[couchdb] 01/01: Send compatible AuthSession cookie when possible.

Thu, 05 Oct 2023 07:17:53 -0700 

This is an automated email from the ASF dual-hosted git repository.

rnewson pushed a commit to branch send-original-cookie-format
in repository https://gitbox.apache.org/repos/asf/couchdb.git

commit 404ea012864245e0a08ec1189ec24b24b88064bf
Author: Robert Newson <[email protected]>
AuthorDate: Thu Oct 5 10:06:05 2023 +0100

    Send compatible AuthSession cookie when possible.
    
    To smooth cluster upgrades, send the original format of AuthSession cookie 
if
    MustMatchBasic is false (i.e, when generating a Cookie from a successful
    cookie_auth_handler call).
    
    Prior to this (and after 50c69a0c68), during an upgrade, a cookie issued by
    the basic auth handler from an upgraded node will not be parseable by
    not-upgraded nodes.
    
    With this change a cookie issued by the cookie_auth_handler retains its
    original format. Only cookies issued by the default_auth_handler will
    be the new format.
    
    Relates to https://github.com/apache/couchdb/pull/4702
---
 src/couch/src/couch_httpd_auth.erl | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/src/couch/src/couch_httpd_auth.erl 
b/src/couch/src/couch_httpd_auth.erl
index c1e4c8e42..5878abcb3 100644
--- a/src/couch/src/couch_httpd_auth.erl
+++ b/src/couch/src/couch_httpd_auth.erl
@@ -460,16 +460,17 @@ cookie_auth_header(
 cookie_auth_header(_Req, _Headers) ->
     [].
 
-cookie_auth_cookie(Req, User, Secret, TimeStamp, MustMatchBasic) ->
-    MustMatchBasicStr =
-        case MustMatchBasic of
-            true -> "1";
-            false -> "0"
-        end,
+cookie_auth_cookie(Req, User, Secret, TimeStamp, true) ->
     SessionData = lists:join(":", [
         User,
-        lists:join(",", [erlang:integer_to_list(TimeStamp, 16), 
MustMatchBasicStr])
+        lists:join(",", [erlang:integer_to_list(TimeStamp, 16), "1"])
     ]),
+    cookie_auth_cookie(Req, Secret, SessionData);
+cookie_auth_cookie(Req, User, Secret, TimeStamp, false) ->
+    SessionData = lists:join(":", [User, erlang:integer_to_list(TimeStamp, 
16)]),
+    cookie_auth_cookie(Req, Secret, SessionData).
+
+cookie_auth_cookie(Req, Secret, SessionData) ->
     [HashAlgorithm | _] = couch_util:get_config_hash_algorithms(),
     Hash = couch_util:hmac(HashAlgorithm, Secret, SessionData),
     mochiweb_cookies:cookie(

Reply via email to