[couchdb] 04/09: use couch password cache

Tue, 24 Oct 2023 04:05:42 -0700 

This is an automated email from the ASF dual-hosted git repository.

rnewson pushed a commit to branch decouple_offline_hash_strength_from_online
in repository https://gitbox.apache.org/repos/asf/couchdb.git

commit eda7dd0fb12e9e7b193fe6d256726ef1f8725bb8
Author: Robert Newson <[email protected]>
AuthorDate: Thu Oct 19 19:48:53 2023 +0100

    use couch password cache
---
 src/couch/src/couch_httpd_auth.erl | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/src/couch/src/couch_httpd_auth.erl 
b/src/couch/src/couch_httpd_auth.erl
index 6bb4774ce..1b4fe1ebb 100644
--- a/src/couch/src/couch_httpd_auth.erl
+++ b/src/couch/src/couch_httpd_auth.erl
@@ -28,7 +28,7 @@
 -export([cookie_auth_header/2]).
 -export([handle_session_req/1, handle_session_req/2]).
 
--export([authenticate/2, verify_totp/2]).
+-export([authenticate/4, verify_totp/2]).
 -export([ensure_cookie_auth_secret/0, make_cookie_time/0]).
 -export([maybe_value/3]).
 
@@ -111,7 +111,7 @@ default_authentication_handler(Req, AuthModule) ->
                     reject_if_totp(UserProps),
                     UserName = ?l2b(User),
                     Password = ?l2b(Pass),
-                    case authenticate(Password, UserProps) of
+                    case authenticate(AuthModule, UserName, Password, 
UserProps) of
                         true ->
                             Req0 = Req#httpd{
                                 user_ctx = #user_ctx{
@@ -536,7 +536,7 @@ handle_session_req(#httpd{method = 'POST', mochi_req = 
MochiReq} = Req, AuthModu
             nil -> {ok, [], nil};
             Result -> Result
         end,
-    case authenticate(Password, UserProps) of
+    case authenticate(AuthModule, UserName, Password, UserProps) of
         true ->
             verify_totp(UserProps, Form),
             % setup the session cookie
@@ -652,7 +652,21 @@ extract_username(Form) ->
 maybe_value(_Key, undefined, _Fun) -> [];
 maybe_value(Key, Else, Fun) -> [{Key, Fun(Else)}].
 
-authenticate(Pass, UserProps) ->
+authenticate(AuthModule, UserName, Password, UserProps) ->
+    case couch_passwords_cache:authenticate(AuthModule, UserName, Password) of
+        not_found ->
+            case authenticate_int(Password, UserProps) of
+                false ->
+                    false;
+                true ->
+                    couch_passwords_cache:insert(AuthModule, UserName, 
Password),
+                    true
+            end;
+        Result when is_boolean(Result) ->
+            Result
+    end.
+
+authenticate_int(Pass, UserProps) ->
     UserSalt = couch_util:get_value(<<"salt">>, UserProps, <<>>),
     {PasswordHash, ExpectedHash} =
         case couch_util:get_value(<<"password_scheme">>, UserProps, 
<<"simple">>) of

Reply via email to