couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From woh...@apache.org
Subject [couchdb-documentation] branch master updated: Remove OAuth documentation
Date Sun, 09 Jul 2017 22:05:55 GMT
This is an automated email from the ASF dual-hosted git repository.

wohali pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/couchdb-documentation.git


The following commit(s) were added to refs/heads/master by this push:
     new d672772  Remove OAuth documentation
d672772 is described below

commit d672772d44341899972c012ec7abe64aca193f72
Author: Joan Touzet <joant@atypical.net>
AuthorDate: Sat Jul 8 00:24:04 2017 -0400

    Remove OAuth documentation
    
    Helps resolve issue #656
---
 src/api/server/authn.rst         | 107 +--------------------------------------
 src/api/server/configuration.rst |   9 ++--
 src/config/auth.rst              |  68 -------------------------
 src/config/http-handlers.rst     |   7 ---
 src/config/http.rst              |   5 +-
 src/whatsnew/2.0.rst             |   2 +
 src/whatsnew/2.1.rst             |   2 +
 7 files changed, 11 insertions(+), 189 deletions(-)

diff --git a/src/api/server/authn.rst b/src/api/server/authn.rst
index 06a2728..4ad7250 100644
--- a/src/api/server/authn.rst
+++ b/src/api/server/authn.rst
@@ -215,7 +215,6 @@ To obtain the first token and thus authenticate a user for the first time,
the
                 "authenticated": "cookie",
                 "authentication_db": "_users",
                 "authentication_handlers": [
-                    "oauth",
                     "cookie",
                     "default"
                 ]
@@ -278,7 +277,7 @@ Proxy Authentication
     .. code-block:: ini
 
         [httpd]
-        authentication_handlers = {couch_httpd_oauth, oauth_authentication_handler}, {couch_httpd_auth,
cookie_authentication_handler}, {couch_httpd_auth, proxy_authentication_handler}, {couch_httpd_auth,
default_authentication_handler}
+        authentication_handlers = {couch_httpd_auth, cookie_authentication_handler}, {couch_httpd_auth,
proxy_authentication_handler}, {couch_httpd_auth, default_authentication_handler}
 
 `Proxy authentication` is very useful in case your application already uses
 some external authentication service and you don't want to duplicate users and
@@ -325,7 +324,6 @@ headers to CouchDB with related requests:
             "authenticated": "proxy",
             "authentication_db": "_users",
             "authentication_handlers": [
-                "oauth",
                 "cookie",
                 "proxy",
                 "default"
@@ -343,106 +341,3 @@ headers to CouchDB with related requests:
 
