Fix infinite loop in default_authentication_handlerinfinite-loop-auth

2 files changed, 5 insertions, 8 deletions

diff --git a/src/chttpd/src/chttpd_auth.erl b/src/chttpd/src/chttpd_auth.erl
index 45e11905b..607f09a8a 100644
--- a/src/chttpd/src/chttpd_auth.erl
+++ b/src/chttpd/src/chttpd_auth.erl
@@ -55,10 +55,12 @@ party_mode_handler(#httpd{method='POST', path_parts=[<<"_session">>]} = Req) ->
     % See #1947 - users should always be able to attempt a login
     Req#httpd{user_ctx=#user_ctx{}};
 party_mode_handler(Req) ->
-    case config:get("chttpd", "require_valid_user", "false") of
-    "true" ->
+    RequireValidUser = config:get_boolean("chttpd", "require_valid_user", false),
+    ExceptUp = config:get_boolean("chttpd", "require_valid_user_except_for_up", true),
+    case RequireValidUser andalso not ExceptUp of
+    true ->
         throw({unauthorized, <<"Authentication required.">>});
-    "false" ->
+    false ->
         case config:get("admins") of
         [] ->
             Req#httpd{user_ctx = ?ADMIN_USER};
diff --git a/src/couch/src/couch_httpd_auth.erl b/src/couch/src/couch_httpd_auth.erl
index 96de5bf3b..5e4450301 100644
--- a/src/couch/src/couch_httpd_auth.erl
+++ b/src/couch/src/couch_httpd_auth.erl
@@ -88,11 +88,6 @@ basic_name_pw(Req) ->
 default_authentication_handler(Req) ->
     default_authentication_handler(Req, couch_auth_cache).
 
-default_authentication_handler(#httpd{path_parts=[<<"_up">>]}=Req, AuthModule) ->
-    case config:get_boolean("chttpd", "require_valid_user_except_for_up", false) of
-        true -> Req#httpd{user_ctx=?ADMIN_USER};
-        _False -> default_authentication_handler(Req, AuthModule)
-    end;
 default_authentication_handler(Req, AuthModule) ->
     case basic_name_pw(Req) of
     {User, Pass} ->