summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorAdam Kocoloski <adam@cloudant.com>2010-06-16 15:17:36 -0400
committerAdam Kocoloski <adam@cloudant.com>2010-08-12 11:18:46 -0400
commitb83ece9a18cacddbd98cdf1038a2b40ca9378f16 (patch)
treed2b6e6440e285ddaf37358a3905c9a911d261162 /src
parentb229c6c4ec1e72a1ec7593d5626983e1d2065f67 (diff)
better cookie auth failures. BugzID 1522, BugzID 10157
Diffstat (limited to 'src')
-rw-r--r--src/chttpd.erl5
-rw-r--r--src/chttpd_auth.erl33
2 files changed, 16 insertions, 22 deletions
diff --git a/src/chttpd.erl b/src/chttpd.erl
index 122a98a2..ee55f3e8 100644
--- a/src/chttpd.erl
+++ b/src/chttpd.erl
@@ -100,7 +100,6 @@ handle_request(MochiReq) ->
{ok, Resp} =
try
- erase(cookie_auth_failed),
case authenticate_request(HttpReq, AuthenticationFuns) of
#httpd{} = Req ->
HandlerFun = url_handler(HandlerKey),
@@ -507,8 +506,8 @@ error_info({conflict, _}) ->
{409, <<"conflict">>, <<"Document update conflict.">>};
error_info({forbidden, Msg}) ->
{403, <<"forbidden">>, Msg};
-error_info({credentials_expired, Msg}) ->
- {403, <<"credentials_expired">>, Msg};
+error_info({forbidden, Error, Msg}) ->
+ {403, Error, Msg};
error_info({unauthorized, Msg}) ->
{401, <<"unauthorized">>, Msg};
error_info(file_exists) ->
diff --git a/src/chttpd_auth.erl b/src/chttpd_auth.erl
index 4159b764..b13e12d1 100644
--- a/src/chttpd_auth.erl
+++ b/src/chttpd_auth.erl
@@ -76,17 +76,18 @@ cookie_authentication_handler(#httpd{path_parts=[<<"_session">>],
% ignore any cookies sent with login request
Req;
cookie_authentication_handler(Req) ->
- case cookie_auth_user(Req) of
+ try cookie_auth_user(Req) of
nil ->
Req;
- cookie_auth_failed ->
- put(cookie_auth_failed, true),
- Req#httpd{auth=cookie_auth_failed};
+ {cookie_auth_failed, _} = X ->
+ Req#httpd{auth=X};
Req2 ->
Req2
+ catch error:_ ->
+ Req#httpd{auth={cookie_auth_failed, {invalid_cookie, null}}}
end.
-cookie_auth_header(#httpd{auth=cookie_auth_failed}, Headers) ->
+cookie_auth_header(#httpd{auth={cookie_auth_failed, _}}, Headers) ->
% check for an AuthSession cookie from login handler
CookieHeader = couch_util:get_value("Set-Cookie", Headers, ""),
Cookies = mochiweb_cookies:parse_cookie(CookieHeader),
@@ -113,13 +114,8 @@ cookie_auth_header(#httpd{user_ctx=Ctx, auth={Secret,true}}, Headers) ->
true ->
[]
end;
-cookie_auth_header(Req, Headers) ->
- case get(cookie_auth_failed) of
- true ->
- cookie_auth_header(Req#httpd{auth=cookie_auth_failed}, Headers);
- _ ->
- []
- end.
+cookie_auth_header(_Req, _Headers) ->
+ [].
handle_session_req(#httpd{method='POST', mochi_req=MochiReq, user_ctx=Ctx}=Req) ->
% login
@@ -263,12 +259,12 @@ cookie_auth_user(#httpd{mochi_req=MochiReq}=Req) ->
case couch_config:get("chttpd_auth", "secret") of
undefined ->
?LOG_DEBUG("AuthSession cookie, but no secret in config!", []),
- cookie_auth_failed;
+ {cookie_auth_failed, {internal_server_error, null}};
SecretStr ->
case get_user(User) of
nil ->
- ?LOG_DEBUG("no record of user ~s", [User]),
- cookie_auth_failed;
+ Msg = io_lib:format("no record of user ~s", [User]),
+ {cookie_auth_failed, {bad_user, ?l2b(Msg)}};
Result ->
Secret = ?l2b(SecretStr),
UserSalt = couch_util:get_value(<<"salt">>, Result),
@@ -288,14 +284,13 @@ cookie_auth_user(#httpd{mochi_req=MochiReq}=Req) ->
}, auth={FullSecret, TimeLeft < Timeout*0.9}};
true ->
?LOG_DEBUG("cookie for ~s was expired", [User]),
- put(cookie_auth_failed, true),
Msg = lists:concat(["Your session has expired after ",
Timeout div 60, " minutes of inactivity"]),
- throw({credentials_expired, ?l2b(Msg)})
+ {cookie_auth_failed, {credentials_expired, ?l2b(Msg)}}
end;
_Else ->
- ?LOG_DEBUG("cookie password hash was incorrect", []),
- cookie_auth_failed
+ Msg = <<"cookie password hash was incorrect">>,
+ {cookie_auth_failed, {bad_password, Msg}}
end
end
end