diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/couchdb/couch_db.hrl | 3 | ||||
-rw-r--r-- | src/couchdb/couch_httpd.erl | 2 | ||||
-rw-r--r-- | src/couchdb/couch_httpd_auth.erl | 22 | ||||
-rw-r--r-- | src/couchdb/couch_httpd_db.erl | 1 | ||||
-rw-r--r-- | src/couchdb/couch_httpd_oauth.erl | 2 | ||||
-rw-r--r-- | src/couchdb/couch_server.erl | 1 |
6 files changed, 18 insertions, 13 deletions
diff --git a/src/couchdb/couch_db.hrl b/src/couchdb/couch_db.hrl index 17917312..99ef8997 100644 --- a/src/couchdb/couch_db.hrl +++ b/src/couchdb/couch_db.hrl @@ -110,7 +110,8 @@ { name=null, roles=[], - handler + handler, + user_doc }). % This should be updated anytime a header change happens that requires more diff --git a/src/couchdb/couch_httpd.erl b/src/couchdb/couch_httpd.erl index d6af4f29..252ecdb7 100644 --- a/src/couchdb/couch_httpd.erl +++ b/src/couchdb/couch_httpd.erl @@ -233,7 +233,7 @@ authenticate_request(#httpd{} = Req, [AuthSrc|Rest]) -> AuthFun = make_arity_1_fun(AuthSrc), R = case AuthFun(Req) of #httpd{user_ctx=#user_ctx{}=UserCtx}=Req2 -> - Req2#httpd{user_ctx=UserCtx#user_ctx{handler=AuthSrc}}; + Req2#httpd{user_ctx=UserCtx#user_ctx{handler=?l2b(AuthSrc)}}; Else -> Else end, authenticate_request(R, Rest); diff --git a/src/couchdb/couch_httpd_auth.erl b/src/couchdb/couch_httpd_auth.erl index 95d57d21..554886ca 100644 --- a/src/couchdb/couch_httpd_auth.erl +++ b/src/couchdb/couch_httpd_auth.erl @@ -75,7 +75,8 @@ default_authentication_handler(Req) -> ExpectedHash when ExpectedHash == PasswordHash -> Req#httpd{user_ctx=#user_ctx{ name=?l2b(User), - roles=proplists:get_value(<<"roles">>, UserProps, []) + roles=proplists:get_value(<<"roles">>, UserProps, []), + user_doc={UserProps} }}; _Else -> throw({unauthorized, <<"Name or password is incorrect.">>}) @@ -114,8 +115,9 @@ get_user(UserName) -> UserProps when is_list(UserProps) -> DocRoles = proplists:get_value(<<"roles">>, UserProps), [{<<"roles">>, [<<"_admin">> | DocRoles]}, - {<<"salt">>, ?l2b(Salt)}, - {<<"password_sha">>, ?l2b(HashedPwd)}] + {<<"salt">>, ?l2b(Salt)}, + {<<"password_sha">>, ?l2b(HashedPwd)}, + {<<"user_doc">>, {UserProps}}] end; Else -> get_user_props_from_db(UserName) @@ -250,8 +252,8 @@ cookie_authentication_handler(#httpd{mochi_req=MochiReq}=Req) -> Secret = ?l2b(SecretStr), case get_user(?l2b(User)) of nil -> Req; - Result -> - UserSalt = proplists:get_value(<<"salt">>, Result, <<"">>), + UserProps -> + UserSalt = proplists:get_value(<<"salt">>, UserProps, <<"">>), FullSecret = <<Secret/binary, UserSalt/binary>>, ExpectedHash = crypto:sha_mac(FullSecret, User ++ ":" ++ TimeStr), Hash = ?l2b(string:join(HashParts, ":")), @@ -264,7 +266,8 @@ cookie_authentication_handler(#httpd{mochi_req=MochiReq}=Req) -> ?LOG_DEBUG("Successful cookie auth as: ~p", [User]), Req#httpd{user_ctx=#user_ctx{ name=?l2b(User), - roles=proplists:get_value(<<"roles">>, Result, []) + roles=proplists:get_value(<<"roles">>, UserProps, []), + user_doc=proplists:get_value(<<"user_doc">>, UserProps, null) }, auth={FullSecret, TimeLeft < Timeout*0.9}}; _Else -> Req @@ -351,7 +354,8 @@ handle_session_req(#httpd{method='POST', mochi_req=MochiReq}=Req) -> {[ {ok, true}, {name, proplists:get_value(<<"username">>, User, null)}, - {roles, proplists:get_value(<<"roles">>, User, [])} + {roles, proplists:get_value(<<"roles">>, User, [])}, + {user_doc, proplists:get_value(<<"user_doc">>, User, null)} ]}); _Else -> % clear the session @@ -375,7 +379,7 @@ handle_session_req(#httpd{method='GET', user_ctx=UserCtx}=Req) -> {handlers, [?l2b(H) || H <- couch_httpd:make_fun_spec_strs( couch_config:get("httpd", "authentication_handlers"))]} ] ++ maybe_value(authenticated, UserCtx#user_ctx.handler)}} - ]}) + ] ++ maybe_value(user_doc, UserCtx#user_ctx.user_doc)}) end; % logout by deleting the session handle_session_req(#httpd{method='DELETE'}=Req) -> @@ -391,7 +395,7 @@ handle_session_req(Req) -> send_method_not_allowed(Req, "GET,HEAD,POST,DELETE"). maybe_value(Key, undefined) -> []; -maybe_value(Key, Else) -> [{Key, ?l2b(Else)}]. +maybe_value(Key, Else) -> [{Key, Else}]. to_int(Value) when is_binary(Value) -> to_int(?b2l(Value)); diff --git a/src/couchdb/couch_httpd_db.erl b/src/couchdb/couch_httpd_db.erl index c7e127c2..9233e953 100644 --- a/src/couchdb/couch_httpd_db.erl +++ b/src/couchdb/couch_httpd_db.erl @@ -328,6 +328,7 @@ delete_db_req(#httpd{user_ctx=UserCtx}=Req, DbName) -> do_db_req(#httpd{user_ctx=UserCtx,path_parts=[DbName|_]}=Req, Fun) -> LDbName = ?b2l(DbName), + % I hope this lookup is cheap. case couch_config:get("couch_httpd_auth", "authentication_db") of LDbName -> % make sure user's db always has the auth ddoc diff --git a/src/couchdb/couch_httpd_oauth.erl b/src/couchdb/couch_httpd_oauth.erl index ab786162..ddf84008 100644 --- a/src/couchdb/couch_httpd_oauth.erl +++ b/src/couchdb/couch_httpd_oauth.erl @@ -36,7 +36,7 @@ oauth_authentication_handler(#httpd{mochi_req=MochiReq}=Req) -> % Look up the consumer key and get the roles to give the consumer set_user_ctx(Req, AccessToken) -> - % weird that this is in the config and not a db + % TODO move to db storage Name = case couch_config:get("oauth_token_users", AccessToken) of undefined -> throw({bad_request, unknown_oauth_token}); Value -> ?l2b(Value) diff --git a/src/couchdb/couch_server.erl b/src/couchdb/couch_server.erl index 4c04bca7..afdf9365 100644 --- a/src/couchdb/couch_server.erl +++ b/src/couchdb/couch_server.erl @@ -79,7 +79,6 @@ check_dbname(#server{dbname_regexp=RegExp}, DbName) -> ok end. -% move to auth? is_admin(User, ClearPwd) -> case couch_config:get("admins", User) of "-hashed-" ++ HashedPwdAndSalt -> |