Return-Path: X-Original-To: apmail-couchdb-user-archive@www.apache.org Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 9CB9910980 for ; Tue, 23 Apr 2013 13:17:30 +0000 (UTC) Received: (qmail 63413 invoked by uid 500); 23 Apr 2013 13:17:29 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 63367 invoked by uid 500); 23 Apr 2013 13:17:28 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 63333 invoked by uid 99); 23 Apr 2013 13:17:28 -0000 Received: from minotaur.apache.org (HELO minotaur.apache.org) (140.211.11.9) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 23 Apr 2013 13:17:28 +0000 Received: from localhost (HELO mail-la0-f54.google.com) (127.0.0.1) (smtp-auth username rnewson, mechanism plain) by minotaur.apache.org (qpsmtpd/0.29) with ESMTP; Tue, 23 Apr 2013 13:17:28 +0000 Received: by mail-la0-f54.google.com with SMTP id es20so535973lab.13 for ; Tue, 23 Apr 2013 06:17:26 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:content-type:content-transfer-encoding; bh=0Btcz/CR6RVfkSjCUVX1glHzjqOrrgQly7tN7pqG1HA=; b=bu9qyKY4CE0Zt107psKtXSo/pMN0cYCjZvCf71SuTLDxZ4GOT4SLlgjOG7zel5RKN/ 8ZiyAJSA4GUJ1j1Q05z7F7NGbtAcppx4PvSZhmLXgm+rgOIWI6+qPDkF5pxv/8qods0B SepFtewVNuujGyePOBIFbqfgZvWFAHSr7qXnXM1/Dqf7QOC66remSO4adGBoq4wG0ecK TtRqtkfRqZSkW1dO9eEYYDYFgRskcZfyDRRf1VW7YJlA/Wfk37g4HF8us/TbU1RnJR98 9+ffXIvczIwhBZHziI6QJLqtmosjweWtF/XeyQz1IoSJT0zoLGVvzCsT+dBwa4Ilx8uL z/IQ== MIME-Version: 1.0 X-Received: by 10.152.4.40 with SMTP id h8mr15258731lah.34.1366723046152; Tue, 23 Apr 2013 06:17:26 -0700 (PDT) Received: by 10.112.168.98 with HTTP; Tue, 23 Apr 2013 06:17:26 -0700 (PDT) In-Reply-To: References: <20130423141547.7472d36e@svilendobrev.com> Date: Tue, 23 Apr 2013 14:17:26 +0100 Message-ID: Subject: Re: passwords From: Robert Newson To: "user@couchdb.apache.org" Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Probably, I only have time today to test and backport this issue, given that I wrote the fix for it. eta 10 mins. On 23 April 2013 14:14, Noah Slater wrote: > Any other bugs while we're at it. I'll be sending out a formal request > tonight for people to do merges. But may as well mention it now. > > > On 23 April 2013 14:11, Robert Newson wrote: > >> good thought. >> >> On 23 April 2013 14:07, Noah Slater wrote: >> > Can we put this into one or more of the bugfixes branches? >> > >> > >> > On 23 April 2013 14:02, Robert Newson wrote: >> > >> >> I believe the fix for this is 5d4ef930 which is on master (which will >> >> be 1.4) only. >> >> >> >> specifically; >> >> >> >> - [Name, Pass] =3D re:split(NamePass, ":", [{return, list}]), >> >> + [Name, Pass] =3D re:split(NamePass, ":", [{return, list}, {p= arts, >> >> 2}]), >> >> >> >> B. >> >> >> >> >> >> >> >> >> >> On 23 April 2013 13:59, Robert Newson wrote: >> >> > Ah, that's a great distinction, rings a bell! >> >> > >> >> > On 23 April 2013 13:39, Dave Cottlehuber wrote: >> >> >> On 23 April 2013 13:15, svilen wrote: >> >> >>> g'day >> >> >>> >> >> >>> i am trying to set a user with a password that is not just >> >> alphanumeric. >> >> >>> e.g. "b:@" (or if uri-encoded, b%3A%40) >> >> >>> >> >> >>> but the result of getting the /_users/ doc is always >> 401-unauthorized. >> >> >>> >> >> >>> if i login in Futon, it seems to work. >> >> >>> when i compute the pasword_sha myself and compare to whats in >> user/doc, >> >> >>> it matches. >> >> >>> >> >> >>> but http via basic authentication won't let me in. >> >> >>> e.g. >> >> >>> curl -vX GET >> >> >>> http://auser:b%3A%40@server:5984/_users/org.couchdb.user%3Aauser >> >> >>> >> >> >>> (seems the subject is very tricky and rarely paid attention to in >> >> >>> various http libraries i looked recently. Everyone just lumps the >> >> >>> usr+":"+psw and uri-encoding/decoding is left out..) >> >> >> >> >> >> Hi Svilen, >> >> >> >> >> >> From curl, you can: >> >> >> >> >> >> curl -vX GET $COUCH -u tricky:p@sswd >> >> >> >> >> >> and leaving off the password field allows you to enter it manually= or >> >> >> even echo ':p@sswd' | curl =85 >> >> >> >> >> >> or if you're POSTing I think you can also use this: >> >> >> http://curl.haxx.se/docs/manpage.html#--data-urlencode >> >> >> >> >> >> curl -d name=3Djohn --data-urlencode passwd=3D@31&3*J >> >> https://www.mysite.com >> >> >> >> >> >> Anyway AFAICT there's a bug in CouchDB if the password starts with= a >> `:` >> >> >> >> >> >> $COUCH=3Dhttp://admin:pwd@localhost:5984 >> >> >> >> >> >> curl -HContent-Type:application/json \ >> >> >> -vXPUT $COUCH/_users/org.couchdb.user:mrtricky \ >> >> >> --data-binary '{"_id": "org.couchdb.user:mrtricky","name": >> >> >> "mrtricky","roles": [],"type": "user","password": ":pwd"}' >> >> >> >> >> >> I would expect that I can subsequently use either curl or httpie.o= rg >> , >> >> >> neither of them succeed with -u mrtricky::pwd or -u mrtricky & >> getting >> >> >> password from terminal. >> >> >> >> >> >> A+ >> >> >> Dave >> >> >> > >> > >> > >> > -- >> > NS >> > > > > -- > NS