couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rao Venugopal <ven...@gmail.com>
Subject Re: Couchdb + custom authentication
Date Thu, 19 Jan 2012 20:25:16 GMT
Thanks Benoit.  Just to clarify my understanding,
a) I have to write a handler in erlang similar to
https://github.com/YasuhiroABE/CouchDB-WebProxy_Auth_Handler/blob/master/couch_httpd_auth.erl


b) I have to include my custom handler in the "*authentication_handlers* "
section of configuration as
{couch_httpd_auth, my_company_custom_cookie_authentication_handler}

If there is a better sample for custom authentication handler, please
recommend

Thanks
-Venu

*
*



On Thu, Jan 19, 2012 at 2:44 PM, Benoit Chesneau <bchesneau@gmail.com>wrote:

> On Thu, Jan 19, 2012 at 11:41 AM, Rao Venugopal <venuzr@gmail.com> wrote:
> > Hi
> >
> > Is it possible to integrate custom authentication/authorization with
> > couchdb instead of using the couchdb sessions api.
> > At my company, we already have an cookie based authorization service
> > and it is unlikely that we can move from it to couchdb's
> > authentication.  Hence, I want to do something along the following
> > lines
> > a) Intercept the GET/POST/PUT/DELETE requests & validate the user's
> > cookie (using the authentication service)
> > b) decrpt the user's user id/email from cookie
> > c) Check against couchdb's "db/_security" to check if the email is in
> > the names collection for either dba admin / reader role
> >     i) If the ok,
> >         - allow the operation to succeed or do a 301 redirect to
> > couchdb.
> >         - Ideal scenario would be if it is possible userid to
> > couchdb
> > so couchdb filters can use it in the following fashion.
> >      function(doc, req) {
> >        if (doc.username) {
> >                if (doc.username == req.userCtx.name) {
> >                        return true;
> >                }
> >        }
> >        return false;
> >
> > }
> >
> >   ii) Else return http 401 not authorized
> > Does couchdb provide for ability to plugin support for this or would
> > I
> > have to write a front end service which serves as  a proxy between my
> > remote couchdb server instance and the local couchdb on my
> > smartphone?  Has anyone had any success in either of these two
> > scenarios?
> >
> > Thanks
> > -Venu
> >
> > PS : I asked this question at the mobile couchbase group and was
> > advised to ask here
>
> You can indeed add a custom auth handler. Have a look in
> couch_httpd_auth for an example. Then add it to the list of auth
> handler that couchdb can try in the `authentication_handlers` setting
> in your local.ini .
>
> - benoƮt
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message