Skip to content

Instantly share code, notes, and snippets.

@indutny indutny/couchdb-users.diff
Last active Dec 18, 2015

Embed
What would you like to do?
commit bda00b93bed86610319f73cc6e857bd6ae05bff7
Author: Fedor Indutny <fedor.indutny@gmail.com>
Date: Thu Jun 20 23:32:26 2013 +0200
couch_users_db: introduce public_users option
When `couchdb.public_users` is set to `true`, getting `/_users/id` will
return user document with sensitive information stripped.
diff --git a/etc/couchdb/default.ini.tpl.in b/etc/couchdb/default.ini.tpl.in
index 736d9cd..a7b5c04 100644
--- a/etc/couchdb/default.ini.tpl.in
+++ b/etc/couchdb/default.ini.tpl.in
@@ -14,6 +14,7 @@ os_process_timeout = 5000 ; 5 seconds. for view and external servers.
max_dbs_open = 100
delayed_commits = true ; set this to false to ensure an fsync before 201 Created is returned
uri_file = %localstaterundir%/couch.uri
+public_users = false
; Method used to compress everything that is appended to database and view index files, except
; for attachments (see the attachments section). Available methods are:
;
diff --git a/src/couchdb/couch_users_db.erl b/src/couchdb/couch_users_db.erl
index de76142..e56ea85 100644
--- a/src/couchdb/couch_users_db.erl
+++ b/src/couchdb/couch_users_db.erl
@@ -101,7 +101,25 @@ after_doc_read(Doc, #db{user_ctx = UserCtx} = Db) ->
_ when Name =:= DocName ->
Doc;
_ ->
- throw(not_found)
+ case couch_config:get("couchdb", "public_users", "false") of
+ "false" ->
+ throw(not_found);
+ "true" ->
+ #doc{body = {Body}} = Doc,
+ Doc#doc{
+ body = {lists:filter(fun({Key, _}) ->
+ (Key =/= <<"salt">>) and
+ (Key =/= <<"password">>) and
+ (Key =/= <<"password_sha">>) and
+ (Key =/= <<"password_scheme">>) and
+ (Key =/= <<"derived_Key">>) and
+ (Key =/= <<"pbkdf2">>) and
+ (Key =/= <<"iterations">>) and
+ (Key =/= <<"bcrypt">>) and
+ (Key =/= <<"x-csrf-token">>)
+ end, Body)}
+ }
+ end
end.
get_doc_name(#doc{id= <<"org.couchdb.user:", Name/binary>>}) ->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.