Return-Path: 
 <user-return-6457-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org>
Delivered-To: apmail-couchdb-user-archive@www.apache.org
Received: (qmail 22562 invoked from network); 13 Sep 2009 18:00:12 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 13 Sep 2009 18:00:12 -0000
Received: (qmail 63058 invoked by uid 500); 13 Sep 2009 18:00:11 -0000
Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org
Received: (qmail 62968 invoked by uid 500); 13 Sep 2009 18:00:11 -0000
Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@couchdb.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@couchdb.apache.org>
List-Post: <mailto:user@couchdb.apache.org>
List-Id: <user.couchdb.apache.org>
Reply-To: user@couchdb.apache.org
Delivered-To: mailing list user@couchdb.apache.org
Received: (qmail 62958 invoked by uid 99); 13 Sep 2009 18:00:11 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 13 Sep 2009 18:00:11 +0000
X-ASF-Spam-Status: No, hits=3.7 required=10.0
	tests=HTML_MESSAGE,SPF_PASS,WEIRD_PORT
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of ghosh.debasish@gmail.com
 designates 209.85.210.201 as permitted sender)
Received: from [209.85.210.201] (HELO mail-yx0-f201.google.com)
 (209.85.210.201)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 13 Sep 2009 18:00:00 +0000
Received: by yxe39 with SMTP id 39so3094520yxe.18
        for <user@couchdb.apache.org>; Sun, 13 Sep 2009 10:59:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:received:reply-to:in-reply-to
         :references:from:date:message-id:subject:to:cc:content-type;
        bh=0ExmEIkjmaaM9KYLgwkCWcFOYp7sdmu2Z1CukIzJ22g=;
        b=uEGhh8cpdK8ciR6+gaSgRs5bdVj5BY8NwkeLABk9Cn61POnIYyLXsq7pRlLX112lST
         rxx6VIN5wk/iC7EoPOmZJHH26XUQjywMf3C7uAhY4W9AzVPGVeuIRZYdKQ4iKnEsl6MK
         B6uUY6v5OfaggVzQhnAikxfpsYuH+KXHcWWPY=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:reply-to:in-reply-to:references:from:date:message-id
         :subject:to:cc:content-type;
        b=WWbnr1TlZGNScPdf1QephUc3vznteExVle5PtV78zu38VTKZTm9REHvq3gqsyOET9u
         C6UTqjTn4aZBSB0HSRJNIHcZB7QvJrn/FbQn7DRn06rQpPjaLuSOIRrVjw3fG1YeJkSs
         OXfdyUuT35dni9xWbkmCmD0mFnZXBrRdkSu28=
MIME-Version: 1.0
Received: by 10.101.207.25 with SMTP id j25mr5564252anq.19.1252864779068;
 Sun,
	13 Sep 2009 10:59:39 -0700 (PDT)
Reply-To: dghosh@acm.org
In-Reply-To: <e282921e0909131046s7a89a9a7ode1438790ec1a0a6@mail.gmail.com>
References: <8b1c89270909120747r4245de68v6cd543e1787c3ea8@mail.gmail.com>
	<e282921e0909122216k6d122940nc0210f8a555ebe1d@mail.gmail.com>
	<8b1c89270909130131u57209cd4v8b56748c0fa5ee34@mail.gmail.com>
	<e282921e0909131046s7a89a9a7ode1438790ec1a0a6@mail.gmail.com>
From: Debasish Ghosh <ghosh.debasish@gmail.com>
Date: Sun, 13 Sep 2009 23:29:19 +0530
Message-ID: <8b1c89270909131059t306de1b1mf2c15c790f3d070a@mail.gmail.com>
Subject: Re: CouchDB Validation function and security API ..
To: Chris Anderson <jchris@apache.org>
Cc: user@couchdb.apache.org
Content-Type: multipart/alternative; boundary=0016e68de9121ba5a004737950b7
X-Virus-Checked: Checked by ClamAV on apache.org

