Merge pull request #2473 from apache/infinite-loop-auth
Fix infinite loop in default_authentication_handler
diff --git a/src/chttpd/src/chttpd_auth.erl b/src/chttpd/src/chttpd_auth.erl
index 45e1190..607f09a 100644
--- a/src/chttpd/src/chttpd_auth.erl
+++ b/src/chttpd/src/chttpd_auth.erl
@@ -55,10 +55,12 @@
% See #1947 - users should always be able to attempt a login
Req#httpd{user_ctx=#user_ctx{}};
party_mode_handler(Req) ->
- case config:get("chttpd", "require_valid_user", "false") of
- "true" ->
+ RequireValidUser = config:get_boolean("chttpd", "require_valid_user", false),
+ ExceptUp = config:get_boolean("chttpd", "require_valid_user_except_for_up", true),
+ case RequireValidUser andalso not ExceptUp of
+ true ->
throw({unauthorized, <<"Authentication required.">>});
- "false" ->
+ false ->
case config:get("admins") of
[] ->
Req#httpd{user_ctx = ?ADMIN_USER};
diff --git a/src/couch/src/couch_httpd_auth.erl b/src/couch/src/couch_httpd_auth.erl
index 96de5bf..5e44503 100644
--- a/src/couch/src/couch_httpd_auth.erl
+++ b/src/couch/src/couch_httpd_auth.erl
@@ -88,11 +88,6 @@
default_authentication_handler(Req) ->
default_authentication_handler(Req, couch_auth_cache).
-default_authentication_handler(#httpd{path_parts=[<<"_up">>]}=Req, AuthModule) ->
- case config:get_boolean("chttpd", "require_valid_user_except_for_up", false) of
- true -> Req#httpd{user_ctx=?ADMIN_USER};
- _False -> default_authentication_handler(Req, AuthModule)
- end;
default_authentication_handler(Req, AuthModule) ->
case basic_name_pw(Req) of
{User, Pass} ->