incubator-couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Benoit Chesneau (JIRA)" <j...@apache.org>
Subject [jira] Updated: (COUCHDB-492) cascading auth + _session
Date Wed, 02 Sep 2009 04:33:32 GMT

     [ https://issues.apache.org/jira/browse/COUCHDB-492?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Benoit Chesneau updated COUCHDB-492:
------------------------------------

    Attachment: couch_server.diff

`couch_httpd_auth:create_user_req` and `couch_server:hash_password_admin` use a different
algo to create the hashed password in current CouchDB. So even even if the _session handler
use allready get_user,  wich test first local.ini then users db, auth will fail because expected
password hash is different. 

Here is a patch that solve it by using same algorihm to make the hash. It don't change the
way hash are calculated in local.ini but only in couch_httpd_auth which is more recent.



> cascading auth + _session
> -------------------------
>
>                 Key: COUCHDB-492
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-492
>             Project: CouchDB
>          Issue Type: Bug
>    Affects Versions: 0.10
>            Reporter: Benoit Chesneau
>             Fix For: 0.10
>
>         Attachments: couch_server.diff
>
>
> Actually when you log your user via _session handler it looks only for user in userdb
and ignore admins set in local.ini file . Which give some problem if users are set manually
(without using _user handler), 2 users could have the same login, or when the user don't exist
in userdb but only in local.ini it won't be found and authentifaction will fail.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message