Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
2.0.0
-
None
Description
Any documents in the _users db which have an id not matching org.couchdb.user:USERNAME will cause the chttpd_auth_cache changes listener to die.
This is reproducable by running the following command against a dev cluster spawned with dev/run --with-admin-party-please:
$ curl -X PUT http://localhost:15984/_users/_design/doge -d '{"views":{"shibe":{"map":"function(doc) { emit(doc.id, 1); }", "reduce": "_sum"}}}' {"ok":true,"id":"_design/doge","rev":"1-bdbef59255fb95eecb7ffb0a4f5c9bfc"}
Then observing the logs in dev/logs/node*.log:
2015-09-09 15:56:55.988 [notice] node1@127.0.0.1 <0.352.0> chttpd_auth_cache changes listener died {function_clause,[{chttpd_auth_cache,username,[<<"_design/doge">>],[{file,"src/chttpd_auth_cache.erl"},{line,176}]},{chttpd_auth_cache,changes_callback,2,[{file,"src/chttpd_auth_cache.erl"},{line,149}]},{fabric_view_changes,handle_message,3,[{file,"src/fabric_view_changes.erl"},{line,285}]},{rexi_utils,process_mailbox,6,[{file,"src/rexi_utils.erl"},{line,55}]},{rexi_utils,recv,6,[{file,"src/rexi_utils.erl"},{line,49}]},{fabric_view_changes,receive_results,4,[{file,"src/fabric_view_changes.erl"},{line,215}]},{fabric_view_changes,send_changes,6,[{file,"src/fabric_view_changes.erl"},{line,176}]},{fabric_view_changes,keep_sending_changes,8,[{file,"src/fabric_view_changes.erl"},{line,82}]}]}
The error is due to the following line in chttpd_auth_cache:changes_callback/2 [1]:
UserName = username(couch_util:get_value(id, Change)),
Which passes every doc id through:
username(<<"org.couchdb.user:", UserName/binary>>) ->
UserName.
Therefore any doc id not matching the pattern results in a function_clause error.
Not quite sure what the preferred fix is here. Should we allow regular documents in the _users DB with IDs that do not have the org.couchdb.user: prefix? Or just restrict that to design docs?
If we are going to enforce the org.couchdb.user: prefix for all non-design docs then we should also stop users from writing docs that do not have that prefix.
My proposal is therefore:
1. Modify the changes listener in chttpd_auth_cache so that it silently ignores design documents.
2. Validate at update time that docs in the users DB are either design docs or have the org.user.couchdb: prefx.
Thoughts?
[1] https://github.com/apache/couchdb-chttpd/blob/master/src/chttpd_auth_cache.erl#L149