From 3c32073065286f57835323a7f97a3958a8021dec Mon Sep 17 00:00:00 2001
From: Adam Kocoloski <kocolosk@apache.org>
Date: Wed, 30 Sep 2009 22:00:41 +0000
Subject: more OAuth fixes, in particular for requests with query-string
 parameters

git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@820469 13f79535-47bb-0310-9956-ffa450edef68
---
 share/www/script/test/oauth.js  | 40 ++++++++++++++++++++++++++++++++--------
 src/couchdb/couch_rep_httpc.erl | 18 +++++++++++-------
 2 files changed, 43 insertions(+), 15 deletions(-)

diff --git a/share/www/script/test/oauth.js b/share/www/script/test/oauth.js
index ebe817b2..6d8498a6 100644
--- a/share/www/script/test/oauth.js
+++ b/share/www/script/test/oauth.js
@@ -52,7 +52,7 @@ couchTests.oauth = function(debug) {
         });
       }
     } else {
-      return CouchDB.request("GET", path, {
+      return CouchDB.request(method, path, {
         headers: {Authorization: OAuth.getAuthorizationHeader('', parameters)}
       });
     }
@@ -63,6 +63,11 @@ couchTests.oauth = function(debug) {
   var admintokenSecret = generateSecret(64);
   var testadminPassword = "ohsosecret";
 
+  var adminBasicAuthHeaderValue = function() {
+    var retval = 'Basic ' + binb2b64(str2binb("testadmin:" + testadminPassword));
+    return retval;
+  }
+
   var host = CouchDB.host;
   var dbPair = {
     source: {
@@ -76,14 +81,12 @@ couchTests.oauth = function(debug) {
         }
       }
     },
-    target: "http://" + host + "/test_suite_db_b"
+    target: {
+      url: "http://" + host + "/test_suite_db_b",
+      headers: {"Authorization": adminBasicAuthHeaderValue()}
+    }
   };
 
-  var adminBasicAuthHeaderValue = function() {
-    var retval = 'Basic ' + binb2b64(str2binb("testadmin:" + testadminPassword));
-    return retval;
-  }
-
   // this function will be called on the modified server
   var testFun = function () {
     try {
@@ -92,6 +95,16 @@ couchTests.oauth = function(debug) {
         body: JSON.stringify(testadminPassword)
       });
 
+      CouchDB.request("GET", "/_sleep?time=50");
+
+      CouchDB.request("PUT", "http://" + host + "/_config/couch_httpd_auth/require_valid_user", {
+        headers: {
+          "X-Couch-Persist": "false",
+          "Authorization": adminBasicAuthHeaderValue()
+        },
+        body: JSON.stringify("true")
+      });
+
       var usersDb = new CouchDB("test_suite_users", {
         "X-Couch-Full-Commit":"false",
         "Authorization": adminBasicAuthHeaderValue()
@@ -157,7 +170,9 @@ couchTests.oauth = function(debug) {
           T(xhr.status == expectedCode);
 
           // Replication
-          var result = CouchDB.replicate(dbPair.source, dbPair.target);
+          var result = CouchDB.replicate(dbPair.source, dbPair.target, {
+            headers: {"Authorization": adminBasicAuthHeaderValue()}
+          });
           T(result.ok);
 
           // Test auth via admin user defined in .ini
@@ -179,6 +194,15 @@ couchTests.oauth = function(debug) {
         }
       }
     } finally {
+      var xhr = CouchDB.request("PUT", "http://" + host + "/_config/couch_httpd_auth/require_valid_user", {
+        headers: {
+          "Authorization": adminBasicAuthHeaderValue(),
+          "X-Couch-Persist": "false"
+        },
+        body: JSON.stringify("false")
+      });
+      T(xhr.status == 200);
+
       var xhr = CouchDB.request("DELETE", "http://" + host + "/_config/admins/testadmin", {
         headers: {
           "Authorization": adminBasicAuthHeaderValue(),
diff --git a/src/couchdb/couch_rep_httpc.erl b/src/couchdb/couch_rep_httpc.erl
index 35334225..b714be6b 100644
--- a/src/couchdb/couch_rep_httpc.erl
+++ b/src/couchdb/couch_rep_httpc.erl
@@ -26,18 +26,19 @@ do_request(#http_db{url=Url} = Req) when is_binary(Url) ->
 do_request(Req) ->
     #http_db{
         auth = Auth,
+        body = B,
+        conn = Conn,
         headers = Headers0,
         method = Method,
-        body = B,
         options = Opts,
-        conn = Conn
+        qs = QS
     } = Req,
     Url = full_url(Req),
     Headers = case proplists:get_value(<<"oauth">>, Auth) of
     undefined ->
         Headers0;
     {OAuthProps} ->
-        [oauth_header(Url, Method, OAuthProps) | Headers0]
+        [oauth_header(Url, QS, Method, OAuthProps) | Headers0]
     end,
     Body = case B of
     {Fun, InitialState} when is_function(Fun) ->
@@ -68,7 +69,7 @@ db_exists(Req, CanonicalUrl) ->
     undefined ->
         Headers0;
     {OAuthProps} ->
-        [oauth_header(Url, get, OAuthProps) | Headers0]
+        [oauth_header(Url, [], head, OAuthProps) | Headers0]
     end,
     case catch ibrowse:send_req(Url, Headers, head) of
     {ok, "200", _, _} ->
@@ -177,7 +178,8 @@ maybe_decompress(Headers, Body) ->
         Body
     end.
 
-oauth_header(Url, Action, Props) ->
+oauth_header(Url, QS, Action, Props) ->
+    QSL = [{couch_util:to_list(K), couch_util:to_list(V)} || {K,V} <- QS],
     ConsumerKey = ?b2l(proplists:get_value(<<"consumer_key">>, Props)),
     Token = ?b2l(proplists:get_value(<<"token">>, Props)),
     TokenSecret = ?b2l(proplists:get_value(<<"token_secret">>, Props)),
@@ -186,7 +188,9 @@ oauth_header(Url, Action, Props) ->
     Method = case Action of
         get -> "GET";
         post -> "POST";
-        put -> "PUT"
+        put -> "PUT";
+        head -> "HEAD"
     end,
-    Params = oauth:signed_params(Method, Url, [], Consumer, Token, TokenSecret),
+    Params = oauth:signed_params(Method, Url, QSL, Consumer, Token, TokenSecret)
+        -- QSL,
     {"Authorization", "OAuth " ++ oauth_uri:params_to_header_string(Params)}.
-- 
cgit v1.2.3