incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Anderson <jch...@apache.org>
Subject Re: CouchDB Validation function and security API ..
Date Sun, 13 Sep 2009 17:46:09 GMT
On Sun, Sep 13, 2009 at 1:31 AM, Debasish Ghosh
<ghosh.debasish@gmail.com> wrote:
> I think I am doing something wrong. Would appreciate any help on this ...
> In my local.ini, I have set up the following :
>
> [admins]
> [jchris = secretpass
>
> [httpd]
> authentication_handlers = {couch_httpd, default_authentication_handler}
>
> and I create a database using
>
> curl -vX PUT http://jchris:secretpass@localhost:5984/albums
>
> I get : {ok, true}
>
> How do I get the _session handler that you have mentioned ? Doing a ..
>
> $ curl http://jchris:mysecretpassword@localhost:5984/_session
>

this "just works" for me. I'm not sure about cookie etc... I just give
my creds on the curl line and _session gives me back the userCtx.

I'm running from couchdb trunk but I think anything in the 0.10.x
branch should work for this.

> obviously doesn't work, since I have not set anything in the session and it
> gives me an error. You have mentioned in the mail "when you are
> properly logged in". Do I have to handle user login myself through some
> pluggable login module ? I think I am missing something here. Help!
>
> Thanks.
> - Debasish
>
> On Sun, Sep 13, 2009 at 10:46 AM, Chris Anderson <jchris@apache.org> wrote:
>
>> On Sat, Sep 12, 2009 at 7:47 AM, Debasish Ghosh
>> <ghosh.debasish@gmail.com> wrote:
>> > Hi -
>> >
>> > The validation function validate_doc_update takes 3 parameters, newdoc,
>> > olddoc and userContext. I am trying to get my head into how the
>> > authentication and authorization stuff is related to this. The CouchDB
>> book
>> > has the following code snippet in 7.2.4 Authorship section ..
>> > function(newDoc, oldDoc, userCtx) {
>> >  if (newDoc.author) {
>> >    enforce(newDoc.author == userCtx.author,
>> >      "You may only update documents with author " + userCtx.author);
>> >  }
>> > }
>> >
>> > In my linux environment, when I run CouchDB validation functions with a
>> > user-id and password setup in local.ini under [admins], I get the
>> following
>> > as the contents of the third parameter of the validation function :-
>> >
>> > {"db" : "test", "name" : null, "roles" : []}
>> >
>> > In the above snippet from the book there appears to be a field
>> > userCtx.author. Just wondering how to get it here and why I am not seeing
>> it
>> > in my output.
>> >
>>
>> heh, thanks for the catch.. It should read:
>>
>> enforce(newDoc.author == userCtx.name
>>
>> > Also any pointer on the security, authentication and authorization part
>> will
>> > be appreciated.
>> >
>>
>> I'm not sure, but you should be getting more when you are properly
>> logged in -- this is worth investigating more. What do you get for
>> this?:
>>
>> $ curl http://jchris:mysecretpassword@localhost:5984/_session
>> {"ok":true,"name":"jchris","roles":["_admin"]}
>>
>>
>> > Thanks in advance ..
>> > - Debasish
>> >
>>
>>
>>
>> --
>> Chris Anderson
>> http://jchrisa.net
>> http://couch.io
>>
>



-- 
Chris Anderson
http://jchrisa.net
http://couch.io

Mime
View raw message