diff options
author | Adam Kocoloski <kocolosk@apache.org> | 2019-11-21 13:07:16 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-11-21 13:07:16 -0800 |
commit | 5ec35a949349751f34a0eca5fb2fc0267168fdc2 (patch) | |
tree | 071ee9df38b8a873540f558779d402e793766396 | |
parent | a8f3ad9d8ca7dc9c12ad22baf188eb76f66e27c3 (diff) | |
download | couchdb-5ec35a949349751f34a0eca5fb2fc0267168fdc2.tar.gz |
Don't require auth on login attempts (#2321)
Previously with require_valid_user=true configured a user would need to
supply Basic auth credentials in order to login via the _session
endpoint (or have some otgher Catch-22 way of using an existing
session). This patch makes it so that any attempt to POST to _session
is allowed to proceed.
Closes #1947.
-rw-r--r-- | src/chttpd/src/chttpd_auth.erl | 3 | ||||
-rw-r--r-- | src/couch/test/eunit/couchdb_auth_tests.erl | 21 |
2 files changed, 23 insertions, 1 deletions
diff --git a/src/chttpd/src/chttpd_auth.erl b/src/chttpd/src/chttpd_auth.erl index 6602468e1..45e11905b 100644 --- a/src/chttpd/src/chttpd_auth.erl +++ b/src/chttpd/src/chttpd_auth.erl @@ -51,6 +51,9 @@ cookie_authentication_handler(Req) -> proxy_authentication_handler(Req) -> couch_httpd_auth:proxy_authentication_handler(Req). +party_mode_handler(#httpd{method='POST', path_parts=[<<"_session">>]} = Req) -> + % See #1947 - users should always be able to attempt a login + Req#httpd{user_ctx=#user_ctx{}}; party_mode_handler(Req) -> case config:get("chttpd", "require_valid_user", "false") of "true" -> diff --git a/src/couch/test/eunit/couchdb_auth_tests.erl b/src/couch/test/eunit/couchdb_auth_tests.erl index ed2c064de..19d32d0c5 100644 --- a/src/couch/test/eunit/couchdb_auth_tests.erl +++ b/src/couch/test/eunit/couchdb_auth_tests.erl @@ -21,9 +21,16 @@ setup(PortType) -> Addr = config:get("httpd", "bind_address", "127.0.0.1"), lists:concat(["http://", Addr, ":", port(PortType), "/_session"]). +setup_require_valid_user(PortType) -> + ok = config:set("chttpd", "require_valid_user", "true", _Persist=false), + setup(PortType). + teardown(_, _) -> ok. +teardown_require_valid_user(_, _) -> + config:set("chttpd", "require_valid_user", "false", _Persist=false). + auth_test_() -> Tests = [ @@ -31,6 +38,10 @@ auth_test_() -> fun should_not_return_authenticated_field/2, fun should_return_list_of_handlers/2 ], + RequireValidUserTests = [ + % See #1947 - this should work even with require_valid_user + fun should_return_username_on_post_to_session/2 + ], { "Auth tests", { @@ -38,7 +49,8 @@ auth_test_() -> fun() -> test_util:start_couch([chttpd]) end, fun test_util:stop_couch/1, [ make_test_cases(clustered, Tests), - make_test_cases(backdoor, Tests) + make_test_cases(backdoor, Tests), + make_require_valid_user_test_cases(clustered, RequireValidUserTests) ] } }. @@ -49,6 +61,13 @@ make_test_cases(Mod, Funs) -> {foreachx, fun setup/1, fun teardown/2, [{Mod, Fun} || Fun <- Funs]} }. +make_require_valid_user_test_cases(Mod, Funs) -> + { + lists:flatten(io_lib:format("~s require_valid_user=true", [Mod])), + {foreachx, fun setup_require_valid_user/1, fun teardown_require_valid_user/2, + [{Mod, Fun} || Fun <- Funs]} + }. + should_return_username_on_post_to_session(_PortType, Url) -> ?_assertEqual(<<"rocko">>, begin |