use secret from config if ETS not populated

rnewson · rnewson · commit 66c564a77167 · 2025-12-19T12:28:26.000Z
This helps with startup race conditions in the test suite where
the secret is set in config but the gen_server in couch_secrets
hasn't received it via config_change callback yet.
diff --git a/src/couch/src/couch_httpd_auth.erl b/src/couch/src/couch_httpd_auth.erl
@@ -460,23 +460,11 @@ ensure_cookie_auth_secret() ->
         undefined ->
             NewSecret = ?b2l(couch_uuids:random()),
             config:set("chttpd_auth", "secret", NewSecret),
-            wait_for_secret(10),
             NewSecret;
         Secret ->
             Secret
     end.
 
-wait_for_secret(0) ->
-    ok;
-wait_for_secret(N) ->
-    case couch_secrets:secret_is_set() of
-        true ->
-            ok;
-        false ->
-            timer:sleep(50),
-            wait_for_secret(N - 1)
-    end.
-
 % session handlers
 % Login handler with user db
 handle_session_req(Req) ->
diff --git a/src/couch/src/couch_secrets.erl b/src/couch/src/couch_secrets.erl
@@ -41,7 +41,7 @@ sign(Message) ->
 
 sign(Message, ExtraSecret) ->
     [HashAlgorithm | _] = couch_util:get_config_hash_algorithms(),
-    case current_secret_from_ets() of
+    case current_secret() of
         undefined ->
             throw({internal_server_error, <<"cookie auth secret is not set">>});
         CurrentSecret ->
@@ -53,7 +53,7 @@ verify(Message, ExpectedMAC) ->
     verify(Message, <<>>, ExpectedMAC).
 
 verify(Message, ExtraSecret, ExpectedMAC) ->
-    FullSecrets = [<<Secret/binary, ExtraSecret/binary>> || Secret <- all_secrets_from_ets()],
+    FullSecrets = [<<Secret/binary, ExtraSecret/binary>> || Secret <- all_secrets()],
     AllAlgorithms = couch_util:get_config_hash_algorithms(),
     verify(Message, AllAlgorithms, FullSecrets, ExpectedMAC).
 
@@ -177,12 +177,32 @@ current_secret_from_config() ->
             ?l2b(Secret)
     end.
 
+current_secret() ->
+    case current_secret_from_ets() of
+        undefined ->
+            current_secret_from_config();
+        CurrentSecret ->
+            CurrentSecret
+    end.
+
 current_secret_from_ets() ->
     current_secret_from_ets(node()).
 
 current_secret_from_ets(Node) ->
     secret_from_ets({Node, current}).
 
+all_secrets() ->
+    case all_secrets_from_ets() of
+        [] ->
+            CurrentSecret = current_secret_from_config(),
+            if
+                CurrentSecret == undefined -> [];
+                true -> [CurrentSecret]
+            end;
+        AllSecrets ->
+            AllSecrets
+    end.
+
 all_secrets_from_ets() ->
     secret_from_ets(all_secrets).
 
