noahshaw11 opened a new pull request #3637: URL: https://github.com/apache/couchdb/pull/3637
## Overview Basic authentication in CouchDB currently expects `auth-scheme` in `Authorization` to be equal to "Basic" (case sensitive). However, according to [HTTP Authentication RFC2617](https://datatracker.ietf.org/doc/html/rfc2617#section-1.2), it should be case-insensitive. ## Testing recommendations Tests have been modified to use different cases of "Basic" including "basic", "BAsIc", "Basic", and "BASIC". Furthermore, you can execute the following curl requests and see that you will receive an appropriate response each time. ``` /Users/ncshaw % curl http://localhost:15984/db1 -X PUT -H'Authorization: basic YWRtOnBhc3M=' {"ok":true} /Users/ncshaw % curl http://localhost:15984/db2 -X PUT -H'Authorization: Basic YWRtOnBhc3M=' {"ok":true} /Users/ncshaw % curl http://localhost:15984/db -X GET -H'Authorization: BASIC YWRtOnBhc3M=' {"cluster":{"n":0,"q":0,"r":0,"w":0},"compact_running":false,"data_size":0,"db_name":"db","disk_format_version":0,"disk_size":0,"instance_start_time":"0","purge_seq":0,"encryption":{"enabled":false,"key_manager":{}},"update_seq":"0000000a1f123cb400000000","uuid":"00974c2f618fc85a3baede507945551b","doc_del_count":0,"doc_count":102,"sizes":{"external":98233562,"views":0}} /Users/ncshaw % curl http://localhost:15984/db -X GET -H'Authorization: bAsIc YWRtOnBhc3M=' {"cluster":{"n":0,"q":0,"r":0,"w":0},"compact_running":false,"data_size":0,"db_name":"db","disk_format_version":0,"disk_size":0,"instance_start_time":"0","purge_seq":0,"encryption":{"enabled":false,"key_manager":{}},"update_seq":"0000000a1f123cb400000000","uuid":"00974c2f618fc85a3baede507945551b","doc_del_count":0,"doc_count":102,"sizes":{"external":98233562,"views":0}} ``` ## Related Issues or Pull Requests The authorization scheme for HTTP Basic Authentication should not be case sensitive: https://github.com/apache/couchdb/issues/3367 ## Checklist - [ ] Code is written and works correctly - [ ] Changes are covered by tests - [ ] Any new configurable parameters are documented in `rel/overlay/etc/default.ini` - [ ] A PR for documentation changes has been made in https://github.com/apache/couchdb-documentation -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
