incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Anderson <jch...@apache.org>
Subject Re: Couchdb and futon authentication on trunk (910404)
Date Tue, 16 Feb 2010 18:01:46 GMT
On Mon, Feb 15, 2010 at 10:05 PM, Patrick Barnes <mrtrick@gmail.com> wrote:
> Problem 1:
> - In admin party mode, when offered authentication details couchdb and futon
> will complain. (from memory, I think the error was
> {"error":"unauthorized","reason":"Name or password is incorrect."})
> - Web browsers remember authentication details - so if I have previously
> logged into futon, then removed the users and changed to admin party mode, I
> can't access the site until I restart the browser.
>

One solution for this (maybe already mentioned on the list) is to
remove /_utils from any kind of security restrictions. I'd love to see
a patch for this. This way you could still log in, and then access
data.

> Problem 1a: Why doesn't the test suite run unless in admin party mode? (And
> why isn't there a 'clean up the test databases' test?)

The tests require admin party mode because they do things like delete
and recreate admins, change the authentication methods, etc. Never run
the tests on a production CouchDB.

>
> Problem 2:
> Once an admin user is created, if you go and change require_valid_user to
> true, everything seems to work fine until you log out or restart the
> browser. Then futon will not let you in - trying to access
> couchserver:5984/_utils just brings up an
> {"error":"unauthorized","reason":"Authentication required."} error... not a
> login screen or HTTP auth prompt or anything.
> It seems there's no way to get back into futon other than switching
> require_valid_user off.
>
>
> This is the first trunk build I've tried (was on 0.10.0 before), so it might
> just be my server, but this behaviour seems either odd or incomplete.
>
> Thoughts?
> (Also, can 'sign up' be disabled / admin users allowed to create new users?)
>
> -Patrick Barnes
>
>
>



-- 
Chris Anderson
http://jchrisa.net
http://couch.io

Mime
View raw message