diff options
author | Frederick Kaempfer <frederick.kaempfer@gmail.com> | 2017-04-08 22:14:25 +0200 |
---|---|---|
committer | Joan Touzet <wohali@users.noreply.github.com> | 2017-07-12 11:12:37 -0400 |
commit | 45c573b0ae351d5c39850491badf32a8a453339e (patch) | |
tree | 06840290c8b231f447e652607660849078edf961 | |
parent | cc668ba7b67b27369720fa3b9cac6844c698f1a0 (diff) | |
download | couchdb-45c573b0ae351d5c39850491badf32a8a453339e.tar.gz |
Require server or db admin user for db/_compact and db/_view_cleanup endpoints following rnewson's suggestion
-rw-r--r-- | src/chttpd/src/chttpd_auth_request.erl | 4 | ||||
-rw-r--r-- | src/chttpd/test/chttpd_security_tests.erl | 124 | ||||
-rw-r--r-- | src/couch/test/couchdb_file_compression_tests.erl | 2 | ||||
-rw-r--r-- | src/couch/test/couchdb_views_tests.erl | 2 | ||||
-rw-r--r-- | src/couch_replicator/test/couch_replicator_compact_tests.erl | 2 |
5 files changed, 131 insertions, 3 deletions
diff --git a/src/chttpd/src/chttpd_auth_request.erl b/src/chttpd/src/chttpd_auth_request.erl index 90176c824..ab160ee79 100644 --- a/src/chttpd/src/chttpd_auth_request.erl +++ b/src/chttpd/src/chttpd_auth_request.erl @@ -61,6 +61,10 @@ authorize_request_int(#httpd{path_parts=[_DbName], method='PUT'}=Req) -> require_admin(Req); authorize_request_int(#httpd{path_parts=[_DbName], method='DELETE'}=Req) -> require_admin(Req); +authorize_request_int(#httpd{path_parts=[_DbName, <<"_compact">>]}=Req) -> + require_admin(Req); +authorize_request_int(#httpd{path_parts=[_DbName, <<"_view_cleanup">>]}=Req) -> + require_admin(Req); authorize_request_int(#httpd{path_parts=[_DbName|_]}=Req) -> db_authorization_check(Req). diff --git a/src/chttpd/test/chttpd_security_tests.erl b/src/chttpd/test/chttpd_security_tests.erl new file mode 100644 index 000000000..a964f3006 --- /dev/null +++ b/src/chttpd/test/chttpd_security_tests.erl @@ -0,0 +1,124 @@ +% Licensed under the Apache License, Version 2.0 (the "License"); you may not +% use this file except in compliance with the License. You may obtain a copy of +% the License at +% +% http://www.apache.org/licenses/LICENSE-2.0 +% +% Unless required by applicable law or agreed to in writing, software +% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +% License for the specific language governing permissions and limitations under +% the License. + +-module(chttpd_security_tests). + +-include_lib("couch/include/couch_eunit.hrl"). +-include_lib("couch/include/couch_db.hrl"). + +-define(USER, "chttpd_db_test_admin"). +-define(PASS, "pass"). +-define(AUTH, {basic_auth, {?USER, ?PASS}}). +-define(CONTENT_JSON, {"Content-Type", "application/json"}). +-define(FIXTURE_TXT, ?ABS_PATH(?FILE)). + +setup() -> + ok = config:set("admins", ?USER, ?PASS, _Persist=false), + TmpDb = ?tempdb(), + Addr = config:get("chttpd", "bind_address", "127.0.0.1"), + Port = mochiweb_socket_server:get(chttpd, port), + Url = lists:concat(["http://", Addr, ":", Port, "/", ?b2l(TmpDb)]), + create_db(Url), + create_design_doc(Url), + Url. + +teardown(Url) -> + delete_db(Url), + ok = config:delete("admins", ?USER, _Persist=false). + +create_db(Url) -> + {ok, Status, _, _} = test_request:put(Url, [?CONTENT_JSON, ?AUTH], "{}"), + ?assert(Status =:= 201 orelse Status =:= 202). + +create_design_doc(Url) -> + {ok, Status, _, _} = test_request:put(lists:concat([Url, '/_design/test']), [?CONTENT_JSON, ?AUTH], + "{\"id\":\"_design/test\"}"), + ?assert(Status =:= 201 orelse Status =:= 202). + + +delete_db(Url) -> + {ok, 200, _, _} = test_request:delete(Url, [?AUTH]). + +all_test_() -> + { + "chttpd security tests", + { + setup, + fun chttpd_test_util:start_couch/0, fun chttpd_test_util:stop_couch/1, + { + foreach, + fun setup/0, fun teardown/1, + [ + fun should_allow_admin_db_compaction/1, + fun should_disallow_anonymous_db_compaction/1, + fun should_allow_admin_view_compaction/1, + fun should_disallow_anonymous_view_compaction/1, + fun should_allow_admin_db_view_cleanup/1, + fun should_disallow_anonymous_db_view_cleanup/1 + ] + } + } + }. + +should_allow_admin_db_compaction(Url) -> + ?