_db_compaction/1,
+                    fun should_allow_admin_view_compaction/1,
+                    fun should_disallow_anonymous_view_compaction/1,
+                    fun should_allow_admin_db_view_cleanup/1,
+                    fun should_disallow_anonymous_db_view_cleanup/1
+                ]
+            }
+        }
+    }.
+
+should_allow_admin_db_compaction(Url) ->
+    ?_assertEqual(true,
+        begin
+            {ok, _, _, ResultBody} = test_request:post(Url ++ "/_compact",
+                [?CONTENT_JSON, ?AUTH], ""),
+            ResultJson = ?JSON_DECODE(ResultBody),
+            {InnerJson} = ResultJson,
+            couch_util:get_value(<<"ok">>, InnerJson, undefined)
+        end).
+
+should_disallow_anonymous_db_compaction(Url) ->
+    {ok, _, _, ResultBody} = test_request:post(Url ++ "/_compact",
+        [?CONTENT_JSON], ""),
+    ResultJson = ?JSON_DECODE(ResultBody),
+    {InnerJson} = ResultJson,
+    ErrType = couch_util:get_value(<<"error">>, InnerJson),
+    ?_assertEqual(<<"unauthorized">>,ErrType).
+
+should_allow_admin_view_compaction(Url) ->
+    ?_assertEqual(true,
+        begin
+            {ok, _, _, ResultBody} = test_request:post(Url ++ "/_compact/test",
+                [?CONTENT_JSON, ?AUTH], ""),
+            ResultJson = ?JSON_DECODE(ResultBody),
+            {InnerJson} = ResultJson,
+            couch_util:get_value(<<"ok">>, InnerJson, undefined)
+        end).
+
+should_disallow_anonymous_view_compaction(Url) ->
+    {ok, _, _, ResultBody} = test_request:post(Url ++ "/_compact/test",
+        [?CONTENT_JSON], ""),
+    ResultJson = ?JSON_DECODE(ResultBody),
+    {InnerJson} = ResultJson,
+    ErrType = couch_util:get_value(<<"error">>, InnerJson),
+    ?_assertEqual(<<"unauthorized">>,ErrType).
+
+should_allow_admin_db_view_cleanup(Url) ->
+    ?_assertEqual(true,
+        begin
+            {ok, _, _, ResultBody} = test_request:post(Url ++ "/_view_cleanup",
+                [?CONTENT_JSON, ?AUTH], ""),
+            ResultJson = ?JSON_DECODE(ResultBody),
+            {InnerJson} = ResultJson,
+            couch_util:get_value(<<"ok">>, InnerJson, undefined)
+        end).
+
+should_disallow_anonymous_db_view_cleanup(Url) ->
+    {ok, _, _, ResultBody} = test_request:post(Url ++ "/_view_cleanup",
+        [?CONTENT_JSON], ""),
+    ResultJson = ?JSON_DECODE(ResultBody),
+    {InnerJson} = ResultJson,
+    ErrType = couch_util:get_value(<<"error">>, InnerJson),
+    ?_assertEqual(<<"unauthorized">>, ErrType).
diff --git a/src/couch/test/couchdb_file_compression_tests.erl b/src/couch/test/couchdb_file_compression_tests.erl
index ccfa24435..a23845975 100644
--- a/src/couch/test/couchdb_file_compression_tests.erl
+++ b/src/couch/test/couchdb_file_compression_tests.erl
@@ -174,7 +174,7 @@ refresh_index(DbName) ->
 
 compact_db(DbName) ->
     DiskSizeBefore = db_disk_size(DbName),
-    {ok, Db} = couch_db:open_int(DbName, []),
+    {ok, Db} = couch_db:open_int(DbName, [?ADMIN_CTX]),
     {ok, _CompactPid} = couch_db:start_compact(Db),
     wait_compaction(DbName, "database", ?LINE),
     ok = couch_db:close(Db),
diff --git a/src/couch/test/couchdb_views_tests.erl b/src/couch/test/couchdb_views_tests.erl
index e320b54c6..a593dbc5e 100644
--- a/src/couch/test/couchdb_views_tests.erl
+++ b/src/couch/test/couchdb_views_tests.erl
@@ -582,7 +582,7 @@ restore_backup_db_file(DbName) ->
     end, ?TIMEOUT, ?DELAY).
 
 compact_db(DbName) ->
-    {ok, Db} = couch_db:open_int(DbName, []),
+    {ok, Db} = couch_db:open_int(DbName, [?ADMIN_CTX]),
     {ok, _} = couch_db:start_compact(Db),
     ok = couch_db:close(Db),
     wait_db_compact_done(DbName, 20).
diff --git a/src/couch_replicator/test/couch_replicator_compact_tests.erl b/src/couch_replicator/test/couch_replicator_compact_tests.erl
index 1a794658a..e3f2556f8 100644
--- a/src/couch_replicator/test/couch_replicator_compact_tests.erl
+++ b/src/couch_replicator/test/couch_replicator_compact_tests.erl
@@ -281,7 +281,7 @@ reopen_db(DbName) ->
     {ok, Db}.
 
 compact_db(Type, #db{name = Name}) ->
-    {ok, Db} = couch_db:open_int(Name, []),
+    {ok, Db} = couch_db:open_int(Name, [?ADMIN_CTX]),
     {ok, CompactPid} = couch_db:start_compact(Db),
     MonRef = erlang:monitor(process, CompactPid),
     receive