summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/couchdb/couch_db.hrl3
-rw-r--r--src/couchdb/couch_httpd.erl2
-rw-r--r--src/couchdb/couch_httpd_auth.erl22
-rw-r--r--src/couchdb/couch_httpd_db.erl1
-rw-r--r--src/couchdb/couch_httpd_oauth.erl2
-rw-r--r--src/couchdb/couch_server.erl1
6 files changed, 18 insertions, 13 deletions
diff --git a/src/couchdb/couch_db.hrl b/src/couchdb/couch_db.hrl
index 17917312..99ef8997 100644
--- a/src/couchdb/couch_db.hrl
+++ b/src/couchdb/couch_db.hrl
@@ -110,7 +110,8 @@
{
name=null,
roles=[],
- handler
+ handler,
+ user_doc
}).
% This should be updated anytime a header change happens that requires more
diff --git a/src/couchdb/couch_httpd.erl b/src/couchdb/couch_httpd.erl
index d6af4f29..252ecdb7 100644
--- a/src/couchdb/couch_httpd.erl
+++ b/src/couchdb/couch_httpd.erl
@@ -233,7 +233,7 @@ authenticate_request(#httpd{} = Req, [AuthSrc|Rest]) ->
AuthFun = make_arity_1_fun(AuthSrc),
R = case AuthFun(Req) of
#httpd{user_ctx=#user_ctx{}=UserCtx}=Req2 ->
- Req2#httpd{user_ctx=UserCtx#user_ctx{handler=AuthSrc}};
+ Req2#httpd{user_ctx=UserCtx#user_ctx{handler=?l2b(AuthSrc)}};
Else -> Else
end,
authenticate_request(R, Rest);
diff --git a/src/couchdb/couch_httpd_auth.erl b/src/couchdb/couch_httpd_auth.erl
index 95d57d21..554886ca 100644
--- a/src/couchdb/couch_httpd_auth.erl
+++ b/src/couchdb/couch_httpd_auth.erl
@@ -75,7 +75,8 @@ default_authentication_handler(Req) ->
ExpectedHash when ExpectedHash == PasswordHash ->
Req#httpd{user_ctx=#user_ctx{
name=?l2b(User),
- roles=proplists:get_value(<<"roles">>, UserProps, [])
+ roles=proplists:get_value(<<"roles">>, UserProps, []),
+ user_doc={UserProps}
}};
_Else ->
throw({unauthorized, <<"Name or password is incorrect.">>})
@@ -114,8 +115,9 @@ get_user(UserName) ->
UserProps when is_list(UserProps) ->
DocRoles = proplists:get_value(<<"roles">>, UserProps),
[{<<"roles">>, [<<"_admin">> | DocRoles]},
- {<<"salt">>, ?l2b(Salt)},
- {<<"password_sha">>, ?l2b(HashedPwd)}]
+ {<<"salt">>, ?l2b(Salt)},
+ {<<"password_sha">>, ?l2b(HashedPwd)},
+ {<<"user_doc">>, {UserProps}}]
end;
Else ->
get_user_props_from_db(UserName)
@@ -250,8 +252,8 @@ cookie_authentication_handler(#httpd{mochi_req=MochiReq}=Req) ->
Secret = ?l2b(SecretStr),
case get_user(?l2b(User)) of
nil -> Req;
- Result ->
- UserSalt = proplists:get_value(<<"salt">>, Result, <<"">>),
+ UserProps ->
+ UserSalt = proplists:get_value(<<"salt">>, UserProps, <<"">>),
FullSecret = <<Secret/binary, UserSalt/binary>>,
ExpectedHash = crypto:sha_mac(FullSecret, User ++ ":" ++ TimeStr),
Hash = ?l2b(string:join(HashParts, ":")),
@@ -264,7 +266,8 @@ cookie_authentication_handler(#httpd{mochi_req=MochiReq}=Req) ->
?LOG_DEBUG("Successful cookie auth as: ~p", [User]),
Req#httpd{user_ctx=#user_ctx{
name=?l2b(User),
