couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Noah Slater <nsla...@apache.org>
Subject Re: passwords
Date Tue, 23 Apr 2013 13:07:24 GMT
Can we put this into one or more of the bugfixes branches?


On 23 April 2013 14:02, Robert Newson <rnewson@apache.org> wrote:

> I believe the fix for this is 5d4ef930 which is on master (which will
> be 1.4) only.
>
> specifically;
>
> -        [Name, Pass] = re:split(NamePass, ":", [{return, list}]),
> +        [Name, Pass] = re:split(NamePass, ":", [{return, list}, {parts,
> 2}]),
>
> B.
>
>
>
>
> On 23 April 2013 13:59, Robert Newson <rnewson@apache.org> wrote:
> > Ah, that's a great distinction, rings a bell!
> >
> > On 23 April 2013 13:39, Dave Cottlehuber <dch@jsonified.com> wrote:
> >> On 23 April 2013 13:15, svilen <az@svilendobrev.com> wrote:
> >>> g'day
> >>>
> >>> i am trying to set a user with a password that is not just
> alphanumeric.
> >>> e.g. "b:@" (or if uri-encoded, b%3A%40)
> >>>
> >>> but the result of getting the /_users/ doc is always 401-unauthorized.
> >>>
> >>> if i login in Futon, it seems to work.
> >>> when i compute the pasword_sha myself and compare to whats in user/doc,
> >>> it matches.
> >>>
> >>> but http via basic authentication won't let me in.
> >>> e.g.
> >>> curl -vX GET
> >>> http://auser:b%3A%40@server:5984/_users/org.couchdb.user%3Aauser
> >>>
> >>> (seems the subject is very tricky and rarely paid attention to in
> >>> various http libraries i looked recently. Everyone just lumps the
> >>> usr+":"+psw and uri-encoding/decoding is left out..)
> >>
> >> Hi Svilen,
> >>
> >> From curl, you can:
> >>
> >> curl -vX GET $COUCH -u tricky:p@sswd
> >>
> >> and leaving off the password field allows you to enter it manually or
> >> even echo ':p@sswd' | curl …
> >>
> >> or if you're POSTing I think you can also use this:
> >> http://curl.haxx.se/docs/manpage.html#--data-urlencode
> >>
> >> curl -d name=john --data-urlencode passwd=@31&3*J
> https://www.mysite.com
> >>
> >> Anyway AFAICT there's a bug in CouchDB if the password starts with a `:`
> >>
> >> $COUCH=http://admin:pwd@localhost:5984
> >>
> >> curl -HContent-Type:application/json \
> >>   -vXPUT $COUCH/_users/org.couchdb.user:mrtricky \
> >>   --data-binary '{"_id": "org.couchdb.user:mrtricky","name":
> >> "mrtricky","roles": [],"type": "user","password": ":pwd"}'
> >>
> >> I would expect that I can subsequently use either curl or httpie.org,
> >> neither of them succeed with -u mrtricky::pwd or -u mrtricky & getting
> >> password from terminal.
> >>
> >> A+
> >> Dave
>



-- 
NS

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message