couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Newson <rnew...@apache.org>
Subject Re: Replication and validate_doc_field
Date Wed, 20 Jun 2012 22:03:34 GMT
The replicator is just a client, so if your validate_doc_update doesn't allow it to update,
it won't be able to update.

That said, 401 means you failed to pass a valid user:pass combination. You failed to *authenticate*,
though the standard description of 401 is notoriously misleading.

B.


On 20 Jun 2012, at 22:38, Pulkit Singhal wrote:

> Thanks for pointing out that mis-type, I was indeed referring to
> validate_doc_update.
> And I'm familiar with the wiki links and the general instructions around it
> as well.
> Perhaps I should explain the motivation behind this question.
> 
> When I attempt to replicate from CouchDB 1.2.0 to TouchDB (another flavor),
> I receive:
> error (
>    401,
>    "401 unauthorized"
> )
> A little bit of trial and error showed that as long as I did NOT set
> member-roles or member-names on the DB level security in futon ...
> everything worked fine.
> 
> So now have to wonder why this happens, why would db-member-level security
> prevent an _admin from replicating? My 1st guess was that perhaps
> validate_doc_update somehow now has a hand in replication as well so I just
> wanted to check ... if that is not the root cause here then what could it
> be?
> 
> On Wed, Jun 20, 2012 at 3:34 PM, Dave Cottlehuber <dave@muse.net.nz> wrote:
> 
>> On 20 June 2012 22:22, Pulkit Singhal <pulkitsinghal@gmail.com> wrote:
>>> Does validate_doc_field method affect replication authN or authZ for
>>> CouchDB 1.2.0?
>> 
>> Hey Pulkit,
>> 
>> I googled authN/Z and found authorisation and authentication. I checked
>> the source and there's no validate_doc_field.
>> 
>> A validate_doc_update function (VDU) is run on a single doc only, and
>> has access to the proposed new doc as well as the current on-disk version,
>> and the user context.
>> 
>> So you can tell if the submitter of the update is authenticated or not, and
>> you can use couchdb roles, or other custom javascript fields in your doc
>> to decide to reject the docs or not.
>> 
>> There's more info on both the wiki and the definitive guide on this too.
>> 
>> A+
>> Dave
>> 


Mime
View raw message