--0016e68de9121ba5a004737950b7
Content-Type: text/plain; charset=ISO-8859-1

On Sun, Sep 13, 2009 at 11:16 PM, Chris Anderson <jchris@apache.org> wrote:

> On Sun, Sep 13, 2009 at 1:31 AM, Debasish Ghosh
> <ghosh.debasish@gmail.com> wrote:
> > I think I am doing something wrong. Would appreciate any help on this ...
> > In my local.ini, I have set up the following :
> >
> > [admins]
> > [jchris = secretpass
> >
> > [httpd]
> > authentication_handlers = {couch_httpd, default_authentication_handler}
> >
> > and I create a database using
> >
> > curl -vX PUT http://jchris:secretpass@localhost:5984/albums
> >
> > I get : {ok, true}
> >
> > How do I get the _session handler that you have mentioned ? Doing a ..
> >
> > $ curl http://jchris:mysecretpassword@localhost:5984/_session
> >
>
> this "just works" for me. I'm not sure about cookie etc... I just give
> my creds on the curl line and _session gives me back the userCtx.
>

>> creds on the curl line means as u have mentioned ..
>> $ curl http://jchris:mysecretpassword@localhost:5984/_session ?
>> hmm .. doesn't work for me :( .. It gives me something like "illegal
database name" on _session ..
>> I am using an April snapshot of 0.10. I will try switching to a more
recent snapshot ..
>> Will u mind sharing the local.ini & default.ini ?


> I'm running from couchdb trunk but I think anything in the 0.10.x
> branch should work for this.
>
> > obviously doesn't work, since I have not set anything in the session and
> it
> > gives me an error. You have mentioned in the mail "when you are
> > properly logged in". Do I have to handle user login myself through some
> > pluggable login module ? I think I am missing something here. Help!
> >
> > Thanks.
> > - Debasish
> >
> > On Sun, Sep 13, 2009 at 10:46 AM, Chris Anderson <jchris@apache.org>
> wrote:
> >
> >> On Sat, Sep 12, 2009 at 7:47 AM, Debasish Ghosh
> >> <ghosh.debasish@gmail.com> wrote:
> >> > Hi -
> >> >
> >> > The validation function validate_doc_update takes 3 parameters,
> newdoc,
> >> > olddoc and userContext. I am trying to get my head into how the
> >> > authentication and authorization stuff is related to this. The CouchDB
> >> book
> >> > has the following code snippet in 7.2.4 Authorship section ..
> >> > function(newDoc, oldDoc, userCtx) {
> >> >  if (newDoc.author) {
> >> >    enforce(newDoc.author == userCtx.author,
> >> >      "You may only update documents with author " + userCtx.author);
> >> >  }
> >> > }
> >> >
> >> > In my linux environment, when I run CouchDB validation functions with
> a
> >> > user-id and password setup in local.ini under [admins], I get the
> >> following
> >> > as the contents of the third parameter of the validation function :-
> >> >
> >> > {"db" : "test", "name" : null, "roles" : []}
> >> >
> >> > In the above snippet from the book there appears to be a field
> >> > userCtx.author. Just wondering how to get it here and why I am not
> seeing
> >> it
> >> > in my output.
> >> >
> >>
> >> heh, thanks for the catch.. It should read:
> >>
> >> enforce(newDoc.author == userCtx.name
> >>
> >> > Also any pointer on the security, authentication and authorization
> part
> >> will
> >> > be appreciated.
> >> >
> >>
> >> I'm not sure, but you should be getting more when you are properly
> >> logged in -- this is worth investigating more. What do you get for
> >> this?:
> >>
> >> $ curl http://jchris:mysecretpassword@localhost:5984/_session
> >> {"ok":true,"name":"jchris","roles":["_admin"]}
> >>
> >>
> >> > Thanks in advance ..
> >> > - Debasish
> >> >
> >>
> >>
> >>
> >> --
> >> Chris Anderson
> >> http://jchrisa.net
> >> http://couch.io
> >>
> >
>
>
>
> --
> Chris Anderson
> http://jchrisa.net
> http://couch.io
>

--0016e68de9121ba5a004737950b7--