diff options
author | Jan Lehnardt <jan@apache.org> | 2020-01-08 04:23:16 +0100 |
---|---|---|
committer | Joan Touzet <wohali@users.noreply.github.com> | 2020-01-07 22:23:16 -0500 |
commit | 28dbf7e38f2cd86fa2ac5937835a5c4a96dd6aa6 (patch) | |
tree | d6f55f7870c60c2ee965718b39df83b2e15c7e20 | |
parent | 08d6538a27a23d118579b438cc54daf86be3d5b4 (diff) | |
download | couchdb-28dbf7e38f2cd86fa2ac5937835a5c4a96dd6aa6.tar.gz |
Bypass authentication check for /_up (#2411)
Add config variable chttpd.require_valid_user_except_for_up defaulting
to false.
This will allow various automated health check systems to hit /_up
without having to provide a username/password pair when the
chttpd.require_valid_user config setting is true. Apparently, many
of these health check providers do not even allow supplying creds
for such a purpose...
Closes #823
Co-authored-by: Joan Touzet <wohali@users.noreply.github.com>
-rw-r--r-- | rel/overlay/etc/default.ini | 1 | ||||
-rw-r--r-- | src/couch/src/couch_httpd_auth.erl | 5 |
2 files changed, 6 insertions, 0 deletions
diff --git a/rel/overlay/etc/default.ini b/rel/overlay/etc/default.ini index 669977ee0..5fc8e0761 100644 --- a/rel/overlay/etc/default.ini +++ b/rel/overlay/etc/default.ini @@ -118,6 +118,7 @@ backlog = 512 socket_options = [{sndbuf, 262144}, {nodelay, true}] server_options = [{recbuf, undefined}] require_valid_user = false +; require_valid_user_except_for_up = false ; List of headers that will be kept when the header Prefer: return=minimal is included in a request. ; If Server header is left out, Mochiweb will add its own one in. prefer_minimal = Cache-Control, Content-Length, Content-Range, Content-Type, ETag, Server, Transfer-Encoding, Vary diff --git a/src/couch/src/couch_httpd_auth.erl b/src/couch/src/couch_httpd_auth.erl index b5195349b..515ce6132 100644 --- a/src/couch/src/couch_httpd_auth.erl +++ b/src/couch/src/couch_httpd_auth.erl @@ -88,6 +88,11 @@ basic_name_pw(Req) -> default_authentication_handler(Req) -> default_authentication_handler(Req, couch_auth_cache). +default_authentication_handler(#httpd{path_parts=[<<"_up">>]}=Req, AuthModule) -> + case config:get_boolean("chttpd", "require_valid_user_except_for_up", false) of + true -> Req#httpd{user_ctx=?ADMIN_USER}; + _False -> default_authentication_handler(Req, AuthModule) + end; default_authentication_handler(Req, AuthModule) -> case basic_name_pw(Req) of {User, Pass} -> |