summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjiangph <jiangph@cn.ibm.com>2019-01-28 10:43:34 +0800
committerjiangph <jiangph@cn.ibm.com>2019-01-29 08:12:39 +0800
commit13534500a2704240cb0d1d1b3063f7fbf6f386ed (patch)
treeac1a7c1fa8422a4140d174379b751d7a40375fa4
parentedcb37288bc2043d8c4d748f4426b6f8fd9d09af (diff)
downloadcouchdb-13534500a2704240cb0d1d1b3063f7fbf6f386ed.tar.gz
restrict _purge to server adminrestrict-purge-admin
This restrict _purge and _purged_infos_limit to server admin in terms of the security level required to run them. Fixes #1799
-rw-r--r--src/chttpd/src/chttpd_auth_request.erl4
-rw-r--r--src/chttpd/test/chttpd_security_tests.erl61
2 files changed, 64 insertions, 1 deletions
diff --git a/src/chttpd/src/chttpd_auth_request.erl b/src/chttpd/src/chttpd_auth_request.erl
index f85eb9722..5b4ec84d5 100644
--- a/src/chttpd/src/chttpd_auth_request.erl
+++ b/src/chttpd/src/chttpd_auth_request.erl
@@ -72,6 +72,10 @@ authorize_request_int(#httpd{path_parts=[_DbName, <<"_view_cleanup">>]}=Req) ->
require_db_admin(Req);
authorize_request_int(#httpd{path_parts=[_DbName, <<"_sync_shards">>]}=Req) ->
require_admin(Req);
+authorize_request_int(#httpd{path_parts=[_DbName, <<"_purge">>]}=Req) ->
+ require_admin(Req);
+authorize_request_int(#httpd{path_parts=[_DbName, <<"_purged_infos_limit">>]}=Req) ->
+ require_admin(Req);
authorize_request_int(#httpd{path_parts=[_DbName|_]}=Req) ->
db_authorization_check(Req).
diff --git a/src/chttpd/test/chttpd_security_tests.erl b/src/chttpd/test/chttpd_security_tests.erl
index 12a53acf2..955b4ff01 100644
--- a/src/chttpd/test/chttpd_security_tests.erl
+++ b/src/chttpd/test/chttpd_security_tests.erl
@@ -110,7 +110,13 @@ all_test_() ->
fun should_allow_admin_view_compaction/1,
fun should_disallow_anonymous_view_compaction/1,
fun should_allow_admin_db_view_cleanup/1,
- fun should_disallow_anonymous_db_view_cleanup/1
+ fun should_disallow_anonymous_db_view_cleanup/1,
+ fun should_allow_admin_purge/1,
+ fun should_disallow_anonymous_purge/1,
+ fun should_disallow_db_member_purge/1,
+ fun should_allow_admin_purged_infos_limit/1,
+ fun should_disallow_anonymous_purged_infos_limit/1,
+ fun should_disallow_db_member_purged_infos_limit/1
]
}
}
@@ -228,6 +234,59 @@ should_disallow_anonymous_db_view_cleanup([Url,_UsersUrl]) ->
ErrType = couch_util:get_value(<<"error">>, InnerJson),
?_assertEqual(<<"unauthorized">>, ErrType).
+should_allow_admin_purge([Url,_UsersUrl]) ->
+ ?_assertEqual(null,
+ begin
+ IdsRevs = "{}",
+ {ok, _, _, ResultBody} = test_request:post(Url ++ "/_purge",
+ [?CONTENT_JSON, ?AUTH], IdsRevs),
+ ResultJson = ?JSON_DECODE(ResultBody),
+ {InnerJson} = ResultJson,
+ couch_util:get_value(<<"purge_seq">>, InnerJson, undefined)
+ end).
+
+should_disallow_anonymous_purge([Url,_UsersUrl]) ->
+ {ok, _, _, ResultBody} = test_request:post(Url ++ "/_purge",
+ [?CONTENT_JSON], ""),
+ ResultJson = ?JSON_DECODE(ResultBody),
+ {InnerJson} = ResultJson,
+ ErrType = couch_util:get_value(<<"error">>, InnerJson),
+ ?_assertEqual(<<"unauthorized">>, ErrType).
+
+should_disallow_db_member_purge([Url,_UsersUrl]) ->
+ {ok, _, _, ResultBody} = test_request:post(Url ++ "/_purge",
+ [?CONTENT_JSON, ?TEST_MEMBER_AUTH], ""),
+ ResultJson = ?JSON_DECODE(ResultBody),
+ {InnerJson} = ResultJson,
+ ErrType = couch_util:get_value(<<"error">>, InnerJson),
+ ?_assertEqual(<<"unauthorized">>,ErrType).
+
+should_allow_admin_purged_infos_limit([Url,_UsersUrl]) ->
+ ?_assertEqual(true,
+ begin
+ {ok, _, _, ResultBody} = test_request:put(Url
+ ++ "/_purged_infos_limit/", [?CONTENT_JSON, ?AUTH], "2"),
+ ResultJson = ?JSON_DECODE(ResultBody),
+ {InnerJson} = ResultJson,
+ couch_util:get_value(<<"ok">>, InnerJson, undefined)
+ end).
+
+should_disallow_anonymous_purged_infos_limit([Url,_UsersUrl]) ->
+ {ok, _, _, ResultBody} = test_request:put(Url ++ "/_purged_infos_limit/",
+ [?CONTENT_JSON, ?TEST_MEMBER_AUTH], "2"),
+ ResultJson = ?JSON_DECODE(ResultBody),
+ {InnerJson} = ResultJson,
+ ErrType = couch_util:get_value(<<"error">>, InnerJson),
+ ?_assertEqual(<<"unauthorized">>, ErrType).
+
+should_disallow_db_member_purged_infos_limit([Url,_UsersUrl]) ->
+ {ok, _, _, ResultBody} = test_request:put(Url ++ "/_purged_infos_limit/",
+ [?CONTENT_JSON, ?TEST_MEMBER_AUTH], "2"),
+ ResultJson = ?JSON_DECODE(ResultBody),
+ {InnerJson} = ResultJson,
+ ErrType = couch_util:get_value(<<"error">>, InnerJson),
+ ?_assertEqual(<<"unauthorized">>,ErrType).
+
should_return_ok_for_sec_obj_with_roles([Url,_UsersUrl]) ->
SecurityUrl = lists:concat([Url, "/_security"]),
SecurityProperties = [