Details
-
Bug
-
Resolution: Fixed
-
Major
-
Morpheus, 7.0.6, 7.1.7, 7.2.6, 7.6.4
-
Untriaged
-
0
-
Unknown
Description
When a username is extracted from a client certificate, we don't check user for existence. We need to add this check before stopping the matching process.
In other words, current algorithm is:
1. We start from the first tuple in the list: (path, prefix, delimiter).
2. If we can extract the username from the certificate using that tuple the authentication is successful, we return extracted username.
3. If this is the last tuple, authentication has failed, stop.
4. Switch to the next tuple, and go to step 2.
We should modify it the following way:
1. We start from the first tuple in the list: (path, prefix, delimiter).
2. If we can extract the username from the certificate using that tuple and that local user exists in couchbase-server the authentication is successful, we return extracted username.
3. If this is the last tuple, authentication has failed, stop.
4. Switch to the next tuple, and go to step 2.