- roles=proplists:get_value(<<"roles">>, Result, [])
+ roles=proplists:get_value(<<"roles">>, UserProps, []),
+ user_doc=proplists:get_value(<<"user_doc">>, UserProps, null)
}, auth={FullSecret, TimeLeft < Timeout*0.9}};
_Else ->
Req
@@ -351,7 +354,8 @@ handle_session_req(#httpd{method='POST', mochi_req=MochiReq}=Req) ->
{[
{ok, true},
{name, proplists:get_value(<<"username">>, User, null)},
- {roles, proplists:get_value(<<"roles">>, User, [])}
+ {roles, proplists:get_value(<<"roles">>, User, [])},
+ {user_doc, proplists:get_value(<<"user_doc">>, User, null)}
]});
_Else ->
% clear the session
@@ -375,7 +379,7 @@ handle_session_req(#httpd{method='GET', user_ctx=UserCtx}=Req) ->
{handlers, [?l2b(H) || H <- couch_httpd:make_fun_spec_strs(
couch_config:get("httpd", "authentication_handlers"))]}
] ++ maybe_value(authenticated, UserCtx#user_ctx.handler)}}
- ]})
+ ] ++ maybe_value(user_doc, UserCtx#user_ctx.user_doc)})
end;
% logout by deleting the session
handle_session_req(#httpd{method='DELETE'}=Req) ->
@@ -391,7 +395,7 @@ handle_session_req(Req) ->
send_method_not_allowed(Req, "GET,HEAD,POST,DELETE").
maybe_value(Key, undefined) -> [];
-maybe_value(Key, Else) -> [{Key, ?l2b(Else)}].
+maybe_value(Key, Else) -> [{Key, Else}].
to_int(Value) when is_binary(Value) ->
to_int(?b2l(Value));
diff --git a/src/couchdb/couch_httpd_db.erl b/src/couchdb/couch_httpd_db.erl
index c7e127c2..9233e953 100644
--- a/src/couchdb/couch_httpd_db.erl
+++ b/src/couchdb/couch_httpd_db.erl
@@ -328,6 +328,7 @@ delete_db_req(#httpd{user_ctx=UserCtx}=Req, DbName) ->
do_db_req(#httpd{user_ctx=UserCtx,path_parts=[DbName|_]}=Req, Fun) ->
LDbName = ?b2l(DbName),
+ % I hope this lookup is cheap.
case couch_config:get("couch_httpd_auth", "authentication_db") of
LDbName ->
% make sure user's db always has the auth ddoc
diff --git a/src/couchdb/couch_httpd_oauth.erl b/src/couchdb/couch_httpd_oauth.erl
index ab786162..ddf84008 100644
--- a/src/couchdb/couch_httpd_oauth.erl
+++ b/src/couchdb/couch_httpd_oauth.erl
@@ -36,7 +36,7 @@ oauth_authentication_handler(#httpd{mochi_req=MochiReq}=Req) ->
% Look up the consumer key and get the roles to give the consumer
set_user_ctx(Req, AccessToken) ->
- % weird that this is in the config and not a db
+ % TODO move to db storage
Name = case couch_config:get("oauth_token_users", AccessToken) of
undefined -> throw({bad_request, unknown_oauth_token});
Value -> ?l2b(Value)
diff --git a/src/couchdb/couch_server.erl b/src/couchdb/couch_server.erl
index 4c04bca7..afdf9365 100644
--- a/src/couchdb/couch_server.erl
+++ b/src/couchdb/couch_server.erl
@@ -79,7 +79,6 @@ check_dbname(#server{dbname_regexp=RegExp}, DbName) ->
ok
end.
-% move to auth?
is_admin(User, ClearPwd) ->
case couch_config:get("admins", User) of
"-hashed-" ++ HashedPwdAndSalt ->