From 18e35a98325a38b43bcd5b4e0e5644bf967ef3ad Mon Sep 17 00:00:00 2001
From: Dave Cottlehuber <dch@FreeBSD.org>
Date: Wed, 7 Apr 2021 19:12:42 +0000
Subject: databases/couchdb3: add upstream jwt auth patches

See
https://github.com/apache/couchdb/commit/331894a6acb4565c71d800f2e63206101dfbb48c
---
 databases/couchdb3/Makefile                        |  2 +-
 .../couchdb3/files/patch-src_jwtf_src_jwtf.app.src | 11 +++
 .../couchdb3/files/patch-src_jwtf_src_jwtf.erl     | 86 ++++++++++++++++++++++
 .../files/patch-src_jwtf_src_jwtf__keystore.erl    | 28 +++++++
 databases/couchdb3/pkg-plist                       | 10 +--
 5 files changed, 131 insertions(+), 6 deletions(-)
 create mode 100644 databases/couchdb3/files/patch-src_jwtf_src_jwtf.app.src
 create mode 100644 databases/couchdb3/files/patch-src_jwtf_src_jwtf.erl
 create mode 100644 databases/couchdb3/files/patch-src_jwtf_src_jwtf__keystore.erl

(limited to 'databases')

diff --git a/databases/couchdb3/Makefile b/databases/couchdb3/Makefile
index 6d86839c475b..e9d9a43be4ab 100644
--- a/databases/couchdb3/Makefile
+++ b/databases/couchdb3/Makefile
@@ -1,6 +1,6 @@
 PORTNAME=	couchdb3
 DISTVERSION=	3.1.1
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	databases
 MASTER_SITES=	APACHE/couchdb/source/${DISTVERSION}
 DISTNAME=	apache-couchdb-${DISTVERSION}
diff --git a/databases/couchdb3/files/patch-src_jwtf_src_jwtf.app.src b/databases/couchdb3/files/patch-src_jwtf_src_jwtf.app.src
new file mode 100644
index 000000000000..ccf78aa932b8
--- /dev/null
+++ b/databases/couchdb3/files/patch-src_jwtf_src_jwtf.app.src
@@ -0,0 +1,11 @@
+--- src/jwtf/src/jwtf.app.src.orig	2021-03-31 15:23:39 UTC
++++ src/jwtf/src/jwtf.app.src
+@@ -12,7 +12,7 @@
+ 
+ {application, jwtf, [
+     {description, "JSON Web Token Functions"},
+-    {vsn, "3.1.1"},
++    {vsn, "3.1.2"},
+     {registered, []},
+     {applications, [
+         kernel,
diff --git a/databases/couchdb3/files/patch-src_jwtf_src_jwtf.erl b/databases/couchdb3/files/patch-src_jwtf_src_jwtf.erl
new file mode 100644
index 000000000000..2c6e4809eaf0
--- /dev/null
+++ b/databases/couchdb3/files/patch-src_jwtf_src_jwtf.erl
@@ -0,0 +1,86 @@
+--- src/jwtf/src/jwtf.erl.orig	2021-03-31 15:23:39 UTC
++++ src/jwtf/src/jwtf.erl
+@@ -188,8 +188,7 @@ validate_alg(Props, Checks) ->
+     end.
+ 
+ 
+-%% Not all these fields have to be present, but if they _are_ present
+-%% they must be valid.
++%% Only validate required checks.
+ validate_payload(Props, Checks) ->
+     validate_iss(Props, Checks),
+     validate_iat(Props, Checks),
+@@ -202,7 +201,7 @@ validate_iss(Props, Checks) ->
+     ActualISS = prop(<<"iss">>, Props),
+ 
+     case {ExpectedISS, ActualISS} of
+-        {undefined, undefined} ->
++        {undefined, _} -> % ignore unrequired check
+             ok;
+         {ISS, undefined} when ISS /= undefined ->
+             throw({bad_request, <<"Missing iss claim">>});
+@@ -218,11 +217,11 @@ validate_iat(Props, Checks) ->
+     IAT = prop(<<"iat">>, Props),
+ 
+     case {Required, IAT} of
+-        {undefined, undefined} ->
++        {undefined, _} -> % ignore unrequired check
+             ok;
+         {true, undefined} ->
+             throw({bad_request, <<"Missing iat claim">>});
+-        {_, IAT} when is_integer(IAT) ->
++        {true, IAT} when is_integer(IAT) ->
+             ok;
+         {true, _} ->
+             throw({bad_request, <<"Invalid iat claim">>})
+@@ -234,12 +233,12 @@ validate_nbf(Props, Checks) ->
+     NBF = prop(<<"nbf">>, Props),
+ 
+     case {Required, NBF} of
+-        {undefined, undefined} ->
++        {undefined, _} -> % ignore unrequired check
