commit 3abe198152c8031d6c5a3ae5f2de40247d541a93
author Ronny Berndt <ronny@apache.org> Thu Jul 27 18:59:39 2023 +0200
committer Ronny Berndt <ronny@apache.org> Thu Jul 27 18:59:39 2023 +0200
tree a4f3bb87a3e9e21773a98b45315e29a92973334f
parent 0fe6de554d3e47d64a0949952946d1e4d66bbef0

Fix auth hashs test

Create a utility function for construction the AuthSession value

src/chttpd/test/eunit/chttpd_auth_hash_algorithms_tests.erl

diff --git a/src/chttpd/test/eunit/chttpd_auth_hash_algorithms_tests.erl b/src/chttpd/test/eunit/chttpd_auth_hash_algorithms_tests.erl
index 52f4f9e..7a0db4b 100644
--- a/src/chttpd/test/eunit/chttpd_auth_hash_algorithms_tests.erl
+++ b/src/chttpd/test/eunit/chttpd_auth_hash_algorithms_tests.erl
@@ -64,9 +64,8 @@
     "http://" ++ Addr ++ ":" ++ Port.
 
 make_auth_session_string(HashAlgorithm, User, Secret, TimeStamp) ->
-    SessionData = User ++ ":" ++ erlang:integer_to_list(TimeStamp, 16),
-    Hash = couch_util:hmac(HashAlgorithm, Secret, SessionData),
-    "AuthSession=" ++ couch_util:encodeBase64Url(SessionData ++ ":" ++ ?b2l(Hash)).
+    "AuthSession=" ++
+        couch_httpd_auth:cookie_auth_session_value(HashAlgorithm, User, Secret, TimeStamp, false).
 
 get_user_props(User) ->
     couch_auth_cache:get_user_creds(User).

src/couch/src/couch_httpd_auth.erl

diff --git a/src/couch/src/couch_httpd_auth.erl b/src/couch/src/couch_httpd_auth.erl
index 5ffbddd..3a97664 100644
--- a/src/couch/src/couch_httpd_auth.erl
+++ b/src/couch/src/couch_httpd_auth.erl
@@ -26,6 +26,7 @@
 -export([null_authentication_handler/1]).
 -export([proxy_authentication_handler/1, proxy_authentification_handler/1]).
 -export([cookie_auth_header/2]).
+-export([cookie_auth_session_value/5]).
 -export([handle_session_req/1, handle_session_req/2]).
 
 -export([authenticate/2, verify_totp/2]).
@@ -462,7 +463,7 @@
 cookie_auth_header(_Req, _Headers) ->
     [].
 
-cookie_auth_cookie(Req, User, Secret, TimeStamp, MustMatchBasic) ->
+cookie_auth_session_value(HashAlgorithm, User, Secret, TimeStamp, MustMatchBasic) ->
     MustMatchBasicStr =
         case MustMatchBasic of
             true -> "1";
@@ -472,11 +473,14 @@
         User,
         lists:join(",", [erlang:integer_to_list(TimeStamp, 16), MustMatchBasicStr])
     ]),
-    [HashAlgorithm | _] = couch_util:get_config_hash_algorithms(),
     Hash = couch_util:hmac(HashAlgorithm, Secret, SessionData),
+    couch_util:encodeBase64Url(lists:join(":", [SessionData, Hash])).
+
+cookie_auth_cookie(Req, User, Secret, TimeStamp, MustMatchBasic) ->
+    [HashAlgorithm | _] = couch_util:get_config_hash_algorithms(),
     mochiweb_cookies:cookie(
         "AuthSession",
-        couch_util:encodeBase64Url(lists:join(":", [SessionData, Hash])),
+        cookie_auth_session_value(HashAlgorithm, User, Secret, TimeStamp, MustMatchBasic),
         cookie_attributes(Req)
     ).