[
https://issues.apache.org/jira/browse/COUCHDB-2948?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15139044#comment-15139044
]
ASF GitHub Bot commented on COUCHDB-2948:
-----------------------------------------
GitHub user mikewallace1979 opened a pull request:
https://github.com/apache/couchdb-fabric/pull/38
Return forbidden error if encountered on any shard
This commit fixes an issue which caused HTTP 500 errors to be
returned when an authorized user attempted to access a database
that they did not have permission to access, when cassim is
disabled.
Instead of returning an internal server error once all shards
have failed to open we add a receive clause so that we throw
a forbidden error if one is encountered on any shard. This is the
same approach we already take for unauthorized errors.
Closes COUCHDB-2948
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/mikewallace1979/couchdb-fabric
2948-return-forbidden-error-if-encountered-on-any-shard
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/couchdb-fabric/pull/38.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #38
----
commit cb6e82a6f9c1827f3ef9f880d927183fad61333f
Author: Mike Wallace <[email protected]>
Date: 2016-02-09T14:31:55Z
Return forbidden error if encountered on any shard
This commit fixes an issue which caused HTTP 500 errors to be
returned when an authorized user attempted to access a database
that they did not have permission to access, when cassim is
disabled.
Instead of returning an internal server error once all shards
have failed to open we add a receive clause so that we throw
a forbidden error if one is encountered on any shard. This is the
same approach we already take for unauthorized errors.
Closes COUCHDB-2948
----
> Internal server error returned instead of 403 Forbidden when cassim is
> disabled
> -------------------------------------------------------------------------------
>
> Key: COUCHDB-2948
> URL: https://issues.apache.org/jira/browse/COUCHDB-2948
> Project: CouchDB
> Issue Type: Bug
> Components: Database Core
> Reporter: Mike Wallace
>
> When cassim is disabled and an authenticated user attempts to access a
> database that they do not have permission to access, we should be returning
> an HTTP 403, e.g.:
> {"error":"forbidden","reason":"You are not allowed to access this db."}
> Currently we get the following:
> {"error":"internal_server_error","reason":"No DB shards could be
> opened.","ref":1865933553}
> What is happening is we're attempting to open all the shards with the user
> context then throwing an internal server error when we run out of shards:
> https://github.com/apache/couchdb-fabric/blob/master/src/fabric_util.erl#L179-L180
> There is a special case for unauthorized errors:
> https://github.com/apache/couchdb-fabric/blob/master/src/fabric_util.erl#L188-L189
> If we add something similar for forbidden errors then that would solve this
> issue.
> Note this is not an issue when using cassim because it stores the security
> metadata in the _metadata database.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
