rnewson commented on a change in pull request #2888:
URL: https://github.com/apache/couchdb/pull/2888#discussion_r426799196
##########
File path: src/couch/src/couch_httpd_auth.erl
##########
@@ -209,13 +209,19 @@ jwt_authentication_handler(Req) ->
get_configured_claims() ->
Claims = config:get("jwt_auth", "required_claims", ""),
- case re:split(Claims, "\s*,\s*", [{return, list}]) of
- [[]] ->
- []; %% if required_claims is the empty string.
- List ->
- [list_to_existing_atom(C) || C <- List]
+ Re = "((?<key1>[a-z]+)|{(?<key2>[a-z]+)\s*,\s*\"(?<val>[^\"]+)\"})",
+ case re:run(Claims, Re, [global, {capture, [key1, key2, val], binary}]) of
+ nomatch ->
Review comment:
the user gets the http response, the admin gets the log message (who
might also be the user). I didn't want to point at the specific
misconfiguration to the user (who in this situation could be anyone, they might
not have valid credentials). But I did want to mention that it's specific to
JWT in case the user can use a different method, and so the admin has something
more meaningful to report to user@ / github / etc.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