 Note that you don't need to request :ref:`session <api/auth/session>`
 to be authenticated by this method if all required HTTP headers are provided.
-
-.. _api/auth/oauth:
-
-OAuth Authentication
-====================
-
-CouchDB supports OAuth 1.0 authentication (:rfc:`5849`). OAuth provides a
-method for clients to access server resources  without sharing real credentials
-(username and password).
-
-First, :ref:`configure oauth <config/oauth>`, by setting consumer and token
-with their secrets and binding token to real CouchDB username.
-
-Probably, it's not good idea to work with plain curl, let use some scripting
-language like Python:
-
-.. code-block:: python
-
-    #!/usr/bin/env python2
-    from oauth import oauth # pip install oauth
-    import httplib
-
-    URL = 'http://localhost:5984/_session'
-    CONSUMER_KEY = 'consumer1'
-    CONSUMER_SECRET = 'sekr1t'
-    TOKEN = 'token1'
-    SECRET = 'tokensekr1t'
-
-    consumer = oauth.OAuthConsumer(CONSUMER_KEY, CONSUMER_SECRET)
-    token = oauth.OAuthToken(TOKEN, SECRET)
-    req = oauth.OAuthRequest.from_consumer_and_token(
-        consumer,
-        token=token,
-        http_method='GET',
-        http_url=URL,
-        parameters={}
-    )
-    req.sign_request(oauth.OAuthSignatureMethod_HMAC_SHA1(), consumer,token)
-
-    headers = req.to_header()
-    headers['Accept'] = 'application/json'
-
-    con = httplib.HTTPConnection('localhost', 5984)
-    con.request('GET', URL, headers=headers)
-    resp = con.getresponse()
-    print resp.read()
-
-or Ruby:
-
-.. code-block:: ruby
-
-    #!/usr/bin/env ruby
-
-    require 'oauth' # gem install oauth
-
-    URL = 'http://localhost:5984'
-    CONSUMER_KEY = 'consumer1'
-    CONSUMER_SECRET = 'sekr1t'
-    TOKEN = 'token1'
-    SECRET = 'tokensekr1t'
-
-    @consumer = OAuth::Consumer.new CONSUMER_KEY,
-                                    CONSUMER_SECRET,
-                                    {:site => URL}
-
-    @access_token = OAuth::AccessToken.new(@consumer, TOKEN, SECRET)
-
-    puts @access_token.get('/_session').body
-
-Both snippets produces similar request and response pair:
-
-.. code-block:: http
-
-    GET /_session HTTP/1.1
-    Host: localhost:5984
-    Accept: application/json
-    Authorization: OAuth realm="", oauth_nonce="81430018", oauth_timestamp="1374561749",
oauth_consumer_key="consumer1", oauth_signature_method="HMAC-SHA1", oauth_version="1.0", oauth_token="token1",
oauth_signature="o4FqJ8%2B9IzUpXH%2Bk4rgnv7L6eTY%3D"
-
-.. code-block:: http
-
-    HTTP/1.1 200 OK
-    Cache-Control : must-revalidate
-    Content-Length : 167
-    Content-Type : application/json
-    Date : Tue, 23 Jul 2013 06:51:15 GMT
-    Server: CouchDB (Erlang/OTP)
-
-    {
-        "ok": true,
-        "info": {
-            "authenticated": "oauth",
-            "authentication_db": "_users",
-            "authentication_handlers": ["oauth", "cookie", "default"]
-        },
-        "userCtx": {
-            "name": "couchdb_username",
-            "roles": []
-        }
-    }
-
-There we request the :ref:`_session <api/auth/session>` resource to ensure
-that authentication was successful and the target CouchDB username is correct.
-Change the target URL to request required resource.
diff --git a/src/api/server/configuration.rst b/src/api/server/configuration.rst
index 6655fc9..e2ec0f7 100644
--- a/src/api/server/configuration.rst
+++ b/src/api/server/configuration.rst
@@ -92,13 +92,13 @@ the various configuration values within a running CouchDB instance.
             },
             "httpd": {
                 "allow_jsonp": "false",
-                "authentication_handlers": "{couch_httpd_oauth, oauth_authentication_handler},
{couch_httpd_auth, cookie_authentication_handler}, {couch_httpd_auth, default_authentication_handler}",
+                "authentication_handlers": "{couch_httpd_auth, cookie_authentication_handler},
{couch_httpd_auth, default_authentication_handler}",
                 "bind_address": "192.168.0.2",
                 "default_handler": "{couch_httpd_db, handle_request}",
                 "max_connections": "2048",
                 "port": "5984",
                 "secure_rewrites": "true",
-                "vhost_global_handlers": "_utils, _uuids, _session, _oauth, _users"
+                "vhost_global_handlers": "_utils, _uuids, _session, _users"
             },
             "httpd_db_handlers": {
                 "_changes": "{couch_httpd_db, handle_changes_req}",
@@ -120,7 +120,6 @@ the various configuration values within a running CouchDB instance.
                 "_active_tasks": "{couch_httpd_misc_handlers, handle_task_status_req}",
                 "_all_dbs": "{couch_httpd_misc_handlers, handle_all_dbs_req}",
                 "_config": "{couch_httpd_misc_handlers, handle_config_req}",
-                "_oauth": "{couch_httpd_oauth, handle_oauth_req}",
                 "_replicate": "{couch_httpd_misc_handlers, handle_replicate_req}",
                 "_restart": "{couch_httpd_misc_handlers, handle_restart_req}",
                 "_session": "{couch_httpd_auth, handle_session_req}",
@@ -196,13 +195,13 @@ the various configuration values within a running CouchDB instance.
 
         {
             "allow_jsonp": "false",
-            "authentication_handlers": "{couch_httpd_oauth, oauth_authentication_handler},
{couch_httpd_auth, cookie_authentication_handler}, {couch_httpd_auth, default_authentication_handler}",
+            "authentication_handlers": "{couch_httpd_auth, cookie_authentication_handler},
{couch_httpd_auth, default_authentication_handler}",
             "bind_address": "127.0.0.1",
             "default_handler": "{couch_httpd_db, handle_request}",
             "enable_cors": "false",
             "port": "5984",
             "secure_rewrites": "true",
-            "vhost_global_handlers": "_utils, _uuids, _session, _oauth, _users"
+            "vhost_global_handlers": "_utils, _uuids, _session, _users"
         }
 
 .. _api/config/section/key:
diff --git a/src/config/auth.rst b/src/config/auth.rst
index eb5c7ba..1d0e640 100644
--- a/src/config/auth.rst
+++ b/src/config/auth.rst
@@ -284,71 +284,3 @@ Authentication Configuration
 
