couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From svilen ...@svilendobrev.com>
Subject Re: passwords
Date Tue, 23 Apr 2013 13:19:14 GMT
the one of user unable to DELETE itself, from the other day.. 
don't know if it has been fixed or not.

On Tue, 23 Apr 2013 14:14:23 +0100
Noah Slater <nslater@apache.org> wrote:

> Any other bugs while we're at it. I'll be sending out a formal request
> tonight for people to do merges. But may as well mention it now.
> 
> 
> On 23 April 2013 14:11, Robert Newson <rnewson@apache.org> wrote:
> 
> > good thought.
> >
> > On 23 April 2013 14:07, Noah Slater <nslater@apache.org> wrote:
> > > Can we put this into one or more of the bugfixes branches?
> > >
> > >
> > > On 23 April 2013 14:02, Robert Newson <rnewson@apache.org> wrote:
> > >
> > >> I believe the fix for this is 5d4ef930 which is on master (which
> > >> will be 1.4) only.
> > >>
> > >> specifically;
> > >>
> > >> -        [Name, Pass] = re:split(NamePass, ":", [{return,
> > >> list}]),
> > >> +        [Name, Pass] = re:split(NamePass, ":", [{return, list},
> > >> {parts, 2}]),
> > >>
> > >> B.
> > >>
> > >>
> > >>
> > >>
> > >> On 23 April 2013 13:59, Robert Newson <rnewson@apache.org> wrote:
> > >> > Ah, that's a great distinction, rings a bell!
> > >> >
> > >> > On 23 April 2013 13:39, Dave Cottlehuber <dch@jsonified.com>
> > >> > wrote:
> > >> >> On 23 April 2013 13:15, svilen <az@svilendobrev.com> wrote:
> > >> >>> g'day
> > >> >>>
> > >> >>> i am trying to set a user with a password that is not just
> > >> alphanumeric.
> > >> >>> e.g. "b:@" (or if uri-encoded, b%3A%40)
> > >> >>>
> > >> >>> but the result of getting the /_users/ doc is always
> > 401-unauthorized.
> > >> >>>
> > >> >>> if i login in Futon, it seems to work.
> > >> >>> when i compute the pasword_sha myself and compare to whats
in
> > user/doc,
> > >> >>> it matches.
> > >> >>>
> > >> >>> but http via basic authentication won't let me in.
> > >> >>> e.g.
> > >> >>> curl -vX GET
> > >> >>> http://auser:b%3A%40@server:5984/_users/org.couchdb.user%3Aauser
> > >> >>>
> > >> >>> (seems the subject is very tricky and rarely paid attention
> > >> >>> to in various http libraries i looked recently. Everyone
> > >> >>> just lumps the usr+":"+psw and uri-encoding/decoding is left
> > >> >>> out..)
> > >> >>
> > >> >> Hi Svilen,
> > >> >>
> > >> >> From curl, you can:
> > >> >>
> > >> >> curl -vX GET $COUCH -u tricky:p@sswd
> > >> >>
> > >> >> and leaving off the password field allows you to enter it
> > >> >> manually or even echo ':p@sswd' | curl …
> > >> >>
> > >> >> or if you're POSTing I think you can also use this:
> > >> >> http://curl.haxx.se/docs/manpage.html#--data-urlencode
> > >> >>
> > >> >> curl -d name=john --data-urlencode passwd=@31&3*J
> > >> https://www.mysite.com
> > >> >>
> > >> >> Anyway AFAICT there's a bug in CouchDB if the password starts
> > >> >> with a
> > `:`
> > >> >>
> > >> >> $COUCH=http://admin:pwd@localhost:5984
> > >> >>
> > >> >> curl -HContent-Type:application/json \
> > >> >>   -vXPUT $COUCH/_users/org.couchdb.user:mrtricky \
> > >> >>   --data-binary '{"_id": "org.couchdb.user:mrtricky","name":
> > >> >> "mrtricky","roles": [],"type": "user","password": ":pwd"}'
> > >> >>
> > >> >> I would expect that I can subsequently use either curl or
> > >> >> httpie.org
> > ,
> > >> >> neither of them succeed with -u mrtricky::pwd or -u mrtricky &
> > getting
> > >> >> password from terminal.
> > >> >>
> > >> >> A+
> > >> >> Dave
> > >>
> > >
> > >
> > >
> > > --
> > > NS
> >
> 
> 
> 
> -- 
> NS

Mime
View raw message