+             ok;
+         {true, undefined} ->
+             throw({bad_request, <<"Missing nbf claim">>});
+-        {_, IAT} ->
+-            assert_past(<<"nbf">>, IAT)
++        {true, NBF} ->
++            assert_past(<<"nbf">>, NBF)
+     end.
+ 
+ 
+@@ -248,11 +247,11 @@ validate_exp(Props, Checks) ->
+     EXP = prop(<<"exp">>, Props),
+ 
+     case {Required, EXP} of
+-        {undefined, undefined} ->
++        {undefined, _} -> % ignore unrequired check
+             ok;
+         {true, undefined} ->
+             throw({bad_request, <<"Missing exp claim">>});
+-        {_, EXP} ->
++        {true, EXP} ->
+             assert_future(<<"exp">>, EXP)
+     end.
+ 
+@@ -351,3 +350,20 @@ now_seconds() ->
+ 
+ prop(Prop, Props) ->
+     proplists:get_value(Prop, Props).
++
++
++-ifdef(TEST).
++-include_lib("eunit/include/eunit.hrl").
++
++validate_payload_ignore_unchecked_props_test() ->
++    ?assertEqual(ok, validate_payload(_Props = [], _Checks = [])),
++    BogusProps = [
++        {iss, bogus},
++        {iat, bogus},
++        {nbf, bogus},
++        {exp, bogus}
++    ],
++    ?assertEqual(ok, validate_payload(BogusProps, _Checks = [])),
++    ok.
++
++-endif.
diff --git a/databases/couchdb3/files/patch-src_jwtf_src_jwtf__keystore.erl b/databases/couchdb3/files/patch-src_jwtf_src_jwtf__keystore.erl
new file mode 100644
index 000000000000..6f765c384342
--- /dev/null
+++ b/databases/couchdb3/files/patch-src_jwtf_src_jwtf__keystore.erl
@@ -0,0 +1,28 @@
+--- src/jwtf/src/jwtf_keystore.erl.orig	2021-03-31 15:23:39 UTC
++++ src/jwtf/src/jwtf_keystore.erl
+@@ -140,13 +140,18 @@ get_from_config(Kty, KID) ->
+     end.
+ 
+ pem_decode(PEM) ->
+-    BinPEM = iolist_to_binary(string:replace(PEM, "\\n", "\n", all)),
+-    case public_key:pem_decode(BinPEM) of
+-        [PEMEntry] ->
+-            public_key:pem_entry_decode(PEMEntry);
+-        [] ->
+-            throw({bad_request, <<"Not a valid key">>})
+-    end.
++    BinPEM = re:replace(PEM, "\\\\n", "\n", [global, {return, binary}]),
++    try
++        case public_key:pem_decode(BinPEM) of
++            [PEMEntry] ->
++                public_key:pem_entry_decode(PEMEntry);
++            _ ->
++                throw({bad_request, <<"Not a valid key">>})
++        end
++   catch
++       error:_ ->
++           throw({bad_request, <<"Not a valid key">>})
++   end.
+ 
+ kty(<<"HS", _/binary>>) ->
+     "hmac";
diff --git a/databases/couchdb3/pkg-plist b/databases/couchdb3/pkg-plist
index 15565d2a79b5..108dda00ea8a 100644
--- a/databases/couchdb3/pkg-plist
+++ b/databases/couchdb3/pkg-plist
@@ -153,11 +153,11 @@ libexec/couchdb3/lib/dreyfus-%%VERSION%%/priv/stats_descriptions.cfg
 libexec/couchdb3/lib/fabric-%%VERSION%%/ebin/fabric_db_partition_info.beam
 libexec/couchdb3/lib/fabric-%%VERSION%%/ebin/fabric_ring.beam
 libexec/couchdb3/lib/fabric-%%VERSION%%/ebin/fabric_streams.beam
-libexec/couchdb3/lib/jwtf-%%VERSION%%/ebin/jwtf.app
-libexec/couchdb3/lib/jwtf-%%VERSION%%/ebin/jwtf.beam
-libexec/couchdb3/lib/jwtf-%%VERSION%%/ebin/jwtf_app.beam
-libexec/couchdb3/lib/jwtf-%%VERSION%%/ebin/jwtf_keystore.beam
-libexec/couchdb3/lib/jwtf-%%VERSION%%/ebin/jwtf_sup.beam
+libexec/couchdb3/lib/jwtf-3.1.2/ebin/jwtf.app
+libexec/couchdb3/lib/jwtf-3.1.2/ebin/jwtf.beam
+libexec/couchdb3/lib/jwtf-3.1.2/ebin/jwtf_app.beam
+libexec/couchdb3/lib/jwtf-3.1.2/ebin/jwtf_keystore.beam
+libexec/couchdb3/lib/jwtf-3.1.2/ebin/jwtf_sup.beam
 libexec/couchdb3/lib/ken-%%VERSION%%/ebin/ken.app
 libexec/couchdb3/lib/ken-%%VERSION%%/ebin/ken.beam
 libexec/couchdb3/lib/ken-%%VERSION%%/ebin/ken_app.beam
-- 
cgit v1.2.3