rnewson opened a new pull request, #5754:
URL: https://github.com/apache/couchdb/pull/5754
## Overview
Allow the rotation of couch_httpd_auth secret without disruption.
CouchDB will now react to the runtime changing of
chttpd_auth/couch_httpd_auth secret by;
1) caching the old value for the duration of the session timeout
2) checking any cookie again the current secret and any cached old secret
3) each node will synchronously tell the other nodes in the cluster of its
new secret before it starts using it
The PR also optimizes the case where there is more than one hash algorithm
configured by skipping any calculation if the presented MAC value is of a
different length to the algorithm (so we won't compare an hmac-sha1 against a
hmac-sha256, say).
## Testing recommendations
TODO - will add unit & integrations before coming out of draft.
## Related Issues or Pull Requests
<!-- If your changes affect multiple components in different
repositories please put links to those issues or pull requests here.
-->
## Checklist
- [x] Code is written and works correctly
- [ ] Changes are covered by tests
- [ ] Any new configurable parameters are documented in
`rel/overlay/etc/default.ini`
- [ ] Documentation changes were made in the `src/docs` folder
- [ ] Documentation changes were backported (separated PR) to affected
branches
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
