couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benoit Chesneau <>
Subject Re: Cookie Auth
Date Mon, 13 Jul 2009 13:40:41 GMT
2009/7/10 Chris Anderson <>:
> I've just pushed some work based on Jason Davies' cookie-auth branch
> to my github:
> This consolidates login, logout, and whoami to a /_session resource
> that supports POST, GET, and DELETE.
> One thing missing here is a /_utils/login.html interface that would
> also handle creating new accounts.
> Another is a general consensus around how admins grant roles to new
> users, set default roles, etc.
> Take a look at it and feel free to add patches. Tomorrow I plan to
> move to an svn branch, but I'll merge any git patches that come along,
> before moving to svn.
> Chris
> --
> Chris Anderson

I added to my fork the possibility to set timeout and _user handler we
spoke this morning.

_user handler handle 2 actions currently :

- POST /_user

It should receive a form with username, password, email and roles
(multiple select). If user isn't an admin he can't set roles

- PUT /_user/username

A user is updated by sending a form to address above.

Password is optionnal, if password is provided, it will be changed :
* if username is like and user is not a server admin , he
 old_password form value should be set with value of old password..
* if user is an admin, password variable is enough and old password is
always ignored.

My branch is on github :

- benoit

View raw message