swallow bad auth errors, fixes #17

rlidwka · Dec 6, 2013 · a257fc3 · a257fc3
1 parent 6a295ac
commit a257fc3
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 8 deletions.
diff --git a/lib/index.js b/lib/index.js
@@ -174,9 174,17 @@ module.exports = function(config_hash) {
  app.put('/-/user/:argument/-rev/*', function(req, res, next) {
  // can't put 'org.couchdb.user' in route address for some reason
  if (req.params.argument.split(':')[0] !== 'org.couchdb.user') return next('route')
 
  if (req.remoteUser == null) {
  res.status(403)
  return res.send({
  error: 'bad username/password, access denied',
  })
  }
 
  res.status(201)
  return res.send({
- ok: 'you are authenticated as "'   req.user   '"',
  ok: 'you are authenticated as "'   req.remoteUser   '"',
  })
  })
 

diff --git a/lib/middleware.js b/lib/middleware.js
@@ -39,14 39,19 @@ module.exports.expect_json = function expect_json(req, res, next) {
 }
 
 module.exports.basic_auth = function basic_auth(callback) {
- return function(req, res, next) {
  return function(req, res, _next) {
  function next(err) {
  // uncomment this to reject users with bad auth headers
  //return _next.apply(null, arguments)
 
  // swallow error, user remains unauthorized
  return _next()
  }
 
  var authorization = req.headers.authorization
 
- if (req.user) return next()
- if (authorization == null) {
- req.user = req.remoteUser = undefined
- return next()
- }
  if (req.remoteUser != null) return next()
  if (authorization == null) return next()
 
  var parts = authorization.split(' ')
 
@@ -68,7 73,7 @@ module.exports.basic_auth = function basic_auth(callback) {
  , pass = credentials.slice(index   1)
 
  if (callback(user, pass)) {
- req.user = req.remoteUser = user
  req.remoteUser = user
  next()
  } else {
  next({