Return-Path: Delivered-To: apmail-couchdb-dev-archive@www.apache.org Received: (qmail 58049 invoked from network); 17 Jan 2010 09:25:50 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 17 Jan 2010 09:25:50 -0000 Received: (qmail 84047 invoked by uid 500); 17 Jan 2010 09:25:49 -0000 Delivered-To: apmail-couchdb-dev-archive@couchdb.apache.org Received: (qmail 83968 invoked by uid 500); 17 Jan 2010 09:25:49 -0000 Mailing-List: contact dev-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list dev@couchdb.apache.org Received: (qmail 83958 invoked by uid 99); 17 Jan 2010 09:25:49 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 17 Jan 2010 09:25:49 +0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: unknown (nike.apache.org: error in processing during lookup of david@goodlad.ca) Received: from [209.85.222.194] (HELO mail-pz0-f194.google.com) (209.85.222.194) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 17 Jan 2010 09:25:41 +0000 Received: by pzk32 with SMTP id 32so2061774pzk.29 for ; Sun, 17 Jan 2010 01:25:17 -0800 (PST) MIME-Version: 1.0 Received: by 10.114.162.4 with SMTP id k4mr3170988wae.175.1263720317346; Sun, 17 Jan 2010 01:25:17 -0800 (PST) In-Reply-To: References: From: David Goodlad Date: Sun, 17 Jan 2010 20:24:57 +1100 Message-ID: <594289661001170124m2e9d8198w9109a9314c056873@mail.gmail.com> Subject: Re: auth polishing To: dev@couchdb.apache.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org On Sun, Jan 17, 2010 at 8:15 PM, Chris Anderson wrote: > I've also normalized some naming, like user docs to name/password > instead of "username" in some places. Nice! > The /_session response now returns something like: > > { > =A0userCtx : { > =A0 =A0name : "jchris@apache.org", > =A0 =A0roles : ["_admin", "_replicator", "author"] > =A0}, > =A0info : { > =A0 =A0authentication_db : "_users", > =A0 =A0authenticated : ["cookie"], > =A0 =A0authentication_handlers : ["oauth", "cookie", "http_basic"] > =A0}, > } > > I flirted with the idea of including the userDoc but I'll leave that > up to someone else to tackle. Including the userDoc is only really useful if convention is going to allow devs to add whatever fields they'd like to user docs as far as I can tell... > TODO: > > * bcrypt (I think there are some JS implementations out there) > * security object (I think this will be a local doc that apps can > populate with the help of an admin.) +1 for the security object, as we discussed on IRC the other day. I'd be happy to see something as simple as the following: Validation functions would take a new argument, 'security'. If in the database that the validation function is running for there exists a document with id '_security', that document would be passed as that new argument. The document could have whatever structure a dev felt was appropriate, as long as it has the correct id. If there was no document, an empty object (or null?) would be passed. What is the plan for 'read' permissions, if any? I need to be able to grant users read permission on one database but not another... I appreciate the great work so far Chris! Dave