             [couch_httpd_auth]
             x_auth_username = X-Auth-CouchDB-UserName
-
-.. _config/couch_httpd_oauth:
-
-HTTP OAuth Configuration
-========================
-
-.. config:section:: couch_httpd_oauth :: HTTP OAuth Configuration
-
-    .. versionadded:: 1.2
-
-    .. config:option:: use_users_db
-
-    CouchDB is able to store OAuth credentials within user documents instead of
-    config file by using this option::
-
-        [couch_httpd_oauth]
-        use_users_db = true
-
-    If set to ``true``, OAuth token and consumer secrets will be looked up in
-    the :option:`authentication database <couchdb/users_db_suffix>`.
-    These secrets are stored in a top level field named ``"oauth"`` in user
-    documents, as below.
-
-    .. code-block:: javascript
-
-        {
-            "_id": "org.couchdb.user:joe",
-            "type": "user",
-            "name": "joe",
-            "password_sha": "fe95df1ca59a9b567bdca5cbaf8412abd6e06121",
-            "salt": "4e170ffeb6f34daecfd814dfb4001a73"
-            "roles": ["foo", "bar"],
-            "oauth": {
-                "consumer_keys": {
-                    "consumerKey1": "key1Secret",
-                    "consumerKey2": "key2Secret"
-                },
-                "tokens": {
-                    "token1": "token1Secret",
-                    "token2": "token2Secret"
-                }
-            }
-        }
-
-.. _config/oauth:
-
-OAuth Configuration
-===================
-
-.. config:section:: oauth_* :: OAuth Configuration
-
-    To let users be authenticated by :ref:`api/auth/oauth` (:rfc:`5849`), three
-    special sections must be set up in the :ref:`configuration <config>` file:
-
-    #. The Consumer secret::
-
-           [oauth_consumer_secrets]
-           consumer1 = sekr1t
-
-    #. Token secrets::
-
-           [oauth_token_secrets]
-           token1 = tokensekr1t
-
-    #. A mapping from tokens to users::
-
-           [oauth_token_users]
-           token1 = couchdb_username
diff --git a/src/config/http-handlers.rst b/src/config/http-handlers.rst
index 76c1a93..a4ab5dd 100644
--- a/src/config/http-handlers.rst
+++ b/src/config/http-handlers.rst
@@ -72,13 +72,6 @@ Global HTTP Handlers
             [httpd_global_handlers]
             _config = {couch_httpd_misc_handlers, handle_config_req}
 
-        .. config:option:: _oauth
-
-        ::
-
-            [httpd_global_handlers]
-            _oauth = {couch_httpd_oauth, handle_oauth_req}
-
     .. config:option:: _replicate
 
         Provides an API to run
diff --git a/src/config/http.rst b/src/config/http.rst
index a89bf86..6817317 100644
--- a/src/config/http.rst
+++ b/src/config/http.rst
@@ -41,9 +41,8 @@ HTTP Server Options
         let users to use one of provided methods::
 
             [httpd]
-            authentication_handlers = {couch_httpd_oauth, oauth_authentication_handler},
{couch_httpd_auth, cookie_authentication_handler}, {couch_httpd_auth, default_authentication_handler}
+            authentication_handlers = {couch_httpd_auth, cookie_authentication_handler},
{couch_httpd_auth, default_authentication_handler}
 
-        - ``{couch_httpd_oauth, oauth_authentication_handler}``: handles OAuth;
         - ``{couch_httpd_auth, cookie_authentication_handler}``: used for Cookie auth;
         - ``{couch_httpd_auth, proxy_authentication_handler}``: used for Proxy auth;
         - ``{couch_httpd_auth, default_authentication_handler}``: used for Basic auth;
@@ -171,7 +170,7 @@ HTTP Server Options
         <vhosts>`::
 
             [httpd]
-            vhost_global_handlers = _utils, _uuids, _session, _oauth, _users
+            vhost_global_handlers = _utils, _uuids, _session, _users
 
     .. config:option:: x_forwarded_host :: X-Forwarder-Host
 
diff --git a/src/whatsnew/2.0.rst b/src/whatsnew/2.0.rst
index 8c90998..c82ab8f 100644
--- a/src/whatsnew/2.0.rst
+++ b/src/whatsnew/2.0.rst
@@ -131,6 +131,8 @@ in time for the 2.0.0 release:
   that contain the design document.
 * :issue:`2804`: The fast_view optimization is not enabled on the clustered
   interface.
+* :ghissue:`656`: The OAuth 1.0 support is broken and deprecated. It will be
+  removed in a future version of CouchDB.
 
 .. _known issues: https://s.apache.org/couchdb-2.0-known-issues
 .. _CouchDB JIRA instance: https://issues.apache.org/jira/browse/COUCHDB
diff --git a/src/whatsnew/2.1.rst b/src/whatsnew/2.1.rst
index 095dd7b..1cf2a52 100644
--- a/src/whatsnew/2.1.rst
+++ b/src/whatsnew/2.1.rst
@@ -25,6 +25,8 @@
 Version 2.1.0
 =============
 
+* The deprecated (and broken) OAuth 1.0 implementation has been removed.
+
 * New scheduling replicator. The core of the new replicator is a
   scheduler which allows running a large number of replication
   jobs by switching between them, stopping some and starting others

-- 
To stop receiving notification emails like this one, please contact
['"commits@couchdb.apache.org" <commits@couchdb.apache.org>'].

Mime
View raw message