couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Anderson <>
Subject Re: authentication cleanup
Date Sat, 26 Dec 2009 18:09:24 GMT
More updates in the interest of keeping my work transparent. I don't
think it's clean enough yet to solicit help, but it is clean enough to
be worth backing up to Github.

The relevant tests are cookie_auth and users_db (they have a lot of
overlap, I'll be cleaning that up.)

The branch will live here until it's ready to merge to trunk:

My next step is to get the _admin role to apply cleanly to users
loaded from the users db. This isn't hard but it's gonna have to
happen after lunch at least.


On Fri, Dec 25, 2009 at 2:50 PM, Chris Anderson <> wrote:
> On Thu, Dec 24, 2009 at 10:16 AM, Benoit Chesneau <> wrote:
>>> I'm also thinking that the /_session handler should speak JSON
>>> primarily (but I'll probably leave in the ability to handle
>>> form-encoded request bodies as well).
>> We could just detect http headers and provide the needed response for
>> that.  Keeping the form encoded would be good. It's already used in
>> some applications.
> I'm planning to remove the form-encoded handlers for creating and
> updating users documents as the special API is being removed in favor
> of having the users db be a plain-old-CouchDB-database. If we want to
> have a built-in API for creating and updating user's documents using
> form-encoded POSTs, we should generalize it to work against all
> databases, not just the users database.
> I do think we should keep the ability to login and logout via
> form-encoded POSTs, as that is not a document API and thus can't be
> wrapped in an _update handler for people who want applications to be
> compatible with non-JSON capable clients.
> Chris
> --
> Chris Anderson

Chris Anderson

View raw message