Google Git
Sign in
apache / couchdb / 2c9ddd696b024267b051d069e91f95e49b8eec22^1..2c9ddd696b024267b051d069e91f95e49b8eec22 / .
commit2c9ddd696b024267b051d069e91f95e49b8eec22[log] [tgz]
authorRobert Newson <rnewson@apache.org>Mon Jan 20 14:30:54 2020 +0000
committerGitHub <noreply@github.com>Mon Jan 20 14:30:54 2020 +0000
tree4f2a8609d7618e084454d88e607adcfb3bfcd261
parent7214e506199f41babd09611c7ab3564291d5be06 [diff]
parentb94645752f374847e70821137cc6eba53d83c944 [diff]
Merge pull request #2473 from apache/infinite-loop-auth

Fix infinite loop in default_authentication_handler
diff --git a/src/chttpd/src/chttpd_auth.erl b/src/chttpd/src/chttpd_auth.erl
index 45e1190..607f09a 100644
--- a/src/chttpd/src/chttpd_auth.erl
+++ b/src/chttpd/src/chttpd_auth.erl

@@ -55,10 +55,12 @@
     % See #1947 - users should always be able to attempt a login
     Req#httpd{user_ctx=#user_ctx{}};
 party_mode_handler(Req) ->
-    case config:get("chttpd", "require_valid_user", "false") of
-    "true" ->
+    RequireValidUser = config:get_boolean("chttpd", "require_valid_user", false),
+    ExceptUp = config:get_boolean("chttpd", "require_valid_user_except_for_up", true),
+    case RequireValidUser andalso not ExceptUp of
+    true ->
         throw({unauthorized, <<"Authentication required.">>});
-    "false" ->
+    false ->
         case config:get("admins") of
         [] ->
             Req#httpd{user_ctx = ?ADMIN_USER};

diff --git a/src/couch/src/couch_httpd_auth.erl b/src/couch/src/couch_httpd_auth.erl
index 96de5bf..5e44503 100644
--- a/src/couch/src/couch_httpd_auth.erl
+++ b/src/couch/src/couch_httpd_auth.erl

@@ -88,11 +88,6 @@
 default_authentication_handler(Req) ->
     default_authentication_handler(Req, couch_auth_cache).
 
-default_authentication_handler(#httpd{path_parts=[<<"_up">>]}=Req, AuthModule) ->
-    case config:get_boolean("chttpd", "require_valid_user_except_for_up", false) of
-        true -> Req#httpd{user_ctx=?ADMIN_USER};
-        _False -> default_authentication_handler(Req, AuthModule)
-    end;
 default_authentication_handler(Req, AuthModule) ->
     case basic_name_pw(Req) of
     {User, Pass} ->