git: 18e35a98325a - main - databases/couchdb3: add upstream jwt auth patches
Dave Cottlehuber
dch at FreeBSD.org
Wed Apr 7 19:14:34 UTC 2021
The branch main has been updated by dch:
URL: https://cgit.FreeBSD.org/ports/commit/?id=18e35a98325a38b43bcd5b4e0e5644bf967ef3ad
commit 18e35a98325a38b43bcd5b4e0e5644bf967ef3ad
Author: Dave Cottlehuber <dch at FreeBSD.org>
AuthorDate: 2021-04-07 19:12:42 +0000
Commit: Dave Cottlehuber <dch at FreeBSD.org>
CommitDate: 2021-04-07 19:13:17 +0000
databases/couchdb3: add upstream jwt auth patches
See
https://github.com/apache/couchdb/commit/331894a6acb4565c71d800f2e63206101dfbb48c
---
databases/couchdb3/Makefile | 2 +-
.../couchdb3/files/patch-src_jwtf_src_jwtf.app.src | 11 +++
.../couchdb3/files/patch-src_jwtf_src_jwtf.erl | 86 ++++++++++++++++++++++
.../files/patch-src_jwtf_src_jwtf__keystore.erl | 28 +++++++
databases/couchdb3/pkg-plist | 10 +--
5 files changed, 131 insertions(+), 6 deletions(-)
diff --git a/databases/couchdb3/Makefile b/databases/couchdb3/Makefile
index 6d86839c475b..e9d9a43be4ab 100644
--- a/databases/couchdb3/Makefile
+++ b/databases/couchdb3/Makefile
@@ -1,6 +1,6 @@
PORTNAME= couchdb3
DISTVERSION= 3.1.1
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= databases
MASTER_SITES= APACHE/couchdb/source/${DISTVERSION}
DISTNAME= apache-couchdb-${DISTVERSION}
diff --git a/databases/couchdb3/files/patch-src_jwtf_src_jwtf.app.src b/databases/couchdb3/files/patch-src_jwtf_src_jwtf.app.src
new file mode 100644
index 000000000000..ccf78aa932b8
--- /dev/null
+++ b/databases/couchdb3/files/patch-src_jwtf_src_jwtf.app.src
@@ -0,0 +1,11 @@
+--- src/jwtf/src/jwtf.app.src.orig 2021-03-31 15:23:39 UTC
++++ src/jwtf/src/jwtf.app.src
+@@ -12,7 +12,7 @@
+
+ {application, jwtf, [
+ {description, "JSON Web Token Functions"},
+- {vsn, "3.1.1"},
++ {vsn, "3.1.2"},
+ {registered, []},
+ {applications, [
+ kernel,
diff --git a/databases/couchdb3/files/patch-src_jwtf_src_jwtf.erl b/databases/couchdb3/files/patch-src_jwtf_src_jwtf.erl
new file mode 100644
index 000000000000..2c6e4809eaf0
--- /dev/null
+++ b/databases/couchdb3/files/patch-src_jwtf_src_jwtf.erl
@@ -0,0 +1,86 @@
+--- src/jwtf/src/jwtf.erl.orig 2021-03-31 15:23:39 UTC
++++ src/jwtf/src/jwtf.erl
+@@ -188,8 +188,7 @@ validate_alg(Props, Checks) ->
+ end.
+
+
+-%% Not all these fields have to be present, but if they _are_ present
+-%% they must be valid.
++%% Only validate required checks.
+ validate_payload(Props, Checks) ->
+ validate_iss(Props, Checks),
+ validate_iat(Props, Checks),
+@@ -202,7 +201,7 @@ validate_iss(Props, Checks) ->
+ ActualISS = prop(<<"iss">>, Props),
+
+ case {ExpectedISS, ActualISS} of
+- {undefined, undefined} ->
++ {undefined, _} -> % ignore unrequired check
+ ok;
+ {ISS, undefined} when ISS /= undefined ->
+ throw({bad_request, <<"Missing iss claim">>});
+@@ -218,11 +217,11 @@ validate_iat(Props, Checks) ->
+ IAT = prop(<<"iat">>, Props),
+
+ case {Required, IAT} of
+- {undefined, undefined} ->
++ {undefined, _} -> % ignore unrequired check
+ ok;
+ {true, undefined} ->
+ throw({bad_request, <<"Missing iat claim">>});
+- {_, IAT} when is_integer(IAT) ->
++ {true, IAT} when is_integer(IAT) ->
+ ok;
+ {true, _} ->
+ throw({bad_request, <<"Invalid iat claim">>})
+@@ -234,12 +233,12 @@ validate_nbf(Props, Checks) ->
+ NBF = prop(<<"nbf">>, Props),
+
+ case {Required, NBF} of
+- {undefined, undefined} ->
++ {undefined, _} -> % ignore unrequired check
+ ok;
+ {true, undefined} ->
+ throw({bad_request, <<"Missing nbf claim">>});
+- {_, IAT} ->
+- assert_past(<<"nbf">>, IAT)
++ {true, NBF} ->
++ assert_past(<<"nbf">>, NBF)
+ end.
