Hawkin
/
arangodb
mirror of https://gitee.com/bigwinds/arangodb
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

initial commit (#5584)

This commit is contained in:
Simon 2018-06-18 17:59:56 +02:00 committed by Jan
parent b7f7711d30
commit 240577a60f
3 changed files with 17 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
arangod/Auth/UserManager.cpp
View File

@ -654,9 +654,9 @@ Result auth::UserManager::removeAllUsers() {
bool auth::UserManager::checkPassword(std::string const& username, bool auth::UserManager::checkPassword(std::string const& username,
std::string const& password) { std::string const& password) {
// AuthResult result(username); if (username.empty() || IsRole(username) ||
if (username.empty() || IsRole(username)) { ServerState::serverMode() == ServerState::Mode::MAINTENANCE) {
return false; return false; // we cannot authenticate during bootstrap
} }
loadFromDB(); loadFromDB();

11
arangod/GeneralServer/GeneralCommTask.cpp
View File

@ -164,17 +164,17 @@ GeneralCommTask::RequestFlow GeneralCommTask::prepareExecution(
// now check the authentication will determine if the user can access // now check the authentication will determine if the user can access
// this path checks db permissions and contains exceptions for the // this path checks db permissions and contains exceptions for the
// users API to allow logins // users API to allow logins
const rest::ResponseCode ok = GeneralCommTask::canAccessPath(req); const rest::ResponseCode code = GeneralCommTask::canAccessPath(req);
if (ok == rest::ResponseCode::UNAUTHORIZED) { if (code == rest::ResponseCode::UNAUTHORIZED) {
addErrorResponse(rest::ResponseCode::UNAUTHORIZED, addErrorResponse(rest::ResponseCode::UNAUTHORIZED,
req.contentTypeResponse(), req.messageId(), req.contentTypeResponse(), req.messageId(),
TRI_ERROR_FORBIDDEN, TRI_ERROR_FORBIDDEN,
"not authorized to execute this request"); "not authorized to execute this request");
return RequestFlow::Abort; return RequestFlow::Abort;
} }
TRI_ASSERT(ok == rest::ResponseCode::OK); // nothing else allowed
// check for an HLC time stamp, only after authentication if (code == rest::ResponseCode::OK && req.authenticated()) {
// check for an HLC time stamp only with auth
std::string const& timeStamp = req.header(StaticStrings::HLCHeader, found); std::string const& timeStamp = req.header(StaticStrings::HLCHeader, found);
if (found) { if (found) {
uint64_t parsed = basics::HybridLogicalClock::decodeTimeStamp(timeStamp); uint64_t parsed = basics::HybridLogicalClock::decodeTimeStamp(timeStamp);
@ -182,6 +182,7 @@ GeneralCommTask::RequestFlow GeneralCommTask::prepareExecution(
TRI_HybridLogicalClock(parsed); TRI_HybridLogicalClock(parsed);
} }
} }
}
return RequestFlow::Continue; return RequestFlow::Continue;
} }
@ -473,6 +474,8 @@ rest::ResponseCode GeneralCommTask::canAccessPath(
if (!_auth->isActive()) { if (!_auth->isActive()) {
// no authentication required at all // no authentication required at all
return rest::ResponseCode::OK; return rest::ResponseCode::OK;
} else if (ServerState::serverMode() == ServerState::Mode::MAINTENANCE) {
return rest::ResponseCode::SERVICE_UNAVAILABLE;
} }
std::string const& path = request.requestPath(); std::string const& path = request.requestPath();

5
arangod/GeneralServer/HttpCommTask.cpp
View File

@ -762,16 +762,13 @@ void HttpCommTask::resetState() {
ResponseCode HttpCommTask::handleAuthHeader(HttpRequest* request) const { ResponseCode HttpCommTask::handleAuthHeader(HttpRequest* request) const {
bool found; bool found;
std::string const& authStr = std::string const& authStr = request->header(StaticStrings::Authorization, found);
request->header(StaticStrings::Authorization, found);
if (!found) { if (!found) {
events::CredentialsMissing(request); events::CredentialsMissing(request);
return rest::ResponseCode::UNAUTHORIZED; return rest::ResponseCode::UNAUTHORIZED;
} }
size_t methodPos = authStr.find_first_of(' '); size_t methodPos = authStr.find_first_of(' ');
if (methodPos != std::string::npos) { if (methodPos != std::string::npos) {
// skip over authentication method // skip over authentication method
char const* auth = authStr.c_str() + methodPos; char const* auth = authStr.c_str() + methodPos;