GitHub user mikewallace1979 opened a pull request:
https://github.com/apache/couchdb-chttpd/pull/12
Add users db security rules on clustered interface
Apply authentication_db security rules when authentication_db is on the
clustered interface (5984).
COUCHDB-2452
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/apache/couchdb-chttpd
2452-users-db-security-on-clustered-interface
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/couchdb-chttpd/pull/12.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #12
----
commit 748f5350462395b023366997d77c45a48cced8b3
Author: Mike Wallace <[email protected]>
Date: 2014-11-10T23:16:10Z
Only admin can read _changes on clustered _users
COUCHDB-2452 1/5
commit ce83780490b4fefaa0df5df2ed7447cc6331befd
Author: Mike Wallace <[email protected]>
Date: 2014-11-10T23:19:37Z
Export function for updating auth docs
The process of writing documents to the authentication DB varies
depending whether the authentication DB is on the admin or the
clustered interface. Authentication handlers should therefore
abstract the details away and provide a generic update_doc
function.
This commit adds an update_auth_doc function to the chttpd auth
cache which proxies to fabric:update_doc/3.
COUCHDB-2452 2/5
commit 1cea10dc98cb1d04ed0b0a081687324f92177dea
Author: Mike Wallace <[email protected]>
Date: 2014-11-10T23:37:02Z
Strip non-public fields from _users all_docs on 5984
A _users DB on the admin interface will strip non-public fields
from documents in the _all_docs view when include_docs=true.
This commit creates the same behaviour when the _users DB is on
the clustered interface by using the appropriate callback in
couch_mrview_http.
COUCHDB-2452 3/5
commit 9b5406b4b6d39ec5df6d1061c270f7a90e797a67
Author: Mike Wallace <[email protected]>
Date: 2014-11-10T23:41:35Z
Only admins access _users _all_docs on 5984
When couch_httpd_auth/users_db_public is set to false and the
_users DB is on the admin interface (5986) only admins can read
the _all_docs view.
This commit creates the same behaviour on the clustered interface
(5984) when chttpd_auth/users_db_public is set to false.
Note: This duplicates code in
couch_db:maybe_add_sys_db_callbacks/2 and couch_mrview_http:all_docs/3.
COUCHDB-2452 4/5
commit 25ec565c18379ce5090b35c3186f6d4a27fbb6c8
Author: Mike Wallace <[email protected]>
Date: 2014-11-13T20:32:34Z
Only admins access _users design documents
The check for admin when opening a design document in the
authentication DB was previously being carried out in a callback
function called when the document was read from the shard. In
order to allow admins to access the design document via the
clustered interface it is necessary to either modify the
chttpd/fabric plumbing so that the user context can be passed
through for all design document calls, or alternatively move the
check to the http layer where we already have the user context.
Due to the number of places we would need to modify fabric to
allow the option to be passed through the latter approach is
taken.
This commit checks for admin in the http layer for requests
which access design documents in the authentication DB.
The couch internals part of that work can be found in related
commit:
couchdb-couch/6266b95415f8c8d8cde49a8ce221e9d31ebf18b8
COUCHDB-2452 5/5
commit f2fcc285a4dfee352a8348ec6ad0f251543c5f3b
Author: Mike Wallace <[email protected]>
Date: 2014-11-26T23:05:38Z
Restart changes listener on config changes
Previously if chttpd_auth/authentication_db was changed in the
config then a changes listener would not be started for the new
authentication DB until the current changes request timed out.
During that time any changes to the users DB (e.g. password
changes) would not take effect. This is primarily a problem when
running share/www/script/test/users_db_security.js however it could
conceivably become a problem under normal running conditions.
This commit adds a config listener which causes the current changes
listener to be killed when the chttpd_auth/authentication_db config
value is changed. It will then be restarted via the existing
handle_info/2 clause.
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
