diff options
-rw-r--r-- | etc/couchdb/default.ini.tpl.in | 1 | ||||
-rw-r--r-- | share/www/script/test/security_validation.js | 13 | ||||
-rw-r--r-- | src/couchdb/couch_httpd_misc_handlers.erl | 21 |
3 files changed, 34 insertions, 1 deletions
diff --git a/etc/couchdb/default.ini.tpl.in b/etc/couchdb/default.ini.tpl.in index 917d1822..cfe27422 100644 --- a/etc/couchdb/default.ini.tpl.in +++ b/etc/couchdb/default.ini.tpl.in @@ -62,6 +62,7 @@ _restart = {couch_httpd_misc_handlers, handle_restart_req} _stats = {couch_httpd_stats_handlers, handle_stats_req} _log = {couch_httpd_misc_handlers, handle_log_req} _sleep = {couch_httpd_misc_handlers, handle_sleep_req} +_whoami = {couch_httpd_misc_handlers, handle_whoami_req} [httpd_db_handlers] _compact = {couch_httpd_db, handle_compact_req} diff --git a/share/www/script/test/security_validation.js b/share/www/script/test/security_validation.js index a41d8d70..1c185c01 100644 --- a/share/www/script/test/security_validation.js +++ b/share/www/script/test/security_validation.js @@ -60,6 +60,11 @@ couchTests.security_validation = function(debug) { T(wrongPasswordDb.last_req.status == 401); } + // test force_login=true. + var resp = wrongPasswordDb.request("GET", "/_whoami?force_login=true"); + var err = JSON.parse(resp.responseText); + T(err.error == "unauthorized"); + T(resp.status == 401); // Create the design doc that will run custom validation code var designDoc = { @@ -99,6 +104,14 @@ couchTests.security_validation = function(debug) { T(userDb.save(designDoc).ok); + // test the _whoami endpoint + var resp = userDb.request("GET", "/_whoami"); + var user = JSON.parse(resp.responseText) + T(user.name == "Damien Katz"); + // test that the roles are listed properly + TEquals(user.roles, []); + + // update the document var doc = userDb.open("testdoc"); doc.foo=2; diff --git a/src/couchdb/couch_httpd_misc_handlers.erl b/src/couchdb/couch_httpd_misc_handlers.erl index 36dfa0ac..a49bbef6 100644 --- a/src/couchdb/couch_httpd_misc_handlers.erl +++ b/src/couchdb/couch_httpd_misc_handlers.erl @@ -15,7 +15,7 @@ -export([handle_welcome_req/2,handle_favicon_req/2,handle_utils_dir_req/2, handle_all_dbs_req/1,handle_replicate_req/1,handle_restart_req/1, handle_uuids_req/1,handle_config_req/1,handle_log_req/1, - handle_task_status_req/1,handle_sleep_req/1]). + handle_task_status_req/1,handle_sleep_req/1,handle_whoami_req/1]). -export([increment_update_seq_req/2]). @@ -216,3 +216,22 @@ handle_log_req(#httpd{method='GET'}=Req) -> send_chunk(Resp, ""); handle_log_req(Req) -> send_method_not_allowed(Req, "GET"). + + +% whoami handler +handle_whoami_req(#httpd{method='GET', user_ctx=UserCtx}=Req) -> + Name = UserCtx#user_ctx.name, + Roles = UserCtx#user_ctx.roles, + ForceLogin = couch_httpd:qs_value(Req, "force_login", "false"), + case {Name, ForceLogin} of + {null, "true"} -> + throw({unauthorized, <<"Please login.">>}); + _False -> ok + end, + send_json(Req, {[ + {ok, true}, + {name, Name}, + {roles, Roles} + ]}); +handle_whoami_req(Req) -> + send_method_not_allowed(Req, "GET"). |