diff options
author | jiangph <jiangph@cn.ibm.com> | 2019-01-28 10:43:34 +0800 |
---|---|---|
committer | jiangph <jiangph@cn.ibm.com> | 2019-01-29 08:12:39 +0800 |
commit | 13534500a2704240cb0d1d1b3063f7fbf6f386ed (patch) | |
tree | ac1a7c1fa8422a4140d174379b751d7a40375fa4 | |
parent | edcb37288bc2043d8c4d748f4426b6f8fd9d09af (diff) | |
download | couchdb-13534500a2704240cb0d1d1b3063f7fbf6f386ed.tar.gz |
restrict _purge to server adminrestrict-purge-admin
This restrict _purge and _purged_infos_limit to server admin
in terms of the security level required to run them.
Fixes #1799
-rw-r--r-- | src/chttpd/src/chttpd_auth_request.erl | 4 | ||||
-rw-r--r-- | src/chttpd/test/chttpd_security_tests.erl | 61 |
2 files changed, 64 insertions, 1 deletions
diff --git a/src/chttpd/src/chttpd_auth_request.erl b/src/chttpd/src/chttpd_auth_request.erl index f85eb9722..5b4ec84d5 100644 --- a/src/chttpd/src/chttpd_auth_request.erl +++ b/src/chttpd/src/chttpd_auth_request.erl @@ -72,6 +72,10 @@ authorize_request_int(#httpd{path_parts=[_DbName, <<"_view_cleanup">>]}=Req) -> require_db_admin(Req); authorize_request_int(#httpd{path_parts=[_DbName, <<"_sync_shards">>]}=Req) -> require_admin(Req); +authorize_request_int(#httpd{path_parts=[_DbName, <<"_purge">>]}=Req) -> + require_admin(Req); +authorize_request_int(#httpd{path_parts=[_DbName, <<"_purged_infos_limit">>]}=Req) -> + require_admin(Req); authorize_request_int(#httpd{path_parts=[_DbName|_]}=Req) -> db_authorization_check(Req). diff --git a/src/chttpd/test/chttpd_security_tests.erl b/src/chttpd/test/chttpd_security_tests.erl index 12a53acf2..955b4ff01 100644 --- a/src/chttpd/test/chttpd_security_tests.erl +++ b/src/chttpd/test/chttpd_security_tests.erl @@ -110,7 +110,13 @@ all_test_() -> fun should_allow_admin_view_compaction/1, fun should_disallow_anonymous_view_compaction/1, fun should_allow_admin_db_view_cleanup/1, - fun should_disallow_anonymous_db_view_cleanup/1 + fun should_disallow_anonymous_db_view_cleanup/1, + fun should_allow_admin_purge/1, + fun should_disallow_anonymous_purge/1, + fun should_disallow_db_member_purge/1, + fun should_allow_admin_purged_infos_limit/1, + fun should_disallow_anonymous_purged_infos_limit/1, + fun should_disallow_db_member_purged_infos_limit/1 ] } } @@ -228,6 +234,59 @@ should_disallow_anonymous_db_view_cleanup([Url,_UsersUrl]) -> ErrType = couch_util:get_value(<<"error">>, InnerJson), ?_assertEqual(<<"unauthorized">>, ErrType). +should_allow_admin_purge([Url,_UsersUrl]) -> + ?_assertEqual(null, + begin + IdsRevs = "{}", + {ok, _, _, ResultBody} = test_request:post(Url ++ "/_purge", + [?CONTENT_JSON, ?AUTH], IdsRevs), + ResultJson = ?JSON_DECODE(ResultBody), + {InnerJson} = ResultJson, + couch_util:get_value(<<"purge_seq">>, InnerJson, undefined) + end). + +should_disallow_anonymous_purge([Url,_UsersUrl]) -> + {ok, _, _, ResultBody} = test_request:post(Url ++ "/_purge", + [?CONTENT_JSON], ""), + ResultJson = ?JSON_DECODE(ResultBody), + {InnerJson} = ResultJson, + ErrType = couch_util:get_value(<<"error">>, InnerJson), + ?_assertEqual(<<"unauthorized">>, ErrType). + +should_disallow_db_member_purge([Url,_UsersUrl]) -> + {ok, _, _, ResultBody} = test_request:post(Url ++ "/_purge", + [?CONTENT_JSON, ?TEST_MEMBER_AUTH], ""), + ResultJson = ?JSON_DECODE(ResultBody), + {InnerJson} = ResultJson, + ErrType = couch_util:get_value(<<"error">>, InnerJson), + ?_assertEqual(<<"unauthorized">>,ErrType). + +should_allow_admin_purged_infos_limit([Url,_UsersUrl]) -> + ?_assertEqual(true, + begin + {ok, _, _, ResultBody} = test_request:put(Url + ++ "/_purged_infos_limit/", [?CONTENT_JSON, ?AUTH], "2"), + ResultJson = ?JSON_DECODE(ResultBody), + {InnerJson} = ResultJson, + couch_util:get_value(<<"ok">>, InnerJson, undefined) + end). + +should_disallow_anonymous_purged_infos_limit([Url,_UsersUrl]) -> + {ok, _, _, ResultBody} = test_request:put(Url ++ "/_purged_infos_limit/", + [?CONTENT_JSON, ?TEST_MEMBER_AUTH], "2"), + ResultJson = ?JSON_DECODE(ResultBody), + {InnerJson} = ResultJson, + ErrType = couch_util:get_value(<<"error">>, InnerJson), + ?_assertEqual(<<"unauthorized">>, ErrType). + +should_disallow_db_member_purged_infos_limit([Url,_UsersUrl]) -> + {ok, _, _, ResultBody} = test_request:put(Url ++ "/_purged_infos_limit/", + [?CONTENT_JSON, ?TEST_MEMBER_AUTH], "2"), + ResultJson = ?JSON_DECODE(ResultBody), + {InnerJson} = ResultJson, + ErrType = couch_util:get_value(<<"error">>, InnerJson), + ?_assertEqual(<<"unauthorized">>,ErrType). + should_return_ok_for_sec_obj_with_roles([Url,_UsersUrl]) -> SecurityUrl = lists:concat([Url, "/_security"]), SecurityProperties = [ |