summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--etc/couchdb/default.ini.tpl.in1
-rw-r--r--share/www/script/test/security_validation.js13
-rw-r--r--src/couchdb/couch_httpd_misc_handlers.erl21
3 files changed, 34 insertions, 1 deletions
diff --git a/etc/couchdb/default.ini.tpl.in b/etc/couchdb/default.ini.tpl.in
index 917d1822..cfe27422 100644
--- a/etc/couchdb/default.ini.tpl.in
+++ b/etc/couchdb/default.ini.tpl.in
@@ -62,6 +62,7 @@ _restart = {couch_httpd_misc_handlers, handle_restart_req}
_stats = {couch_httpd_stats_handlers, handle_stats_req}
_log = {couch_httpd_misc_handlers, handle_log_req}
_sleep = {couch_httpd_misc_handlers, handle_sleep_req}
+_whoami = {couch_httpd_misc_handlers, handle_whoami_req}
[httpd_db_handlers]
_compact = {couch_httpd_db, handle_compact_req}
diff --git a/share/www/script/test/security_validation.js b/share/www/script/test/security_validation.js
index a41d8d70..1c185c01 100644
--- a/share/www/script/test/security_validation.js
+++ b/share/www/script/test/security_validation.js
@@ -60,6 +60,11 @@ couchTests.security_validation = function(debug) {
T(wrongPasswordDb.last_req.status == 401);
}
+ // test force_login=true.
+ var resp = wrongPasswordDb.request("GET", "/_whoami?force_login=true");
+ var err = JSON.parse(resp.responseText);
+ T(err.error == "unauthorized");
+ T(resp.status == 401);
// Create the design doc that will run custom validation code
var designDoc = {
@@ -99,6 +104,14 @@ couchTests.security_validation = function(debug) {
T(userDb.save(designDoc).ok);
+ // test the _whoami endpoint
+ var resp = userDb.request("GET", "/_whoami");
+ var user = JSON.parse(resp.responseText)
+ T(user.name == "Damien Katz");
+ // test that the roles are listed properly
+ TEquals(user.roles, []);
+
+
// update the document
var doc = userDb.open("testdoc");
doc.foo=2;
diff --git a/src/couchdb/couch_httpd_misc_handlers.erl b/src/couchdb/couch_httpd_misc_handlers.erl
index 36dfa0ac..a49bbef6 100644
--- a/src/couchdb/couch_httpd_misc_handlers.erl
+++ b/src/couchdb/couch_httpd_misc_handlers.erl
@@ -15,7 +15,7 @@
-export([handle_welcome_req/2,handle_favicon_req/2,handle_utils_dir_req/2,
handle_all_dbs_req/1,handle_replicate_req/1,handle_restart_req/1,
handle_uuids_req/1,handle_config_req/1,handle_log_req/1,
- handle_task_status_req/1,handle_sleep_req/1]).
+ handle_task_status_req/1,handle_sleep_req/1,handle_whoami_req/1]).
-export([increment_update_seq_req/2]).
@@ -216,3 +216,22 @@ handle_log_req(#httpd{method='GET'}=Req) ->
send_chunk(Resp, "");
handle_log_req(Req) ->
send_method_not_allowed(Req, "GET").
+
+
+% whoami handler
+handle_whoami_req(#httpd{method='GET', user_ctx=UserCtx}=Req) ->
+ Name = UserCtx#user_ctx.name,
+ Roles = UserCtx#user_ctx.roles,
+ ForceLogin = couch_httpd:qs_value(Req, "force_login", "false"),
+ case {Name, ForceLogin} of
+ {null, "true"} ->
+ throw({unauthorized, <<"Please login.">>});
+ _False -> ok
+ end,
+ send_json(Req, {[
+ {ok, true},
+ {name, Name},
+ {roles, Roles}
+ ]});
+handle_whoami_req(Req) ->
+ send_method_not_allowed(Req, "GET").