diff options
author | Robert Newson <rnewson@apache.org> | 2013-11-22 22:53:22 +0000 |
---|---|---|
committer | Robert Newson <rnewson@apache.org> | 2013-11-22 22:53:22 +0000 |
commit | 98d08909a24194ef96c49179e326cc1baac71634 (patch) | |
tree | f042cb15a20b5c7876e61c2ab925d9fff608e48b | |
parent | 0216618cbf0b55cd5c60fddc83c07d610603752b (diff) | |
download | couchdb-98d08909a24194ef96c49179e326cc1baac71634.tar.gz |
Validate type of iterations and derived_key if scheme is pbkdf2
-rw-r--r-- | src/couchdb/couch_js_functions.hrl | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/couchdb/couch_js_functions.hrl b/src/couchdb/couch_js_functions.hrl index 774b72457..a48feaeb3 100644 --- a/src/couchdb/couch_js_functions.hrl +++ b/src/couchdb/couch_js_functions.hrl @@ -64,6 +64,15 @@ }); } + if (newDoc.password_scheme === \"pbkdf2\") { + if (typeof(newDoc.iterations) !== \"number\") { + throw({forbidden: \"iterations must be a number.\"}); + } + if (typeof(newDoc.derived_key) !== \"string\") { + throw({forbidden: \"derived_key must be a string.\"}); + } + } + var is_server_or_database_admin = function(userCtx, secObj) { // see if the user is a server admin if(userCtx.roles.indexOf('_admin') !== -1) { |