incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Debasish Ghosh <ghosh.debas...@gmail.com>
Subject Re: CouchDB Validation function and security API ..
Date Sun, 13 Sep 2009 17:59:19 GMT
On Sun, Sep 13, 2009 at 11:16 PM, Chris Anderson <jchris@apache.org> wrote:

> On Sun, Sep 13, 2009 at 1:31 AM, Debasish Ghosh
> <ghosh.debasish@gmail.com> wrote:
> > I think I am doing something wrong. Would appreciate any help on this ...
> > In my local.ini, I have set up the following :
> >
> > [admins]
> > [jchris = secretpass
> >
> > [httpd]
> > authentication_handlers = {couch_httpd, default_authentication_handler}
> >
> > and I create a database using
> >
> > curl -vX PUT http://jchris:secretpass@localhost:5984/albums
> >
> > I get : {ok, true}
> >
> > How do I get the _session handler that you have mentioned ? Doing a ..
> >
> > $ curl http://jchris:mysecretpassword@localhost:5984/_session
> >
>
> this "just works" for me. I'm not sure about cookie etc... I just give
> my creds on the curl line and _session gives me back the userCtx.
>

>> creds on the curl line means as u have mentioned ..
>> $ curl http://jchris:mysecretpassword@localhost:5984/_session ?
>> hmm .. doesn't work for me :( .. It gives me something like "illegal
database name" on _session ..
>> I am using an April snapshot of 0.10. I will try switching to a more
recent snapshot ..
>> Will u mind sharing the local.ini & default.ini ?


> I'm running from couchdb trunk but I think anything in the 0.10.x
> branch should work for this.
>
> > obviously doesn't work, since I have not set anything in the session and
> it
> > gives me an error. You have mentioned in the mail "when you are
> > properly logged in". Do I have to handle user login myself through some
> > pluggable login module ? I think I am missing something here. Help!
> >
> > Thanks.
> > - Debasish
> >
> > On Sun, Sep 13, 2009 at 10:46 AM, Chris Anderson <jchris@apache.org>
> wrote:
> >
> >> On Sat, Sep 12, 2009 at 7:47 AM, Debasish Ghosh
> >> <ghosh.debasish@gmail.com> wrote:
> >> > Hi -
> >> >
> >> > The validation function validate_doc_update takes 3 parameters,
> newdoc,
> >> > olddoc and userContext. I am trying to get my head into how the
> >> > authentication and authorization stuff is related to this. The CouchDB
> >> book
> >> > has the following code snippet in 7.2.4 Authorship section ..
> >> > function(newDoc, oldDoc, userCtx) {
> >> >  if (newDoc.author) {
> >> >    enforce(newDoc.author == userCtx.author,
> >> >      "You may only update documents with author " + userCtx.author);
> >> >  }
> >> > }
> >> >
> >> > In my linux environment, when I run CouchDB validation functions with
> a
> >> > user-id and password setup in local.ini under [admins], I get the
> >> following
> >> > as the contents of the third parameter of the validation function :-
> >> >
> >> > {"db" : "test", "name" : null, "roles" : []}
> >> >
> >> > In the above snippet from the book there appears to be a field
> >> > userCtx.author. Just wondering how to get it here and why I am not
> seeing
> >> it
> >> > in my output.
> >> >
> >>
> >> heh, thanks for the catch.. It should read:
> >>
> >> enforce(newDoc.author == userCtx.name
> >>
> >> > Also any pointer on the security, authentication and authorization
> part
> >> will
> >> > be appreciated.
> >> >
> >>
> >> I'm not sure, but you should be getting more when you are properly
> >> logged in -- this is worth investigating more. What do you get for
> >> this?:
> >>
> >> $ curl http://jchris:mysecretpassword@localhost:5984/_session
> >> {"ok":true,"name":"jchris","roles":["_admin"]}
> >>
> >>
> >> > Thanks in advance ..
> >> > - Debasish
> >> >
> >>
> >>
> >>
> >> --
> >> Chris Anderson
> >> http://jchrisa.net
> >> http://couch.io
> >>
> >
>
>
>
> --
> Chris Anderson
> http://jchrisa.net
> http://couch.io
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message