_assertEqual(true, + begin + {ok, _, _, ResultBody} = test_request:post(Url ++ "/_compact", + [?CONTENT_JSON, ?AUTH], ""), + ResultJson = ?JSON_DECODE(ResultBody), + {InnerJson} = ResultJson, + couch_util:get_value(<<"ok">>, InnerJson, undefined) + end). + +should_disallow_anonymous_db_compaction(Url) -> + {ok, _, _, ResultBody} = test_request:post(Url ++ "/_compact", + [?CONTENT_JSON], ""), + ResultJson = ?JSON_DECODE(ResultBody), + {InnerJson} = ResultJson, + ErrType = couch_util:get_value(<<"error">>, InnerJson), + ?_assertEqual(<<"unauthorized">>,ErrType). + +should_allow_admin_view_compaction(Url) -> + ?_assertEqual(true, + begin + {ok, _, _, ResultBody} = test_request:post(Url ++ "/_compact/test", + [?CONTENT_JSON, ?AUTH], ""), + ResultJson = ?JSON_DECODE(ResultBody), + {InnerJson} = ResultJson, + couch_util:get_value(<<"ok">>, InnerJson, undefined) + end). + +should_disallow_anonymous_view_compaction(Url) -> + {ok, _, _, ResultBody} = test_request:post(Url ++ "/_compact/test", + [?CONTENT_JSON], ""), + ResultJson = ?JSON_DECODE(ResultBody), + {InnerJson} = ResultJson, + ErrType = couch_util:get_value(<<"error">>, InnerJson), + ?_assertEqual(<<"unauthorized">>,ErrType). + +should_allow_admin_db_view_cleanup(Url) -> + ?_assertEqual(true, + begin + {ok, _, _, ResultBody} = test_request:post(Url ++ "/_view_cleanup", + [?CONTENT_JSON, ?AUTH], ""), + ResultJson = ?JSON_DECODE(ResultBody), + {InnerJson} = ResultJson, + couch_util:get_value(<<"ok">>, InnerJson, undefined) + end). + +should_disallow_anonymous_db_view_cleanup(Url) -> + {ok, _, _, ResultBody} = test_request:post(Url ++ "/_view_cleanup", + [?CONTENT_JSON], ""), + ResultJson = ?JSON_DECODE(ResultBody), + {InnerJson} = ResultJson, + ErrType = couch_util:get_value(<<"error">>, InnerJson), + ?_assertEqual(<<"unauthorized">>, ErrType). diff --git a/src/couch/test/couchdb_file_compression_tests.erl b/src/couch/test/couchdb_file_compression_tests.erl index ccfa24435..a23845975 100644 --- a/src/couch/test/couchdb_file_compression_tests.erl +++ b/src/couch/test/couchdb_file_compression_tests.erl @@ -174,7 +174,7 @@ refresh_index(DbName) -> compact_db(DbName) -> DiskSizeBefore = db_disk_size(DbName), - {ok, Db} = couch_db:open_int(DbName, []), + {ok, Db} = couch_db:open_int(DbName, [?ADMIN_CTX]), {ok, _CompactPid} = couch_db:start_compact(Db), wait_compaction(DbName, "database", ?LINE), ok = couch_db:close(Db), diff --git a/src/couch/test/couchdb_views_tests.erl b/src/couch/test/couchdb_views_tests.erl index e320b54c6..a593dbc5e 100644 --- a/src/couch/test/couchdb_views_tests.erl +++ b/src/couch/test/couchdb_views_tests.erl @@ -582,7 +582,7 @@ restore_backup_db_file(DbName) -> end, ?TIMEOUT, ?DELAY). compact_db(DbName) -> - {ok, Db} = couch_db:open_int(DbName, []), + {ok, Db} = couch_db:open_int(DbName, [?ADMIN_CTX]), {ok, _} = couch_db:start_compact(Db), ok = couch_db:close(Db), wait_db_compact_done(DbName, 20). diff --git a/src/couch_replicator/test/couch_replicator_compact_tests.erl b/src/couch_replicator/test/couch_replicator_compact_tests.erl index 1a794658a..e3f2556f8 100644 --- a/src/couch_replicator/test/couch_replicator_compact_tests.erl +++ b/src/couch_replicator/test/couch_replicator_compact_tests.erl @@ -281,7 +281,7 @@ reopen_db(DbName) -> {ok, Db}. compact_db(Type, #db{name = Name}) -> - {ok, Db} = couch_db:open_int(Name, []), + {ok, Db} = couch_db:open_int(Name, [?ADMIN_CTX]), {ok, CompactPid} = couch_db:start_compact(Db), MonRef = erlang:monitor(process, CompactPid), receive |