[couchdb] 01/01: Improve credential stripping for replication document reads

Thu, 12 Sep 2019 09:57:01 -0700 

This is an automated email from the ASF dual-hosted git repository.

vatamane pushed a commit to branch mask-auth-field-on-non-owner-read
in repository https://gitbox.apache.org/repos/asf/couchdb.git

commit 24b8c3bc81aeb2fad1a6734bde118a6ecd3b544f
Author: Nick Vatamaniuc <vatam...@apache.org>
AuthorDate: Thu Sep 12 12:53:30 2019 -0400

    Improve credential stripping for replication document reads
    
    Allow a special field for plugin writers to stash endpoint credentials, 
which
    gets the same treatment as headers and user:pass combinations for already
    existing plugins (session, noop aka basic auth).
    
    Instead of complicating the plugin API, use a simpler convenction of just
    calling it "auth" for now.
---
 src/couch_replicator/src/couch_replicator_auth.erl |  6 ++++++
 src/couch_replicator/src/couch_replicator_docs.erl | 12 ++++++++++--
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/src/couch_replicator/src/couch_replicator_auth.erl 
b/src/couch_replicator/src/couch_replicator_auth.erl
index 7f51cdd..272e10a 100644
--- a/src/couch_replicator/src/couch_replicator_auth.erl
+++ b/src/couch_replicator/src/couch_replicator_auth.erl
@@ -33,6 +33,12 @@
 
 % Behavior API
 
+% Note for plugin developers: consider using the "auth" field in the source and
+% target objects to store credentials. In that case non-owner and non-admin
+% users will have those credentials stripped when they read the replication
+% document, which mimicks the behavior for "headers" and user and pass fields
+% in endpoint URLs".
+
 -callback initialize(#httpdb{}) ->
     {ok, #httpdb{}, term()} | {error, term()} | ignore.
 
diff --git a/src/couch_replicator/src/couch_replicator_docs.erl 
b/src/couch_replicator/src/couch_replicator_docs.erl
index 2d6db1b..81685cd 100644
--- a/src/couch_replicator/src/couch_replicator_docs.erl
+++ b/src/couch_replicator/src/couch_replicator_docs.erl
@@ -683,8 +683,12 @@ strip_credentials(Url) when is_binary(Url) ->
         "http(s)?://(?:[^:]+):[^@]+@(.*)$",
         "http\\1://\\2",
         [{return, binary}]);
-strip_credentials({Props}) ->
-    {lists:keydelete(<<"headers">>, 1, Props)}.
+strip_credentials({Props0}) ->
+    Props1 = lists:keydelete(<<"headers">>, 1, Props0),
+    % Strip "auth" just like headers, for replication plugins it can be a place
+    % to stash credential that are not necessarily in headers
+    Props2 = lists:keydelete(<<"auth">>, 1, Props1),
+    {Props2}.
 
 
 error_reason({shutdown, Error}) ->
@@ -773,6 +777,10 @@ check_strip_credentials_test() ->
         {
             {[{<<"_id">>, <<"foo">>}]},
             {[{<<"_id">>, <<"foo">>}, {<<"headers">>, <<"baz">>}]}
+        },
+        {
+            {[{<<"_id">>, <<"foo">>}]},
+            {[{<<"_id">>, <<"foo">>}, {<<"auth">>, <<"pluginsecret">>}]}
         }
     ]].

Reply via email to