couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Cottlehuber <...@jsonified.com>
Subject Re: passwords
Date Tue, 23 Apr 2013 12:39:43 GMT
On 23 April 2013 13:15, svilen <az@svilendobrev.com> wrote:
> g'day
>
> i am trying to set a user with a password that is not just alphanumeric.
> e.g. "b:@" (or if uri-encoded, b%3A%40)
>
> but the result of getting the /_users/ doc is always 401-unauthorized.
>
> if i login in Futon, it seems to work.
> when i compute the pasword_sha myself and compare to whats in user/doc,
> it matches.
>
> but http via basic authentication won't let me in.
> e.g.
> curl -vX GET
> http://auser:b%3A%40@server:5984/_users/org.couchdb.user%3Aauser
>
> (seems the subject is very tricky and rarely paid attention to in
> various http libraries i looked recently. Everyone just lumps the
> usr+":"+psw and uri-encoding/decoding is left out..)

Hi Svilen,

>From curl, you can:

curl -vX GET $COUCH -u tricky:p@sswd

and leaving off the password field allows you to enter it manually or
even echo ':p@sswd' | curl …

or if you're POSTing I think you can also use this:
http://curl.haxx.se/docs/manpage.html#--data-urlencode

curl -d name=john --data-urlencode passwd=@31&3*J https://www.mysite.com

Anyway AFAICT there's a bug in CouchDB if the password starts with a `:`

$COUCH=http://admin:pwd@localhost:5984

curl -HContent-Type:application/json \
  -vXPUT $COUCH/_users/org.couchdb.user:mrtricky \
  --data-binary '{"_id": "org.couchdb.user:mrtricky","name":
"mrtricky","roles": [],"type": "user","password": ":pwd"}'

I would expect that I can subsequently use either curl or httpie.org,
neither of them succeed with -u mrtricky::pwd or -u mrtricky & getting
password from terminal.

A+
Dave

Mime
View raw message