This is an automated email from the ASF dual-hosted git repository. rnewson pushed a commit to branch send-original-cookie-format in repository https://gitbox.apache.org/repos/asf/couchdb.git
commit 404ea012864245e0a08ec1189ec24b24b88064bf Author: Robert Newson <[email protected]> AuthorDate: Thu Oct 5 10:06:05 2023 +0100 Send compatible AuthSession cookie when possible. To smooth cluster upgrades, send the original format of AuthSession cookie if MustMatchBasic is false (i.e, when generating a Cookie from a successful cookie_auth_handler call). Prior to this (and after 50c69a0c68), during an upgrade, a cookie issued by the basic auth handler from an upgraded node will not be parseable by not-upgraded nodes. With this change a cookie issued by the cookie_auth_handler retains its original format. Only cookies issued by the default_auth_handler will be the new format. Relates to https://github.com/apache/couchdb/pull/4702 --- src/couch/src/couch_httpd_auth.erl | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/src/couch/src/couch_httpd_auth.erl b/src/couch/src/couch_httpd_auth.erl index c1e4c8e42..5878abcb3 100644 --- a/src/couch/src/couch_httpd_auth.erl +++ b/src/couch/src/couch_httpd_auth.erl @@ -460,16 +460,17 @@ cookie_auth_header( cookie_auth_header(_Req, _Headers) -> []. -cookie_auth_cookie(Req, User, Secret, TimeStamp, MustMatchBasic) -> - MustMatchBasicStr = - case MustMatchBasic of - true -> "1"; - false -> "0" - end, +cookie_auth_cookie(Req, User, Secret, TimeStamp, true) -> SessionData = lists:join(":", [ User, - lists:join(",", [erlang:integer_to_list(TimeStamp, 16), MustMatchBasicStr]) + lists:join(",", [erlang:integer_to_list(TimeStamp, 16), "1"]) ]), + cookie_auth_cookie(Req, Secret, SessionData); +cookie_auth_cookie(Req, User, Secret, TimeStamp, false) -> + SessionData = lists:join(":", [User, erlang:integer_to_list(TimeStamp, 16)]), + cookie_auth_cookie(Req, Secret, SessionData). + +cookie_auth_cookie(Req, Secret, SessionData) -> [HashAlgorithm | _] = couch_util:get_config_hash_algorithms(), Hash = couch_util:hmac(HashAlgorithm, Secret, SessionData), mochiweb_cookies:cookie(
