Skip to content

Commit 4999cfd

Browse files
rnewsonrnewson
authored
Merge pull request #5829 from apache/sync-secret
use secret from config if ETS not populated
2 parents 73dc193 + 66c564a commit 4999cfd

2 files changed

Lines changed: 22 additions & 14 deletions

File tree

src/couch/src/couch_httpd_auth.erl

Lines changed: 0 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -460,23 +460,11 @@ ensure_cookie_auth_secret() ->
460460
undefined ->
461461
NewSecret = ?b2l(couch_uuids:random()),
462462
config:set("chttpd_auth", "secret", NewSecret),
463-
wait_for_secret(10),
464463
NewSecret;
465464
Secret ->
466465
Secret
467466
end.
468467

469-
wait_for_secret(0) ->
470-
ok;
471-
wait_for_secret(N) ->
472-
case couch_secrets:secret_is_set() of
473-
true ->
474-
ok;
475-
false ->
476-
timer:sleep(50),
477-
wait_for_secret(N - 1)
478-
end.
479-
480468
% session handlers
481469
% Login handler with user db
482470
handle_session_req(Req) ->

src/couch/src/couch_secrets.erl

Lines changed: 22 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,7 @@ sign(Message) ->
4141

4242
sign(Message, ExtraSecret) ->
4343
[HashAlgorithm | _] = couch_util:get_config_hash_algorithms(),
44-
case current_secret_from_ets() of
44+
case current_secret() of
4545
undefined ->
4646
throw({internal_server_error, <<"cookie auth secret is not set">>});
4747
CurrentSecret ->
@@ -53,7 +53,7 @@ verify(Message, ExpectedMAC) ->
5353
verify(Message, <<>>, ExpectedMAC).
5454

5555
verify(Message, ExtraSecret, ExpectedMAC) ->
56-
FullSecrets = [<<Secret/binary, ExtraSecret/binary>> || Secret <- all_secrets_from_ets()],
56+
FullSecrets = [<<Secret/binary, ExtraSecret/binary>> || Secret <- all_secrets()],
5757
AllAlgorithms = couch_util:get_config_hash_algorithms(),
5858
verify(Message, AllAlgorithms, FullSecrets, ExpectedMAC).
5959

@@ -177,12 +177,32 @@ current_secret_from_config() ->
177177
?l2b(Secret)
178178
end.
179179

180+
current_secret() ->
181+
case current_secret_from_ets() of
182+
undefined ->
183+
current_secret_from_config();
184+
CurrentSecret ->
185+
CurrentSecret
186+
end.
187+
180188
current_secret_from_ets() ->
181189
current_secret_from_ets(node()).
182190

183191
current_secret_from_ets(Node) ->
184192
secret_from_ets({Node, current}).
185193

194+
all_secrets() ->
195+
case all_secrets_from_ets() of
196+
[] ->
197+
CurrentSecret = current_secret_from_config(),
198+
if
199+
CurrentSecret == undefined -> [];
200+
true -> [CurrentSecret]
201+
end;
202+
AllSecrets ->
203+
AllSecrets
204+
end.
205+
186206
all_secrets_from_ets() ->
187207
secret_from_ets(all_secrets).
188208

0 commit comments

Comments
 (0)