couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Anderson <jch...@apache.org>
Subject Re: CouchDB Validation function and security API ..
Date Mon, 14 Sep 2009 05:25:40 GMT
On Sun, Sep 13, 2009 at 10:59 AM, Debasish Ghosh
<ghosh.debasish@gmail.com> wrote:
> On Sun, Sep 13, 2009 at 11:16 PM, Chris Anderson <jchris@apache.org> wrote:
>
>> On Sun, Sep 13, 2009 at 1:31 AM, Debasish Ghosh
>> <ghosh.debasish@gmail.com> wrote:
>> > I think I am doing something wrong. Would appreciate any help on this ...
>> > In my local.ini, I have set up the following :
>> >
>> > [admins]
>> > [jchris = secretpass
>> >
>> > [httpd]
>> > authentication_handlers = {couch_httpd, default_authentication_handler}
>> >
>> > and I create a database using
>> >
>> > curl -vX PUT http://jchris:secretpass@localhost:5984/albums
>> >
>> > I get : {ok, true}
>> >
>> > How do I get the _session handler that you have mentioned ? Doing a ..
>> >
>> > $ curl http://jchris:mysecretpassword@localhost:5984/_session
>> >
>>
>> this "just works" for me. I'm not sure about cookie etc... I just give
>> my creds on the curl line and _session gives me back the userCtx.
>>
>
>>> creds on the curl line means as u have mentioned ..
>>> $ curl http://jchris:mysecretpassword@localhost:5984/_session ?
>>> hmm .. doesn't work for me :( .. It gives me something like "illegal
> database name" on _session ..
>>> I am using an April snapshot of 0.10. I will try switching to a more
> recent snapshot ..
>>> Will u mind sharing the local.ini & default.ini ?
>

I'm currently on trunk using make dev && utils/run, my password line is:

jchris = -hashed-7d882376727dadb528a9e4b160809f46674157fb,32ba977823a5e7a4d978b2139149706a

>
>> I'm running from couchdb trunk but I think anything in the 0.10.x
>> branch should work for this.
>>
>> > obviously doesn't work, since I have not set anything in the session and
>> it
>> > gives me an error. You have mentioned in the mail "when you are
>> > properly logged in". Do I have to handle user login myself through some
>> > pluggable login module ? I think I am missing something here. Help!
>> >
>> > Thanks.
>> > - Debasish
>> >
>> > On Sun, Sep 13, 2009 at 10:46 AM, Chris Anderson <jchris@apache.org>
>> wrote:
>> >
>> >> On Sat, Sep 12, 2009 at 7:47 AM, Debasish Ghosh
>> >> <ghosh.debasish@gmail.com> wrote:
>> >> > Hi -
>> >> >
>> >> > The validation function validate_doc_update takes 3 parameters,
>> newdoc,
>> >> > olddoc and userContext. I am trying to get my head into how the
>> >> > authentication and authorization stuff is related to this. The CouchDB
>> >> book
>> >> > has the following code snippet in 7.2.4 Authorship section ..
>> >> > function(newDoc, oldDoc, userCtx) {
>> >> >  if (newDoc.author) {
>> >> >    enforce(newDoc.author == userCtx.author,
>> >> >      "You may only update documents with author " + userCtx.author);
>> >> >  }
>> >> > }
>> >> >
>> >> > In my linux environment, when I run CouchDB validation functions with
>> a
>> >> > user-id and password setup in local.ini under [admins], I get the
>> >> following
>> >> > as the contents of the third parameter of the validation function :-
>> >> >
>> >> > {"db" : "test", "name" : null, "roles" : []}
>> >> >
>> >> > In the above snippet from the book there appears to be a field
>> >> > userCtx.author. Just wondering how to get it here and why I am not
>> seeing
>> >> it
>> >> > in my output.
>> >> >
>> >>
>> >> heh, thanks for the catch.. It should read:
>> >>
>> >> enforce(newDoc.author == userCtx.name
>> >>
>> >> > Also any pointer on the security, authentication and authorization
>> part
>> >> will
>> >> > be appreciated.
>> >> >
>> >>
>> >> I'm not sure, but you should be getting more when you are properly
>> >> logged in -- this is worth investigating more. What do you get for
>> >> this?:
>> >>
>> >> $ curl http://jchris:mysecretpassword@localhost:5984/_session
>> >> {"ok":true,"name":"jchris","roles":["_admin"]}
>> >>
>> >>
>> >> > Thanks in advance ..
>> >> > - Debasish
>> >> >
>> >>
>> >>
>> >>
>> >> --
>> >> Chris Anderson
>> >> http://jchrisa.net
>> >> http://couch.io
>> >>
>> >
>>
>>
>>
>> --
>> Chris Anderson
>> http://jchrisa.net
>> http://couch.io
>>
>



-- 
Chris Anderson
http://jchrisa.net
http://couch.io

Mime
View raw message