Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 278C1200B53 for ; Tue, 12 Jul 2016 21:40:50 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 26365160A87; Tue, 12 Jul 2016 19:40:50 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id B918B160A8C for ; Tue, 12 Jul 2016 21:40:48 +0200 (CEST) Received: (qmail 33967 invoked by uid 500); 12 Jul 2016 19:40:46 -0000 Mailing-List: contact commits-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list commits@couchdb.apache.org Received: (qmail 33865 invoked by uid 99); 12 Jul 2016 19:40:46 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 12 Jul 2016 19:40:46 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 5FB65DFF68; Tue, 12 Jul 2016 19:40:46 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: jan@apache.org To: commits@couchdb.apache.org Date: Tue, 12 Jul 2016 19:41:27 -0000 Message-Id: In-Reply-To: <0e81218314f44c70b4b6557a4e61dc76@git.apache.org> References: <0e81218314f44c70b4b6557a4e61dc76@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [44/50] couchdb commit: updated refs/heads/auth-tests-wip to c34d871 archived-at: Tue, 12 Jul 2016 19:40:50 -0000 auth-tests wip *Get cookie-auth to pass \o/* Current remaining issues are with users_db.js and users_db_security.js. ./dev/run -n1 --with-admin-party-please Second terminal: ./tests/javascript/run users_db or ./tests/javascript/run users_db_security * * * users_db.js: JS test output: test/javascript/tests/users_db.js Error: function_clause Trace back (most recent call first): 546: test/javascript/couch.js CouchError([object Object]) 509: test/javascript/couch.js ([object CouchHTTP]) 58: test/javascript/couch.js ([object Object]) 71: test/javascript/tests/users_db.js # <<<<< place in users_db.js where the error is triggered testFun() 385: test/javascript/couch_test_runner.js run_on_modified_server([object Array],testFun) 181: test/javascript/tests/users_db.js () 37: test/javascript/cli_runner.js runTest() 48: test/javascript/cli_runner.js fail dev/logs/node1.log: 2016-05-16 14:34:31.903 [error] node1@127.0.0.1 <0.682.0> req_err(2080506428) unknown_error : function_clause[<<"chttpd_db:update_doc/4 L970">>,<<"chttpd_db:send_updated_doc/6 L934">>,<<"chttpd:process_request/1 L293">>,<<"chttpd:handle_request_int/1 L229">>,<<"mochiweb_http:headers/6 L122">>,<<"proc_lib:init_p_do_apply/3 L239">>] * * * users_db_security.js: JS test output: Error: expected 'true', got 'null' Trace back (most recent call first): 52: test/javascript/test_setup.js T(false,"expected 'true', got 'null'",(void 0)) 321: test/javascript/couch_test_runner.js TEquals(true,(void 0)) 186: test/javascript/tests/users_db_security.js # <<<<< place in users_db_security.js where () # the error is triggered 385: test/javascript/couch_test_runner.js run_on_modified_server([object Array],(function () {var res = usersDb. 114: test/javascript/tests/users_db_security.js () 385: test/javascript/couch_test_runner.js run_on_modified_server([object Array],(function () {var userDoc = {_id 419: test/javascript/tests/users_db_security.js () 37: test/javascript/cli_runner.js runTest() 48: test/javascript/cli_runner.js dev/logs/node1.log: 2016-05-16 19:46:20.092 [error] Undefined emulator Error in process <0.1938.0> on node 'node1@127.0.0.1' with exit value: {function_clause,[{fabric_doc_update,handle_message,[not_found,{shard,<<42 bytes>>,'node1@127.0.0.1',<<6 bytes>>,[3221225472,3758096383],#Ref<0.0.0.40541>},{1,1,1,[{{shard,<<42 bytes>>,'node1@127.0.0.1',<<6 bytes>>,[3221225472,3758096383],#Ref<0.0.0.40541>},[{doc,<<24 bytes>>,{1,[<<16 bytes>>]},{[{<<4 bytes>>,<<4 bytes>>},{<<4 bytes>>,<<7 bytes>>},{<<4 bytes>>,<<32 bytes>>},{<<5 bytes>>,[]},{<<15 bytes>>,<<6 bytes>>},{<<10 bytes>>,1},{<<11 bytes>>,<<40 bytes>>}]},[],false,[{ref,#Ref<0.0.0.40540>}]}]}],{dict,0,16,16,8,80,48,{[],[],[],[],[],[],[],[],[],[],[],[],... 