couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Benoit Chesneau (JIRA)" <>
Subject [jira] Updated: (COUCHDB-492) cascading auth + _session
Date Wed, 02 Sep 2009 04:33:32 GMT


Benoit Chesneau updated COUCHDB-492:

    Attachment: couch_server.diff

`couch_httpd_auth:create_user_req` and `couch_server:hash_password_admin` use a different
algo to create the hashed password in current CouchDB. So even even if the _session handler
use allready get_user,  wich test first local.ini then users db, auth will fail because expected
password hash is different. 

Here is a patch that solve it by using same algorihm to make the hash. It don't change the
way hash are calculated in local.ini but only in couch_httpd_auth which is more recent.

> cascading auth + _session
> -------------------------
>                 Key: COUCHDB-492
>                 URL:
>             Project: CouchDB
>          Issue Type: Bug
>    Affects Versions: 0.10
>            Reporter: Benoit Chesneau
>             Fix For: 0.10
>         Attachments: couch_server.diff
> Actually when you log your user via _session handler it looks only for user in userdb
and ignore admins set in local.ini file . Which give some problem if users are set manually
(without using _user handler), 2 users could have the same login, or when the user don't exist
in userdb but only in local.ini it won't be found and authentifaction will fail.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message