This is an automated email from the ASF dual-hosted git repository.
rnewson pushed a commit to branch admin-2fa
in repository https://gitbox.apache.org/repos/asf/couchdb.git
commit 6c20d26c26c6e77b5c73a0e4c4a20f932069011a
Author: Robert Newson <rnew...@apache.org>
AuthorDate: Mon Mar 23 00:15:30 2020 +0000
enable totp with basic auth
---
src/couch/src/couch_httpd_auth.erl | 26 +++++++++++++++-----------
1 file changed, 15 insertions(+), 11 deletions(-)
diff --git a/src/couch/src/couch_httpd_auth.erl
b/src/couch/src/couch_httpd_auth.erl
index c91b6d6..70a10e8 100644
--- a/src/couch/src/couch_httpd_auth.erl
+++ b/src/couch/src/couch_httpd_auth.erl
@@ -97,10 +97,22 @@ default_authentication_handler(Req, AuthModule) ->
nil ->
throw({unauthorized, <<"Name or password is incorrect.">>});
{ok, UserProps, _AuthCtx} ->
- reject_if_totp(UserProps),
UserName = ?l2b(User),
- Password = ?l2b(Pass),
- case authenticate(Password, UserProps) of
+ Authenticated = case get_totp_config(UserProps) of
+ undefined ->
+ authenticate(?l2b(Pass), UserProps);
+ _TOTP ->
+ Len = couch_util:get_value(<<"length">>, UserProps, 6),
+ case ?l2b(Pass) of
+ <<Token:Len/binary, Password/binary>> ->
+ PasswordRight = authenticate(Password,
UserProps),
+ verify_totp(UserProps, Token),
+ PasswordRight;
+ _ ->
+ false
+ end
+ end,
+ case Authenticated of
true ->
Req#httpd{user_ctx=#user_ctx{
name=UserName,
@@ -493,14 +505,6 @@ same_site() ->
end.
-reject_if_totp(User) ->
- case get_totp_config(User) of
- undefined ->
- ok;
- _ ->
- throw({unauthorized, <<"Name or password is incorrect.">>})
- end.
-
verify_totp(User, Token) when is_list(Token) ->
verify_totp(User, ?l2b(Token));
verify_totp(User, Token) when is_binary(Token) ->