2016-05-16 19:46:20.093 [error] node1@127.0.0.1 <0.1602.0> req_err(1320117845) badmatch : {function_clause, [{fabric_doc_update,handle_message, [not_found, {shard,<<"shards/c0000000-dfffffff/_users.1463420709">>, 'node1@127.0.0.1',<<"_users">>, [3221225472,3758096383], #Ref<0.0.0.40541>}, {1,1,1, [{{shard,<<"shards/c0000000-dfffffff/_users.1463420709">>, 'node1@127.0.0.1',<<"_users">>, [3221225472,3758096383], #Ref<0.0.0.40541>}, [{doc,<<"org.couchdb.user:rnewson">>, {1, [<<160,186,22,20,84,62,68,165,50,104,255,197,135,68,137, 132>>]}, {[{<<"type">>,<<"user">>}, {<<"name">>,<<"rnewson">>}, {<<"salt">>,<<"455064159003b44956d0deeab778ba77">>}, {<<"roles">>,[]}, {<<"password_scheme">>,<<"pbkdf2">>}, {<<"iterations">>,1}, {<<"derived_key">>, <<"dcfaca803d9fcd53c7882beccddb074760d7da5f">>}]}, [],false, [{ref,#Ref<0.0.0.40540>}]}]}], {dict,0,16,16,8,80,48, {[],[],[],[],[],[],[],[],[],[],[],[],[],[],[],[]}, {{[],[],[],[],[],[],[],[],[],[],[],[],[],[],[],[]}}}}], [{file,"src/fabric_doc_update.erl"},{line,55}]}, {rexi_utils,process_mailbox,6,[{file,"src/rexi_utils.erl"},{line,55}]}, {fabric_doc_update,go,3,[{file,"src/fabric_doc_update.erl"},{line,39}]}, {fabric,update_docs,3,[{file,"src/fabric.erl"},{line,245}]}, {fabric,update_doc,3,[{file,"src/fabric.erl"},{line,225}]}, {chttpd_auth_cache,'-update_user_creds/3-fun-0-',1, [{file,"src/chttpd_auth_cache.erl"},{line,55}]}]} [<<"couch_httpd_auth:maybe_upgrade_password_hash/6 L408">>,<<"couch_httpd_auth:handle_session_req/2 L311">>,<<"chttpd:process_request/1 L293">>,<<"chttpd:handle_request_int/1 L229">>,<<"mochiweb_http:headers/6 L122">>,<<"proc_lib:init_p_do_apply/3 L239">>] 2016-05-16 19:46:20.093 [notice] node1@127.0.0.1 <0.1602.0> fa720ffc9c 127.0.0.1 127.0.0.1:15984 undefined POST /_session 500 ok 2 Applying https://github.com/apache/couchdb-mem3/pull/21 makes no difference. * * * Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/6411a404 Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/6411a404 Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/6411a404 Branch: refs/heads/auth-tests-wip Commit: 6411a40494f0e8f59a8852c17a7d9692b2a19ad9 Parents: 01be91c Author: Jan Lehnardt Authored: Mon May 16 19:30:19 2016 +0200 Committer: Jan Lehnardt Committed: Tue Jul 12 20:55:58 2016 +0200 ---------------------------------------------------------------------- test/javascript/couch.js | 2 +- test/javascript/couch_test_runner.js | 7 +++++ test/javascript/tests/cookie_auth.js | 35 +++++++++++-------------- test/javascript/tests/users_db.js | 22 +++++++++++----- test/javascript/tests/users_db_security.js | 31 +++++++++++----------- 5 files changed, 54 insertions(+), 43 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/couchdb/blob/6411a404/test/javascript/couch.js ---------------------------------------------------------------------- diff --git a/test/javascript/couch.js b/test/javascript/couch.js index 1a2f950..dd9a408 100644 --- a/test/javascript/couch.js +++ b/test/javascript/couch.js @@ -470,7 +470,7 @@ CouchDB.requestStats = function(path, test) { query_arg = "?flush=true"; } - var url = "/_stats/" + path.join("/") + query_arg; + var url = "/_node/node1@127.0.0.1/_stats/" + path.join("/") + query_arg; var stat = CouchDB.request("GET", url).responseText; return JSON.parse(stat); }; http://git-wip-us.apache.org/repos/asf/couchdb/blob/6411a404/test/javascript/couch_test_runner.js ---------------------------------------------------------------------- diff --git a/test/javascript/couch_test_runner.js b/test/javascript/couch_test_runner.js index 887e988..253b545 100644 --- a/test/javascript/couch_test_runner.js +++ b/test/javascript/couch_test_runner.js @@ -507,3 +507,10 @@ function retry_part(fct, n, duration) { } } +function wait(ms) { + var t0 = new Date(), t1; + do { + CouchDB.request("GET", "/"); + t1 = new Date(); + } while ((t1 - t0) <= ms); +} http://git-wip-us.apache.org/repos/asf/couchdb/blob/6411a404/test/javascript/tests/cookie_auth.js ---------------------------------------------------------------------- diff --git a/test/javascript/tests/cookie_auth.js b/test/javascript/tests/cookie_auth.js index df4c9bd..9a14416 100644 --- a/test/javascript/tests/cookie_auth.js +++ b/test/javascript/tests/cookie_auth.js @@ -11,18 +11,17 @@ // the License. couchTests.cookie_auth = function(debug) { - return console.log('TODO: config not available on cluster'); // This tests cookie-based authentication. - //return console.log('TODO'); - // TODO: re-write so we get along withOUT changed config - // poss.: re-write so we just use _users and add some docs (and we delete those b4 running). Admin party should not hurt when logging in more var db_name = get_random_db_name(); var db = new CouchDB(db_name, {"X-Couch-Full-Commit":"false"}); db.createDb(); // used later, needs to be global here - var users_db_name = get_random_db_name(); + var users_db_name = '_users'; + var usersDb = new CouchDB(users_db_name, {"X-Couch-Full-Commit":"false"}); + try { usersDb.createDb(); } catch (e) { /* ignore if exists*/ } + if (debug) debugger; var password = "3.141592653589"; @@ -90,13 +89,13 @@ couchTests.cookie_auth = function(debug) { TEquals("Jason Davies", checkDoc.name); var jchrisUserDoc = CouchDB.prepareUserDoc({ - name: "jchris@apache.org" + name: "jchris" }, "funnybone"); T(usersDb.save(jchrisUserDoc).ok); // make sure we cant create duplicate users var duplicateJchrisDoc = CouchDB.prepareUserDoc({ - name: "jchris@apache.org" + name: "jchris" }, "eh, Boo-Boo?"); try { @@ -194,8 +193,8 @@ couchTests.cookie_auth = function(debug) { // test users db validations // // test that you can't update docs unless you are logged in as the user (or are admin) - T(CouchDB.login("jchris@apache.org", "funnybone").ok); - T(CouchDB.session().userCtx.name == "jchris@apache.org"); + T(CouchDB.login("jchris", "funnybone").ok); + T(CouchDB.session().userCtx.name == "jchris"); T(CouchDB.session().userCtx.roles.length == 0); jasonUserDoc.foo=3; @@ -223,6 +222,7 @@ couchTests.cookie_auth = function(debug) { jchrisUserDoc.foo = ["foo"]; T(save_as(usersDb, jchrisUserDoc, "jan")); + wait(5000) // wait for auth cache invalidation // test that you can't save system (underscore) roles even if you are admin jchrisUserDoc.roles = ["_bar"]; @@ -232,8 +232,8 @@ couchTests.cookie_auth = function(debug) { T(usersDb.last_req.status == 403); // make sure the foo role has been applied - T(CouchDB.login("jchris@apache.org", "funnybone").ok); - T(CouchDB.session().userCtx.name == "jchris@apache.org"); + T(CouchDB.login("jchris", "funnybone").ok); + T(CouchDB.session().userCtx.name == "jchris"); T(CouchDB.session().userCtx.roles.indexOf("_admin") == -1); T(CouchDB.session().userCtx.roles.indexOf("foo") != -1); @@ -245,9 +245,9 @@ couchTests.cookie_auth = function(debug) { TEquals(true, CouchDB.login("jan", "apple").ok); run_on_modified_server([{section: "admins", - key: "jchris@apache.org", value: "funnybone"}], function() { - T(CouchDB.login("jchris@apache.org", "funnybone").ok); - T(CouchDB.session().userCtx.name == "jchris@apache.org"); + key: "jchris", value: "funnybone"}], function() { + T(CouchDB.login("jchris", "funnybone").ok); + T(CouchDB.session().userCtx.name == "jchris"); T(CouchDB.session().userCtx.roles.indexOf("_admin") != -1); // test that jchris still has the foo role T(CouchDB.session().userCtx.roles.indexOf("foo") != -1); @@ -258,9 +258,9 @@ couchTests.cookie_auth = function(debug) { delete jchrisUserDoc.password_sha; T(usersDb.save(jchrisUserDoc).ok); T(CouchDB.logout().ok); - T(CouchDB.login("jchris@apache.org", "funnybone").ok); + T(CouchDB.login("jchris", "funnybone").ok); var s = CouchDB.session(); - T(s.userCtx.name == "jchris@apache.org"); + T(s.userCtx.name == "jchris"); T(s.userCtx.roles.indexOf("_admin") != -1); // test session info T(s.info.authenticated == "cookie"); @@ -277,9 +277,6 @@ couchTests.cookie_auth = function(debug) { TEquals(true, CouchDB.login("jan", "apple").ok); }; - var usersDb = new CouchDB(users_db_name, {"X-Couch-Full-Commit":"false"}); - usersDb.createDb(); - run_on_modified_server( [ {section: "couch_httpd_auth", http://git-wip-us.apache.org/repos/asf/couchdb/blob/6411a404/test/javascript/tests/users_db.js ---------------------------------------------------------------------- diff --git a/test/javascript/tests/users_db.js b/test/javascript/tests/users_db.js index ada0047..7027b07 100644 --- a/test/javascript/tests/users_db.js +++ b/test/javascript/tests/users_db.js @@ -15,8 +15,9 @@ couchTests.users_db = function(debug) { // This tests the users db, especially validations // this should also test that you can log into the couch - var users_db_name = '_users'; //get_random_db_name(); + var users_db_name = '_users'; var usersDb = new CouchDB(users_db_name, {"X-Couch-Full-Commit":"false"}); + try { usersDb.createDb(); } catch (e) { /* ignore if exists*/ } // test that you can treat "_user" as a db-name // this can complicate people who try to secure the users db with @@ -32,8 +33,8 @@ couchTests.users_db = function(debug) { // since it doesn’t wait for the ddoc to be created. // in a full test suite run, this is fine. // dev trick: run `test/javascript/run basics users_db` - var ddoc = usersDb.open("_design/_auth"); - T(ddoc.validate_doc_update); + // var ddoc = usersDb.open("_design/_auth"); + // T(ddoc.validate_doc_update); // test that you can login as a user using basic auth var jchrisUserDoc = CouchDB.prepareUserDoc({ @@ -60,14 +61,14 @@ couchTests.users_db = function(debug) { } }); T(s.name == null); - T(s.info.authenticated == "default"); + T(s.info.authenticated == "local"); // ok, now create a conflicting edit on the jchris doc, and make sure there's no login. var jchrisUser2 = JSON.parse(JSON.stringify(jchrisUserDoc)); jchrisUser2.foo = "bar"; - var r = usersDb.save(jchrisUser2) - T(r.ok); + + T(usersDb.save(jchrisUser2).ok); try { usersDb.save(jchrisUserDoc); T(false && "should be an update conflict"); @@ -80,6 +81,7 @@ couchTests.users_db = function(debug) { var jchrisWithConflict = usersDb.open(jchrisUserDoc._id, {conflicts : true}); T(jchrisWithConflict._conflicts.length == 1); + wait(5000) // wait for auth_cache invalidation // no login with conflicted user doc try { @@ -171,7 +173,13 @@ couchTests.users_db = function(debug) { }; - testFun() + run_on_modified_server( + [{section: "couch_httpd_auth", + key: "iterations", value: "1"}, + {section: "admins", + key: "jan", value: "apple"}], + testFun + ); usersDb.deleteDb(); // cleanup } http://git-wip-us.apache.org/repos/asf/couchdb/blob/6411a404/test/javascript/tests/users_db_security.js ---------------------------------------------------------------------- diff --git a/test/javascript/tests/users_db_security.js b/test/javascript/tests/users_db_security.js index 2c606a1..355bb03 100644 --- a/test/javascript/tests/users_db_security.js +++ b/test/javascript/tests/users_db_security.js @@ -11,18 +11,11 @@ // the License. couchTests.users_db_security = function(debug) { - return console.log('TODO after at least COUCHDB-2991 is adressed'); - var db_name = get_random_db_name(); + var db_name = '_users'; var usersDb = new CouchDB(db_name, {"X-Couch-Full-Commit":"false"}); - if (debug) debugger; + try { usersDb.createDb(); } catch (e) { /* ignore if exists*/ } - function wait(ms) { - var t0 = new Date(), t1; - do { - CouchDB.request("GET", "/"); - t1 = new Date(); - } while ((t1 - t0) <= ms); - } + if (debug) debugger; var loginUser = function(username) { var pws = { @@ -32,6 +25,9 @@ couchTests.users_db_security = function(debug) { fdmanana: "foobar", benoitc: "test" }; + // we are changing jchris’s password further down + // the next two lines keep the code cleaner in + // the actual tests var username1 = username.replace(/[0-9]$/, ""); var password = pws[username]; T(CouchDB.login(username1, pws[username]).ok); @@ -98,7 +94,7 @@ couchTests.users_db_security = function(debug) { // jan's gonna be admin as he's the first user TEquals(true, usersDb.save(userDoc).ok, "should save document"); - userDoc = usersDb.open("org.couchdb.user:jchris"); + userDoc = open_as(usersDb, "org.couchdb.user:jchris", "jchris"); TEquals(undefined, userDoc.password, "password field should be null 1"); TEquals(40, userDoc.derived_key.length, "derived_key should exist"); TEquals(32, userDoc.salt.length, "salt should exist"); @@ -141,7 +137,7 @@ couchTests.users_db_security = function(debug) { jchrisDoc.password = "couch"; TEquals(true, save_as(usersDb, jchrisDoc, "jchris").ok); - wait(100); + wait(5000); var jchrisDoc = open_as(usersDb, "org.couchdb.user:jchris", "jchris1"); TEquals(undefined, jchrisDoc.password, "password field should be null 2"); @@ -184,8 +180,11 @@ couchTests.users_db_security = function(debug) { T(!rnewsonDoc.derived_key); T(!rnewsonDoc.iterations); - TEquals(true, CouchDB.login("rnewson", "plaintext_password").ok); - rnewsonDoc = usersDb.open(rnewsonDoc._id); + wait(5000); // wait for auth cache invalidation + var r = CouchDB.login("rnewson", "plaintext_password") + log(r) + TEquals(true, r.ok); + rnewsonDoc = open_as(usersDb, rnewsonDoc._id, "rnewson"); TEquals("pbkdf2", rnewsonDoc.password_scheme); T(rnewsonDoc.salt != salt); T(!rnewsonDoc.password_sha); @@ -415,8 +414,8 @@ couchTests.users_db_security = function(debug) { run_on_modified_server( [{section: "couch_httpd_auth", key: "iterations", value: "1"}, - {section: "couch_httpd_auth", - key: "authentication_db", value: usersDb.name}], + {section: "admins", + key: "jan", value: "apple"}], testFun ); usersDb.deleteDb(); // cleanup