couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benoit Chesneau <bchesn...@gmail.com>
Subject Re: Couchdb + custom authentication
Date Thu, 19 Jan 2012 20:34:37 GMT
On Thu, Jan 19, 2012 at 12:25 PM, Rao Venugopal <venuzr@gmail.com> wrote:
> Thanks Benoit.  Just to clarify my understanding,
> a) I have to write a handler in erlang similar to
> https://github.com/YasuhiroABE/CouchDB-WebProxy_Auth_Handler/blob/master/couch_httpd_auth.erl
>


mmm why not using the proxy auth handler in couch ? Is the intention different ?
>
> b) I have to include my custom handler in the "*authentication_handlers* "
> section of configuration as
> {couch_httpd_auth, my_company_custom_cookie_authentication_handler}
>
> If there is a better sample for custom authentication handler, please
> recommend

Use the simple one i wrote that is actually in couch named
`proxy_authentification_handler`  it should help you.

>
> Thanks
> -Venu
>
> *
> *
>
>
>
> On Thu, Jan 19, 2012 at 2:44 PM, Benoit Chesneau <bchesneau@gmail.com>wrote:
>
>> On Thu, Jan 19, 2012 at 11:41 AM, Rao Venugopal <venuzr@gmail.com> wrote:
>> > Hi
>> >
>> > Is it possible to integrate custom authentication/authorization with
>> > couchdb instead of using the couchdb sessions api.
>> > At my company, we already have an cookie based authorization service
>> > and it is unlikely that we can move from it to couchdb's
>> > authentication.  Hence, I want to do something along the following
>> > lines
>> > a) Intercept the GET/POST/PUT/DELETE requests & validate the user's
>> > cookie (using the authentication service)
>> > b) decrpt the user's user id/email from cookie
>> > c) Check against couchdb's "db/_security" to check if the email is in
>> > the names collection for either dba admin / reader role
>> >     i) If the ok,
>> >         - allow the operation to succeed or do a 301 redirect to
>> > couchdb.
>> >         - Ideal scenario would be if it is possible userid to
>> > couchdb
>> > so couchdb filters can use it in the following fashion.
>> >      function(doc, req) {
>> >        if (doc.username) {
>> >                if (doc.username == req.userCtx.name) {
>> >                        return true;
>> >                }
>> >        }
>> >        return false;
>> >
>> > }
>> >
>> >   ii) Else return http 401 not authorized
>> > Does couchdb provide for ability to plugin support for this or would
>> > I
>> > have to write a front end service which serves as  a proxy between my
>> > remote couchdb server instance and the local couchdb on my
>> > smartphone?  Has anyone had any success in either of these two
>> > scenarios?
>> >
>> > Thanks
>> > -Venu
>> >
>> > PS : I asked this question at the mobile couchbase group and was
>> > advised to ask here
>>
>> You can indeed add a custom auth handler. Have a look in
>> couch_httpd_auth for an example. Then add it to the list of auth
>> handler that couchdb can try in the `authentication_handlers` setting
>> in your local.ini .
>>
>> - benoît
>>

Mime
View raw message