[couchdb] 01/01: Send compatible AuthSession cookie when possible.

Thu, 05 Oct 2023 07:45:06 -0700 

This is an automated email from the ASF dual-hosted git repository.

rnewson pushed a commit to branch send-original-cookie-format
in repository https://gitbox.apache.org/repos/asf/couchdb.git

commit 1965b784d94259da7a6a031bc45217e6a85009ac
Author: Robert Newson <[email protected]>
AuthorDate: Thu Oct 5 10:06:05 2023 +0100

    Send compatible AuthSession cookie when possible.
    
    To smooth cluster upgrades, send the original format of AuthSession cookie 
if
    MustMatchBasic is false (i.e, when generating a Cookie from a successful
    cookie_auth_handler call).
    
    Prior to this (and after 50c69a0c68), during an upgrade, a cookie issued by
    the basic auth handler from an upgraded node will not be parseable by
    not-upgraded nodes.
    
    With this change a cookie issued by the cookie_auth_handler retains its
    original format. Only cookies issued by the default_auth_handler will
    be the new format.
    
    Relates to https://github.com/apache/couchdb/pull/4702
---
 src/couch/src/couch_httpd_auth.erl | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/src/couch/src/couch_httpd_auth.erl 
b/src/couch/src/couch_httpd_auth.erl
index c1e4c8e42..29cb58db7 100644
--- a/src/couch/src/couch_httpd_auth.erl
+++ b/src/couch/src/couch_httpd_auth.erl
@@ -460,16 +460,18 @@ cookie_auth_header(
 cookie_auth_header(_Req, _Headers) ->
     [].
 
-cookie_auth_cookie(Req, User, Secret, TimeStamp, MustMatchBasic) ->
-    MustMatchBasicStr =
-        case MustMatchBasic of
-            true -> "1";
-            false -> "0"
-        end,
-    SessionData = lists:join(":", [
+cookie_auth_cookie(Req, User, Secret, TimeStamp, true) ->
+    SessionItems = [
         User,
-        lists:join(",", [erlang:integer_to_list(TimeStamp, 16), 
MustMatchBasicStr])
-    ]),
+        [erlang:integer_to_list(TimeStamp, 16), ",1"]
+    ],
+    cookie_auth_cookie(Req, Secret, SessionItems);
+cookie_auth_cookie(Req, User, Secret, TimeStamp, false) ->
+    SessionItems = [User, erlang:integer_to_list(TimeStamp, 16)],
+    cookie_auth_cookie(Req, Secret, SessionItems).
+
+cookie_auth_cookie(Req, Secret, SessionItems) when is_list(SessionItems) ->
+    SessionData = lists:join(":", SessionItems),
     [HashAlgorithm | _] = couch_util:get_config_hash_algorithms(),
     Hash = couch_util:hmac(HashAlgorithm, Secret, SessionData),
     mochiweb_cookies:cookie(

Reply via email to