indutny/couchdb-users.diff

## couchdb-users.diff
commit bda00b93bed86610319f73cc6e857bd6ae05bff7
Author: Fedor Indutny <fedor.indutny@gmail.com>
Date:   Thu Jun 20 23:32:26 2013 +0200

    couch_users_db: introduce public_users option

    When `couchdb.public_users` is set to `true`, getting `/_users/id` will
    return user document with sensitive information stripped.

diff --git a/etc/couchdb/default.ini.tpl.in b/etc/couchdb/default.ini.tpl.in
index 736d9cd..a7b5c04 100644
--- a/etc/couchdb/default.ini.tpl.in
+++ b/etc/couchdb/default.ini.tpl.in
@@ -14,6 +14,7 @@ os_process_timeout = 5000 ; 5 seconds. for view and external servers.
 max_dbs_open = 100
 delayed_commits = true ; set this to false to ensure an fsync before 201 Created is returned
 uri_file = %localstaterundir%/couch.uri
+public_users = false
 ; Method used to compress everything that is appended to database and view index files, except
 ; for attachments (see the attachments section). Available methods are:
 ;
diff --git a/src/couchdb/couch_users_db.erl b/src/couchdb/couch_users_db.erl
index de76142..e56ea85 100644
--- a/src/couchdb/couch_users_db.erl
+++ b/src/couchdb/couch_users_db.erl
@@ -101,7 +101,25 @@ after_doc_read(Doc, #db{user_ctx = UserCtx} = Db) ->
     _ when Name =:= DocName ->
         Doc;
     _ ->
-        throw(not_found)
+        case couch_config:get("couchdb", "public_users", "false") of
+        "false" ->
+            throw(not_found);
+        "true" ->
+            #doc{body = {Body}} = Doc,
+            Doc#doc{
+                body = {lists:filter(fun({Key, _}) ->
+                    (Key =/= <<"salt">>) and
+                    (Key =/= <<"password">>) and
+                    (Key =/= <<"password_sha">>) and
+                    (Key =/= <<"password_scheme">>) and
+                    (Key =/= <<"derived_Key">>) and
+                    (Key =/= <<"pbkdf2">>) and
+                    (Key =/= <<"iterations">>) and
+                    (Key =/= <<"bcrypt">>) and
+                    (Key =/= <<"x-csrf-token">>)
+                end, Body)}
+            }
+        end
     end.

 get_doc_name(#doc{id= <<"org.couchdb.user:", Name/binary>>}) ->
	commit bda00b93bed86610319f73cc6e857bd6ae05bff7
	Author: Fedor Indutny <fedor.indutny@gmail.com>
	Date: Thu Jun 20 23:32:26 2013 +0200

	couch_users_db: introduce public_users option

	When `couchdb.public_users` is set to `true`, getting `/_users/id` will
	return user document with sensitive information stripped.

	diff --git a/etc/couchdb/default.ini.tpl.in b/etc/couchdb/default.ini.tpl.in
	index 736d9cd..a7b5c04 100644
	--- a/etc/couchdb/default.ini.tpl.in
	+++ b/etc/couchdb/default.ini.tpl.in
	@@ -14,6 +14,7 @@ os_process_timeout = 5000 ; 5 seconds. for view and external servers.
	max_dbs_open = 100
	delayed_commits = true ; set this to false to ensure an fsync before 201 Created is returned
	uri_file = %localstaterundir%/couch.uri
	+public_users = false
	; Method used to compress everything that is appended to database and view index files, except
	; for attachments (see the attachments section). Available methods are:
	;
	diff --git a/src/couchdb/couch_users_db.erl b/src/couchdb/couch_users_db.erl
	index de76142..e56ea85 100644
	--- a/src/couchdb/couch_users_db.erl
	+++ b/src/couchdb/couch_users_db.erl
	@@ -101,7 +101,25 @@ after_doc_read(Doc, #db{user_ctx = UserCtx} = Db) ->
	_ when Name =:= DocName ->
	Doc;
	_ ->
	- throw(not_found)
	+ case couch_config:get("couchdb", "public_users", "false") of
	+ "false" ->
	+ throw(not_found);
	+ "true" ->
	+ #doc{body = {Body}} = Doc,
	+ Doc#doc{
	+ body = {lists:filter(fun({Key, _}) ->
	+ (Key =/= <<"salt">>) and
	+ (Key =/= <<"password">>) and
	+ (Key =/= <<"password_sha">>) and
	+ (Key =/= <<"password_scheme">>) and
	+ (Key =/= <<"derived_Key">>) and
	+ (Key =/= <<"pbkdf2">>) and
	+ (Key =/= <<"iterations">>) and
	+ (Key =/= <<"bcrypt">>) and
	+ (Key =/= <<"x-csrf-token">>)
	+ end, Body)}
	+ }
	+ end
	end.

	get_doc_name(#doc{id= <<"org.couchdb.user:", Name/binary>>}) ->