This is an automated email from the ASF dual-hosted git repository. vatamane pushed a commit to branch mask-auth-field-on-non-owner-read in repository https://gitbox.apache.org/repos/asf/couchdb.git
commit 24b8c3bc81aeb2fad1a6734bde118a6ecd3b544f Author: Nick Vatamaniuc <vatam...@apache.org> AuthorDate: Thu Sep 12 12:53:30 2019 -0400 Improve credential stripping for replication document reads Allow a special field for plugin writers to stash endpoint credentials, which gets the same treatment as headers and user:pass combinations for already existing plugins (session, noop aka basic auth). Instead of complicating the plugin API, use a simpler convenction of just calling it "auth" for now. --- src/couch_replicator/src/couch_replicator_auth.erl | 6 ++++++ src/couch_replicator/src/couch_replicator_docs.erl | 12 ++++++++++-- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/src/couch_replicator/src/couch_replicator_auth.erl b/src/couch_replicator/src/couch_replicator_auth.erl index 7f51cdd..272e10a 100644 --- a/src/couch_replicator/src/couch_replicator_auth.erl +++ b/src/couch_replicator/src/couch_replicator_auth.erl @@ -33,6 +33,12 @@ % Behavior API +% Note for plugin developers: consider using the "auth" field in the source and +% target objects to store credentials. In that case non-owner and non-admin +% users will have those credentials stripped when they read the replication +% document, which mimicks the behavior for "headers" and user and pass fields +% in endpoint URLs". + -callback initialize(#httpdb{}) -> {ok, #httpdb{}, term()} | {error, term()} | ignore. diff --git a/src/couch_replicator/src/couch_replicator_docs.erl b/src/couch_replicator/src/couch_replicator_docs.erl index 2d6db1b..81685cd 100644 --- a/src/couch_replicator/src/couch_replicator_docs.erl +++ b/src/couch_replicator/src/couch_replicator_docs.erl @@ -683,8 +683,12 @@ strip_credentials(Url) when is_binary(Url) -> "http(s)?://(?:[^:]+):[^@]+@(.*)$", "http\\1://\\2", [{return, binary}]); -strip_credentials({Props}) -> - {lists:keydelete(<<"headers">>, 1, Props)}. +strip_credentials({Props0}) -> + Props1 = lists:keydelete(<<"headers">>, 1, Props0), + % Strip "auth" just like headers, for replication plugins it can be a place + % to stash credential that are not necessarily in headers + Props2 = lists:keydelete(<<"auth">>, 1, Props1), + {Props2}. error_reason({shutdown, Error}) -> @@ -773,6 +777,10 @@ check_strip_credentials_test() -> { {[{<<"_id">>, <<"foo">>}]}, {[{<<"_id">>, <<"foo">>}, {<<"headers">>, <<"baz">>}]} + }, + { + {[{<<"_id">>, <<"foo">>}]}, + {[{<<"_id">>, <<"foo">>}, {<<"auth">>, <<"pluginsecret">>}]} } ]].