mirror of https://gitee.com/bigwinds/arangodb
added use database
This commit is contained in:
Frank Celler
parent
22b454800d
commit
b476122344
|
|
@ -94,8 +94,6 @@ bool HttpHandlerFactory::isMaintenance() {
|
|||
|
||||
////////////////////////////////////////////////////////////////////////////////
|
||||
/// @brief authenticates a new request
|
||||
///
|
||||
/// wrapper method that will consider disabled authentication etc.
|
||||
////////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
GeneralResponse::ResponseCode HttpHandlerFactory::authenticateRequest(
|
||||
|
|
|
|||
|
|
@ -92,15 +92,35 @@ GeneralResponse::ResponseCode VocbaseContext::authenticate() {
|
|||
}
|
||||
|
||||
std::string const& path = _request->requestPath();
|
||||
|
||||
// mop: inside authenticateRequest() _request->user will be populated
|
||||
GeneralResponse::ResponseCode result = authenticateRequest();
|
||||
bool forceOpen = false;
|
||||
|
||||
if (result == GeneralResponse::ResponseCode::UNAUTHORIZED || result == GeneralResponse::ResponseCode::FORBIDDEN) {
|
||||
if (StringUtils::isPrefix(path, "/_open/") ||
|
||||
StringUtils::isPrefix(path, "/_admin/aardvark/") || path == "/") {
|
||||
// mop: these paths are always callable...they will be able to check req.user when it could be validated
|
||||
result = GeneralResponse::ResponseCode::OK;
|
||||
forceOpen = true;
|
||||
}
|
||||
}
|
||||
|
||||
// check that we are allowed to see the database
|
||||
if (result == GeneralResponse::ResponseCode::OK && !forceOpen) {
|
||||
std::string const& username = _request->user();
|
||||
std::string const& dbname = _request->databaseName();
|
||||
|
||||
if (!username.empty() || !dbname.empty()) {
|
||||
AuthLevel level =
|
||||
RestServerFeature::AUTH_INFO.canUseDatabase(username, dbname);
|
||||
|
||||
if (level != AuthLevel::RW) {
|
||||
result = GeneralResponse::ResponseCode::UNAUTHORIZED;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -96,13 +96,53 @@ static AuthEntry CreateAuthEntry(VPackSlice const& slice) {
|
|||
bool mustChange =
|
||||
VelocyPackHelper::getBooleanValue(slice, "changePassword", false);
|
||||
|
||||
// extract "databases" attribute
|
||||
VPackSlice const databasesSlice = authDataSlice.get("databases");
|
||||
std::unordered_map<std::string, AuthLevel> databases;
|
||||
AuthLevel allDatabases = AuthLevel::NONE;
|
||||
|
||||
if (databasesSlice.isObject()) {
|
||||
for (auto const& obj : VPackObjectIterator(databasesSlice)) {
|
||||
std::string const key = obj.key.copyString();
|
||||
|
||||
ValueLength length;
|
||||
char const* value = obj.value.getString(length);
|
||||
|
||||
if (TRI_CaseEqualString(value, "rw", 2)) {
|
||||
if (key == "*") {
|
||||
allDatabases = AuthLevel::RW;
|
||||
} else {
|
||||
databases.emplace(key, AuthLevel::RW);
|
||||
}
|
||||
}
|
||||
else if (TRI_CaseEqualString(value, "ro", 2)) {
|
||||
if (key == "*") {
|
||||
allDatabases = AuthLevel::RO;
|
||||
} else {
|
||||
databases.emplace(key, AuthLevel::RO);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// build authentication entry
|
||||
return AuthEntry(userSlice.copyString(), methodSlice.copyString(),
|
||||
saltSlice.copyString(), hashSlice.copyString(), active,
|
||||
mustChange);
|
||||
saltSlice.copyString(), hashSlice.copyString(),
|
||||
databases, allDatabases, active, mustChange);
|
||||
}
|
||||
|
||||
AuthLevel AuthEntry::canUseDatabase(std::string const& dbname) const {
|
||||
return AuthLevel::NONE;
|
||||
if (_allDatabases == AuthLevel::RW) {
|
||||
return _allDatabases;
|
||||
}
|
||||
|
||||
auto const& it = _databases.find(dbname);
|
||||
|
||||
if (it == _databases.end()) {
|
||||
return _allDatabases;
|
||||
}
|
||||
|
||||
return it->second;
|
||||
}
|
||||
|
||||
void AuthInfo::clear() {
|
||||
|
|
|
|||
|
|
@ -43,13 +43,16 @@ class AuthEntry {
|
|||
|
||||
AuthEntry(std::string const& username, std::string const& passwordMethod,
|
||||
std::string const& passwordSalt, std::string const& passwordHash,
|
||||
std::unordered_map<std::string, AuthLevel> databases, AuthLevel allDatabases,
|
||||
bool active, bool mustChange)
|
||||
: _username(username),
|
||||
_passwordMethod(passwordMethod),
|
||||
_passwordSalt(passwordSalt),
|
||||
_passwordHash(passwordHash),
|
||||
_active(active),
|
||||
_mustChange(mustChange) {}
|
||||
_mustChange(mustChange),
|
||||
_databases(databases),
|
||||
_allDatabases(allDatabases) {}
|
||||
|
||||
public:
|
||||
std::string const& username() const { return _username; }
|
||||
|
|
@ -72,6 +75,8 @@ class AuthEntry {
|
|||
std::string _passwordHash;
|
||||
bool _active;
|
||||
bool _mustChange;
|
||||
std::unordered_map<std::string, AuthLevel> _databases;
|
||||
AuthLevel _allDatabases;
|
||||
};
|
||||
|
||||
class AuthResult {
|
||||
|
|
|
|||
Loading…
Reference in New Issue