Author: fdmanana
Date: Sun Nov 21 14:03:25 2010
New Revision: 1037448
URL: http://svn.apache.org/viewvc?rev=1037448&view=rev
Log:
Proper verification of the roles property of a user document.
Closes COUCHDB-790. Thanks Gabriel Farrell.
Modified:
couchdb/trunk/share/server/loop.js
couchdb/trunk/share/server/util.js
couchdb/trunk/share/www/script/test/users_db.js
couchdb/trunk/src/couchdb/couch_js_functions.hrl
Modified: couchdb/trunk/share/server/loop.js
URL:
http://svn.apache.org/viewvc/couchdb/trunk/share/server/loop.js?rev=1037448&r1=1037447&r2=1037448&view=diff
==============================================================================
--- couchdb/trunk/share/server/loop.js (original)
+++ couchdb/trunk/share/server/loop.js Sun Nov 21 14:03:25 2010
@@ -26,6 +26,7 @@ function init_sandbox() {
sandbox.start = Render.start;
sandbox.send = Render.send;
sandbox.getRow = Render.getRow;
+ sandbox.isArray = isArray;
} catch (e) {
log(e.toSource());
}
Modified: couchdb/trunk/share/server/util.js
URL:
http://svn.apache.org/viewvc/couchdb/trunk/share/server/util.js?rev=1037448&r1=1037447&r2=1037448&view=diff
==============================================================================
--- couchdb/trunk/share/server/util.js (original)
+++ couchdb/trunk/share/server/util.js Sun Nov 21 14:03:25 2010
@@ -126,3 +126,7 @@ function log(message) {
}
respond(["log", String(message)]);
};
+
+function isArray(obj) {
+ return toString.call(obj) === "[object Array]";
+}
Modified: couchdb/trunk/share/www/script/test/users_db.js
URL:
http://svn.apache.org/viewvc/couchdb/trunk/share/www/script/test/users_db.js?rev=1037448&r1=1037447&r2=1037448&view=diff
==============================================================================
--- couchdb/trunk/share/www/script/test/users_db.js (original)
+++ couchdb/trunk/share/www/script/test/users_db.js Sun Nov 21 14:03:25 2010
@@ -90,6 +90,27 @@ couchTests.users_db = function(debug) {
T(s.name == null);
T(s.roles.indexOf("_admin") !== -1);
T(usersDb.deleteDoc(jchrisWithConflict).ok);
+
+ // you can't change doc from type "user"
+ jchrisUserDoc = usersDb.open(jchrisUserDoc._id);
+ jchrisUserDoc.type = "not user";
+ try {
+ usersDb.save(jchrisUserDoc);
+ T(false && "should only allow us to save doc when type == 'user'");
+ } catch(e) {
+ T(e.reason == "doc.type must be user");
+ }
+ jchrisUserDoc.type = "user";
+
+ // "roles" must be an array
+ jchrisUserDoc.roles = "not an array";
+ try {
+ usersDb.save(jchrisUserDoc);
+ T(false && "should only allow us to save doc when roles is an array");
+ } catch(e) {
+ T(e.reason == "doc.roles must be an array");
+ }
+ jchrisUserDoc.roles = [];
};
usersDb.deleteDb();
@@ -100,4 +121,4 @@ couchTests.users_db = function(debug) {
);
usersDb.deleteDb(); // cleanup
-}
\ No newline at end of file
+}
Modified: couchdb/trunk/src/couchdb/couch_js_functions.hrl
URL:
http://svn.apache.org/viewvc/couchdb/trunk/src/couchdb/couch_js_functions.hrl?rev=1037448&r1=1037447&r2=1037448&view=diff
==============================================================================
--- couchdb/trunk/src/couchdb/couch_js_functions.hrl (original)
+++ couchdb/trunk/src/couchdb/couch_js_functions.hrl Sun Nov 21 14:03:25 2010
@@ -31,7 +31,7 @@
throw({forbidden: 'doc.name is required'});
}
- if (!(newDoc.roles && (typeof newDoc.roles.length !== 'undefined'))) {
+ if (newDoc.roles && !isArray(newDoc.roles)) {
throw({forbidden: 'doc.roles must be an array'});
}
