couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benoit Chesneau <bchesn...@gmail.com>
Subject Re: Cookie Auth
Date Mon, 13 Jul 2009 13:40:41 GMT
2009/7/10 Chris Anderson <jchris@apache.org>:
> I've just pushed some work based on Jason Davies' cookie-auth branch
> to my github:
>
> http://github.com/jchris/couchdb/tree/jd-cookie-auth
>
> This consolidates login, logout, and whoami to a /_session resource
> that supports POST, GET, and DELETE.
>
> One thing missing here is a /_utils/login.html interface that would
> also handle creating new accounts.
>
> Another is a general consensus around how admins grant roles to new
> users, set default roles, etc.
>
> Take a look at it and feel free to add patches. Tomorrow I plan to
> move to an svn branch, but I'll merge any git patches that come along,
> before moving to svn.
>
> Chris
>
> --
> Chris Anderson
> http://jchrisa.net
> http://couch.io
>

I added to my fork the possibility to set timeout and _user handler we
spoke this morning.

_user handler handle 2 actions currently :

- POST /_user

It should receive a form with username, password, email and roles
(multiple select). If user isn't an admin he can't set roles

- PUT /_user/username

A user is updated by sending a form to address above.

Password is optionnal, if password is provided, it will be changed :
* if username is like userCtx.name and user is not a server admin , he
 old_password form value should be set with value of old password..
* if user is an admin, password variable is enough and old password is
always ignored.

My branch is on github :
http://github.com/benoitc/couchdb/commits/jd-cookie-auth

- benoit

Mime
View raw message