diff options
Diffstat (limited to 'share/www/script')
-rw-r--r-- | share/www/script/couch_tests.js | 1 | ||||
-rw-r--r-- | share/www/script/futon.browse.js | 26 | ||||
-rw-r--r-- | share/www/script/jquery.couch.js | 19 | ||||
-rw-r--r-- | share/www/script/test/reader_acl.js | 95 | ||||
-rw-r--r-- | share/www/script/test/security_validation.js | 38 |
5 files changed, 175 insertions, 4 deletions
diff --git a/share/www/script/couch_tests.js b/share/www/script/couch_tests.js index 6f1acf83..04253c58 100644 --- a/share/www/script/couch_tests.js +++ b/share/www/script/couch_tests.js @@ -63,6 +63,7 @@ loadScript("script/oauth.js"); loadScript("script/sha1.js"); loadTest("oauth.js"); loadTest("purge.js"); +loadTest("reader_acl.js"); loadTest("recreate_doc.js"); loadTest("reduce.js"); loadTest("reduce_builtin.js"); diff --git a/share/www/script/futon.browse.js b/share/www/script/futon.browse.js index 31e979bb..ade16b20 100644 --- a/share/www/script/futon.browse.js +++ b/share/www/script/futon.browse.js @@ -178,6 +178,32 @@ } }); } + + this.databaseSecurity = function() { + $.showDialog("dialog/_database_security.html", { + load : function(d) { + ["admin", "reader"].forEach(function(key) { + db.getDbProperty("_"+key+"s", { + success : function(r) { + $("input[name="+key+"_names]",d).val(JSON.stringify(r.names||[])); + $("input[name="+key+"_roles]",d).val(JSON.stringify(r.roles||[])); + } + }); + }); + }, + // maybe this should be 2 forms + submit: function(data, callback) { + ["admin", "reader"].forEach(function(key) { + var new_value = { + names : JSON.parse(data[key+"_names"]), + roles : JSON.parse(data[key+"_roles"]) + }; + db.setDbProperty("_"+key+"s", new_value); + }); + callback(); + } + }); + } this.populateViewEditor = function() { if (viewName.match(/^_design\//)) { diff --git a/share/www/script/jquery.couch.js b/share/www/script/jquery.couch.js index 0dcadc99..7eeaefc7 100644 --- a/share/www/script/jquery.couch.js +++ b/share/www/script/jquery.couch.js @@ -371,6 +371,25 @@ }, options, "An error occurred accessing the view" ); + }, + getDbProperty: function(propName, options, ajaxOptions) { + ajax({url: this.uri + propName + encodeOptions(options)}, + options, + "The property could not be retrieved", + ajaxOptions + ); + }, + + setDbProperty: function(propName, propValue, options, ajaxOptions) { + ajax({ + type: "PUT", + url: this.uri + propName + encodeOptions(options), + data : JSON.stringify(propValue) + }, + options, + "The property could not be updated", + ajaxOptions + ); } }; }, diff --git a/share/www/script/test/reader_acl.js b/share/www/script/test/reader_acl.js new file mode 100644 index 00000000..58f3d001 --- /dev/null +++ b/share/www/script/test/reader_acl.js @@ -0,0 +1,95 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); you may not +// use this file except in compliance with the License. You may obtain a copy +// of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +// License for the specific language governing permissions and limitations under +// the License. + +couchTests.reader_acl = function(debug) { + // this tests read access control + + var usersDb = new CouchDB("test_suite_users", {"X-Couch-Full-Commit":"false"}); + var secretDb = new CouchDB("test_suite_db", {"X-Couch-Full-Commit":"false"}); + function testFun() { + try { + usersDb.deleteDb(); + usersDb.createDb(); + secretDb.deleteDb(); + secretDb.createDb(); + + // create a user with top-secret-clearance + var jchrisUserDoc = CouchDB.prepareUserDoc({ + name: "jchris@apache.org", + roles : ["top-secret"] + }, "funnybone"); + T(usersDb.save(jchrisUserDoc).ok); + + T(CouchDB.session().userCtx.name == null); + + // set secret db to be read controlled + T(secretDb.save({_id:"baz",foo:"bar"}).ok); + T(secretDb.open("baz").foo == "bar"); + + T(secretDb.setDbProperty("_readers", { + roles : ["super-secret-club"], + names : ["joe","barb"]}).ok); + // can't read it as jchris + T(CouchDB.login("jchris@apache.org", "funnybone").ok); + T(CouchDB.session().userCtx.name == "jchris@apache.org"); + + try { + secretDb.open("baz"); + T(false && "can't open a doc from a secret db") ; + } catch(e) { + T(true) + } + + CouchDB.logout(); + + // admin now adds the top-secret role to the db's readers + T(CouchDB.session().userCtx.roles.indexOf("_admin") != -1); + + T(secretDb.setDbProperty("_readers", { + roles : ["super-secret-club", "top-secret"], + names : ["joe","barb"]}).ok); + + // now top-secret users can read it + T(secretDb.open("baz").foo == "bar"); + T(CouchDB.login("jchris@apache.org", "funnybone").ok); + T(secretDb.open("baz").foo == "bar"); + + CouchDB.logout(); + + // can't set non string reader names or roles + try { + T(!secretDb.setDbProperty("_readers", { + roles : ["super-secret-club", {"top-secret":"awesome"}], + names : ["joe","barb"]}).ok); + T(false && "only string roles"); + } catch (e) {} + + try { + T(!secretDb.setDbProperty("_readers", { + roles : ["super-secret-club", "top-secret"], + names : ["joe",22]}).ok); + T(false && "only string names"); + } catch (e) {} + } finally { + CouchDB.logout(); + } + } + + run_on_modified_server( + [{section: "httpd", + key: "authentication_handlers", + value: "{couch_httpd_auth, cookie_authentication_handler}, {couch_httpd_auth, default_authentication_handler}"}, + {section: "couch_httpd_auth", + key: "authentication_db", value: "test_suite_users"}], + testFun + ); +} diff --git a/share/www/script/test/security_validation.js b/share/www/script/test/security_validation.js index 43968426..9ecb9ba0 100644 --- a/share/www/script/test/security_validation.js +++ b/share/www/script/test/security_validation.js @@ -69,7 +69,13 @@ couchTests.security_validation = function(debug) { var designDoc = { _id:"_design/test", language: "javascript", - validate_doc_update: "(" + (function (newDoc, oldDoc, userCtx) { + validate_doc_update: "(" + (function (newDoc, oldDoc, userCtx, secObj) { + if (secObj.admin_override) { + if (userCtx.roles.indexOf('_admin') != -1) { + // user is admin, they can do anything + return true; + } + } // docs should have an author field. if (!newDoc._deleted && !newDoc.author) { throw {forbidden: @@ -99,11 +105,11 @@ couchTests.security_validation = function(debug) { } // set user as the admin - T(db.setDbProperty("_admins", ["Damien Katz"]).ok); + T(db.setDbProperty("_admins", {names : ["Damien Katz"]}).ok); T(userDb.save(designDoc).ok); - // test the _whoami endpoint + // test the _session API var resp = userDb.request("GET", "/_session"); var user = JSON.parse(resp.responseText).userCtx; T(user.name == "Damien Katz"); @@ -158,6 +164,31 @@ couchTests.security_validation = function(debug) { T(e.error == "unauthorized"); T(userDb.last_req.status == 401); } + + // admin must save with author field unless admin override + var resp = db.request("GET", "/_session"); + var user = JSON.parse(resp.responseText).userCtx; + T(user.name == null); + // test that we are admin + TEquals(user.roles, ["_admin"]); + + // can't save the doc even though we are admin + var doc = db.open("testdoc"); + doc.foo=3; + try { + db.save(doc); + T(false && "Can't get here. Should have thrown an error 3"); + } catch (e) { + T(e.error == "unauthorized"); + T(db.last_req.status == 401); + } + + // now turn on admin override + T(db.setDbProperty("_security", {admin_override : true}).ok); + T(db.save(doc).ok); + + // go back to normal + T(db.setDbProperty("_security", {admin_override : false}).ok); // Now delete document T(user2Db.deleteDoc(doc).ok); @@ -188,7 +219,6 @@ couchTests.security_validation = function(debug) { T(db.open("booboo") == null); T(db.open("foofoo") == null); - // Now test replication var AuthHeaders = {"WWW-Authenticate": "X-Couch-Test-Auth Christopher Lenz:dog food"}; var host = CouchDB.host; |