+
+
+@@ -248,11 +247,11 @@ validate_exp(Props, Checks) ->
+ EXP = prop(<<"exp">>, Props),
+
+ case {Required, EXP} of
+- {undefined, undefined} ->
++ {undefined, _} -> % ignore unrequired check
+ ok;
+ {true, undefined} ->
+ throw({bad_request, <<"Missing exp claim">>});
+- {_, EXP} ->
++ {true, EXP} ->
+ assert_future(<<"exp">>, EXP)
+ end.
+
+@@ -351,3 +350,20 @@ now_seconds() ->
+
+ prop(Prop, Props) ->
+ proplists:get_value(Prop, Props).
++
++
++-ifdef(TEST).
++-include_lib("eunit/include/eunit.hrl").
++
++validate_payload_ignore_unchecked_props_test() ->
++ ?assertEqual(ok, validate_payload(_Props = [], _Checks = [])),
++ BogusProps = [
++ {iss, bogus},
++ {iat, bogus},
++ {nbf, bogus},
++ {exp, bogus}
++ ],
++ ?assertEqual(ok, validate_payload(BogusProps, _Checks = [])),
++ ok.
++
++-endif.
diff --git a/databases/couchdb3/files/patch-src_jwtf_src_jwtf__keystore.erl b/databases/couchdb3/files/patch-src_jwtf_src_jwtf__keystore.erl
new file mode 100644
index 000000000000..6f765c384342
--- /dev/null
+++ b/databases/couchdb3/files/patch-src_jwtf_src_jwtf__keystore.erl
@@ -0,0 +1,28 @@
+--- src/jwtf/src/jwtf_keystore.erl.orig 2021-03-31 15:23:39 UTC
++++ src/jwtf/src/jwtf_keystore.erl
+@@ -140,13 +140,18 @@ get_from_config(Kty, KID) ->
+ end.
+
+ pem_decode(PEM) ->
+- BinPEM = iolist_to_binary(string:replace(PEM, "\\n", "\n", all)),
+- case public_key:pem_decode(BinPEM) of
+- [PEMEntry] ->
+- public_key:pem_entry_decode(PEMEntry);
+- [] ->
+- throw({bad_request, <<"Not a valid key">>})
+- end.
++ BinPEM = re:replace(PEM, "\\\\n", "\n", [global, {return, binary}]),
++ try
++ case public_key:pem_decode(BinPEM) of
++ [PEMEntry] ->
++ public_key:pem_entry_decode(PEMEntry);
++ _ ->
++ throw({bad_request, <<"Not a valid key">>})
++ end
++ catch
++ error:_ ->
++ throw({bad_request, <<"Not a valid key">>})
++ end.
+
+ kty(<<"HS", _/binary>>) ->
+ "hmac";
diff --git a/databases/couchdb3/pkg-plist b/databases/couchdb3/pkg-plist
index 15565d2a79b5..108dda00ea8a 100644
--- a/databases/couchdb3/pkg-plist
+++ b/databases/couchdb3/pkg-plist
@@ -153,11 +153,11 @@ libexec/couchdb3/lib/dreyfus-%%VERSION%%/priv/stats_descriptions.cfg
libexec/couchdb3/lib/fabric-%%VERSION%%/ebin/fabric_db_partition_info.beam
libexec/couchdb3/lib/fabric-%%VERSION%%/ebin/fabric_ring.beam
libexec/couchdb3/lib/fabric-%%VERSION%%/ebin/fabric_streams.beam
-libexec/couchdb3/lib/jwtf-%%VERSION%%/ebin/jwtf.app
-libexec/couchdb3/lib/jwtf-%%VERSION%%/ebin/jwtf.beam
-libexec/couchdb3/lib/jwtf-%%VERSION%%/ebin/jwtf_app.beam
-libexec/couchdb3/lib/jwtf-%%VERSION%%/ebin/jwtf_keystore.beam
-libexec/couchdb3/lib/jwtf-%%VERSION%%/ebin/jwtf_sup.beam
+libexec/couchdb3/lib/jwtf-3.1.2/ebin/jwtf.app
+libexec/couchdb3/lib/jwtf-3.1.2/ebin/jwtf.beam
+libexec/couchdb3/lib/jwtf-3.1.2/ebin/jwtf_app.beam
+libexec/couchdb3/lib/jwtf-3.1.2/ebin/jwtf_keystore.beam
+libexec/couchdb3/lib/jwtf-3.1.2/ebin/jwtf_sup.beam
libexec/couchdb3/lib/ken-%%VERSION%%/ebin/ken.app
libexec/couchdb3/lib/ken-%%VERSION%%/ebin/ken.beam
libexec/couchdb3/lib/ken-%%VERSION%%/ebin/ken_app.beam
More information about the dev-commits-ports-all
mailing list