Skip to content

Commit

Permalink
swallow bad auth errors, fixes #17
Browse files Browse the repository at this point in the history
  • Loading branch information
rlidwka committed Dec 6, 2013
1 parent 6a295ac commit a257fc3
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 8 deletions.
10 changes: 9 additions & 1 deletion lib/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -174,9 +174,17 @@ module.exports = function(config_hash) {
app.put('/-/user/:argument/-rev/*', function(req, res, next) {
// can't put 'org.couchdb.user' in route address for some reason
if (req.params.argument.split(':')[0] !== 'org.couchdb.user') return next('route')

if (req.remoteUser == null) {
res.status(403)
return res.send({
error: 'bad username/password, access denied',
})
}

res.status(201)
return res.send({
ok: 'you are authenticated as "' + req.user + '"',
ok: 'you are authenticated as "' + req.remoteUser + '"',
})
})

Expand Down
19 changes: 12 additions & 7 deletions lib/middleware.js
Original file line number Diff line number Diff line change
Expand Up @@ -39,14 +39,19 @@ module.exports.expect_json = function expect_json(req, res, next) {
}

module.exports.basic_auth = function basic_auth(callback) {
return function(req, res, next) {
return function(req, res, _next) {
function next(err) {
// uncomment this to reject users with bad auth headers
//return _next.apply(null, arguments)

// swallow error, user remains unauthorized
return _next()
}

var authorization = req.headers.authorization

if (req.user) return next()
if (authorization == null) {
req.user = req.remoteUser = undefined
return next()
}
if (req.remoteUser != null) return next()
if (authorization == null) return next()

var parts = authorization.split(' ')

Expand All @@ -68,7 +73,7 @@ module.exports.basic_auth = function basic_auth(callback) {
, pass = credentials.slice(index + 1)

if (callback(user, pass)) {
req.user = req.remoteUser = user
req.remoteUser = user
next()
} else {
next({
Expand Down

0 comments on commit a257fc3

Please sign in to comment.