incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Debasish Ghosh <ghosh.debas...@gmail.com>
Subject Re: CouchDB Validation function and security API ..
Date Sun, 13 Sep 2009 08:31:40 GMT
I think I am doing something wrong. Would appreciate any help on this ...
In my local.ini, I have set up the following :

[admins]
[jchris = secretpass

[httpd]
authentication_handlers = {couch_httpd, default_authentication_handler}

and I create a database using

curl -vX PUT http://jchris:secretpass@localhost:5984/albums

I get : {ok, true}

How do I get the _session handler that you have mentioned ? Doing a ..

$ curl http://jchris:mysecretpassword@localhost:5984/_session

obviously doesn't work, since I have not set anything in the session and it
gives me an error. You have mentioned in the mail "when you are
properly logged in". Do I have to handle user login myself through some
pluggable login module ? I think I am missing something here. Help!

Thanks.
- Debasish

On Sun, Sep 13, 2009 at 10:46 AM, Chris Anderson <jchris@apache.org> wrote:

> On Sat, Sep 12, 2009 at 7:47 AM, Debasish Ghosh
> <ghosh.debasish@gmail.com> wrote:
> > Hi -
> >
> > The validation function validate_doc_update takes 3 parameters, newdoc,
> > olddoc and userContext. I am trying to get my head into how the
> > authentication and authorization stuff is related to this. The CouchDB
> book
> > has the following code snippet in 7.2.4 Authorship section ..
> > function(newDoc, oldDoc, userCtx) {
> >  if (newDoc.author) {
> >    enforce(newDoc.author == userCtx.author,
> >      "You may only update documents with author " + userCtx.author);
> >  }
> > }
> >
> > In my linux environment, when I run CouchDB validation functions with a
> > user-id and password setup in local.ini under [admins], I get the
> following
> > as the contents of the third parameter of the validation function :-
> >
> > {"db" : "test", "name" : null, "roles" : []}
> >
> > In the above snippet from the book there appears to be a field
> > userCtx.author. Just wondering how to get it here and why I am not seeing
> it
> > in my output.
> >
>
> heh, thanks for the catch.. It should read:
>
> enforce(newDoc.author == userCtx.name
>
> > Also any pointer on the security, authentication and authorization part
> will
> > be appreciated.
> >
>
> I'm not sure, but you should be getting more when you are properly
> logged in -- this is worth investigating more. What do you get for
> this?:
>
> $ curl http://jchris:mysecretpassword@localhost:5984/_session
> {"ok":true,"name":"jchris","roles":["_admin"]}
>
>
> > Thanks in advance ..
> > - Debasish
> >
>
>
>
> --
> Chris Anderson
> http://jchrisa.net
> http://couch.io
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message