diff options
author | Nick Vatamaniuc <vatamane@apache.org> | 2021-04-15 01:07:55 -0400 |
---|---|---|
committer | Nick Vatamaniuc <nickva@users.noreply.github.com> | 2021-04-16 17:44:43 -0400 |
commit | c0dba424887633425a1c0563979ccacb93231794 (patch) | |
tree | 5742aa9551f308768de54419f66d37ef32f461cd | |
parent | 45de516f4571e4bdc9e0f7007f31e37d6857cc67 (diff) | |
download | couchdb-c0dba424887633425a1c0563979ccacb93231794.tar.gz |
Clean up couch_auth_cache
couch_auth_cache only handles reading server admin credentials from config files and returns the auth design doc (used in chttpd_auth_cache).
Node local `_user` docs logic has been removed. Validation to check
for _conflicts is also not needed as the "docs" proplists created from
the config server admin section don't have conflicts.
-rw-r--r-- | src/couch/src/couch_auth_cache.erl | 93 |
1 files changed, 2 insertions, 91 deletions
diff --git a/src/couch/src/couch_auth_cache.erl b/src/couch/src/couch_auth_cache.erl index c564cee00..919d5614f 100644 --- a/src/couch/src/couch_auth_cache.erl +++ b/src/couch/src/couch_auth_cache.erl @@ -16,11 +16,9 @@ -export([ get_user_creds/1, get_user_creds/2, - update_user_creds/3, get_admin/1, add_roles/2, - auth_design_doc/1, - ensure_users_db_exists/0 + auth_design_doc/1 ]). @@ -41,25 +39,7 @@ get_user_creds(Req, UserName) when is_list(UserName) -> get_user_creds(Req, ?l2b(UserName)); get_user_creds(_Req, UserName) -> - UserCreds = case get_admin(UserName) of - nil -> - get_from_db(UserName); - Props -> - case get_from_db(UserName) of - nil -> - Props; - UserProps when is_list(UserProps) -> - add_roles(Props, couch_util:get_value(<<"roles">>, UserProps)) - end - end, - validate_user_creds(UserCreds). - -update_user_creds(_Req, UserDoc, _AuthCtx) -> - ok = ensure_users_db_exists(), - couch_util:with_db(users_db(), fun(UserDb) -> - {ok, _NewRev} = couch_db:update_doc(UserDb, UserDoc, []), - ok - end). + get_admin(UserName). add_roles(Props, ExtraRoles) -> CurrentRoles = couch_util:get_value(<<"roles">>, Props), @@ -94,75 +74,6 @@ make_admin_doc(DerivedKey, Salt, Iterations) -> {<<"password_scheme">>, <<"pbkdf2">>}, {<<"derived_key">>, ?l2b(DerivedKey)}]. - -get_from_db(UserName) -> - ok = ensure_users_db_exists(), - couch_util:with_db(users_db(), fun(Db) -> - DocId = <<"org.couchdb.user:", UserName/binary>>, - try - {ok, Doc} = couch_db:open_doc(Db, DocId, [conflicts]), - {DocProps} = couch_doc:to_json_obj(Doc, []), - DocProps - catch - _:_Error -> - nil - end - end). - - -validate_user_creds(nil) -> - nil; -validate_user_creds(UserCreds) -> - case couch_util:get_value(<<"_conflicts">>, UserCreds) of - undefined -> - ok; - _ConflictList -> - throw({unauthorized, - <<"User document conflicts must be resolved before the document", - " is used for authentication purposes.">> - }) - end, - {ok, UserCreds, nil}. - - -users_db() -> - DbNameList = config:get("couch_httpd_auth", "authentication_db", "_users"), - ?l2b(DbNameList). - - -ensure_users_db_exists() -> - Options = [?ADMIN_CTX, nologifmissing], - case couch_db:open(users_db(), Options) of - {ok, Db} -> - ensure_auth_ddoc_exists(Db, <<"_design/_auth">>), - couch_db:close(Db); - _Error -> - {ok, Db} = couch_db:create(users_db(), Options), - ok = ensure_auth_ddoc_exists(Db, <<"_design/_auth">>), - couch_db:close(Db) - end, - ok. - - -ensure_auth_ddoc_exists(Db, DDocId) -> - case couch_db:open_doc(Db, DDocId) of - {not_found, _Reason} -> - {ok, AuthDesign} = auth_design_doc(DDocId), - {ok, _Rev} = couch_db:update_doc(Db, AuthDesign, []); - {ok, Doc} -> - {Props} = couch_doc:to_json_obj(Doc, []), - case couch_util:get_value(<<"validate_doc_update">>, Props, []) of - ?AUTH_DB_DOC_VALIDATE_FUNCTION -> - ok; - _ -> - Props1 = lists:keyreplace(<<"validate_doc_update">>, 1, Props, - {<<"validate_doc_update">>, - ?AUTH_DB_DOC_VALIDATE_FUNCTION}), - couch_db:update_doc(Db, couch_doc:from_json_obj({Props1}), []) - end - end, - ok. - auth_design_doc(DocId) -> DocProps = [ {<<"_id">>, DocId}, |