Return-Path: 
 <user-return-8805-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org>
Delivered-To: apmail-couchdb-user-archive@www.apache.org
Received: (qmail 65703 invoked from network); 16 Feb 2010 18:02:24 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 16 Feb 2010 18:02:24 -0000
Received: (qmail 70799 invoked by uid 500); 16 Feb 2010 18:02:22 -0000
Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org
Received: (qmail 70750 invoked by uid 500); 16 Feb 2010 18:02:22 -0000
Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@couchdb.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@couchdb.apache.org>
List-Post: <mailto:user@couchdb.apache.org>
List-Id: <user.couchdb.apache.org>
Reply-To: user@couchdb.apache.org
Delivered-To: mailing list user@couchdb.apache.org
Received: (qmail 70740 invoked by uid 99); 16 Feb 2010 18:02:22 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 16 Feb 2010 18:02:22 +0000
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of jchris@gmail.com designates
 209.85.222.175 as permitted sender)
Received: from [209.85.222.175] (HELO mail-pz0-f175.google.com)
 (209.85.222.175)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 16 Feb 2010 18:02:13 +0000
Received: by pzk5 with SMTP id 5so1429519pzk.29
        for <user@couchdb.apache.org>; Tue, 16 Feb 2010 10:01:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:sender:received:in-reply-to
         :references:date:x-google-sender-auth:message-id:subject:from:to
         :content-type;
        bh=xp9499EylCTGjJlm0vl2dOFqDZeFCWDyxaNibf7XGOk=;
        b=q2D/XZsFyMYki7UlqmwwFA5AHgcfDE5yzL6loW7Gqetd0XKyNWudC8gyTEyZKBTDWT
         dtrp2mdqm9WfqBBAMbIxwf756nFjDazy+ngJqQcxi7RUOYTjfezLv0Sjpu+3ctcf8Opg
         mSYWS5BmQOmP+k9QlxIn/ykV0J9NPnvuDrSoQ=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:sender:in-reply-to:references:date
         :x-google-sender-auth:message-id:subject:from:to:content-type;
        b=b7g45C3viMATMVe671hxQA+HCsmi3UVp+O7cxJhHA+zb8L1s9KFUK6u88rPHHNHHaP
         lC/dfV1iHc1GncZ6D0pua47F29/kwjPnhdXw1U6Fs+7oPhqmkm/kBhtKfH6naKE9JX2M
         6Cg2bHNPIuiW/N6ot8SOIsvDGe+veqA5XtYnc=
MIME-Version: 1.0
Sender: jchris@gmail.com
Received: by 10.142.6.32 with SMTP id 32mr4593447wff.6.1266343306980; Tue, 16
	Feb 2010 10:01:46 -0800 (PST)
In-Reply-To: <4B7A3596.7010503@gmail.com>
References: <4B7A3596.7010503@gmail.com>
Date: Tue, 16 Feb 2010 10:01:46 -0800
X-Google-Sender-Auth: 7513861d9bca2ea4
Message-ID: <e282921e1002161001w4f03d9afq2f478e80ec5a2f8a@mail.gmail.com>
Subject: Re: Couchdb and futon authentication on trunk (910404)
From: Chris Anderson <jchris@apache.org>
To: user@couchdb.apache.org
Content-Type: text/plain; charset=ISO-8859-1

On Mon, Feb 15, 2010 at 10:05 PM, Patrick Barnes <mrtrick@gmail.com> wrote:
> Problem 1:
> - In admin party mode, when offered authentication details couchdb and futon
> will complain. (from memory, I think the error was
> {"error":"unauthorized","reason":"Name or password is incorrect."})
> - Web browsers remember authentication details - so if I have previously
> logged into futon, then removed the users and changed to admin party mode, I
> can't access the site until I restart the browser.
>

One solution for this (maybe already mentioned on the list) is to
remove /_utils from any kind of security restrictions. I'd love to see
a patch for this. This way you could still log in, and then access
data.

> Problem 1a: Why doesn't the test suite run unless in admin party mode? (And
> why isn't there a 'clean up the test databases' test?)

The tests require admin party mode because they do things like delete
and recreate admins, change the authentication methods, etc. Never run
the tests on a production CouchDB.

>
> Problem 2:
> Once an admin user is created, if you go and change require_valid_user to
> true, everything seems to work fine until you log out or restart the
> browser. Then futon will not let you in - trying to access
> couchserver:5984/_utils just brings up an
> {"error":"unauthorized","reason":"Authentication required."} error... not a
> login screen or HTTP auth prompt or anything.
> It seems there's no way to get back into futon other than switching
> require_valid_user off.
>
>
> This is the first trunk build I've tried (was on 0.10.0 before), so it might
> just be my server, but this behaviour seems either odd or incomplete.
>
> Thoughts?
> (Also, can 'sign up' be disabled / admin users allowed to create new users?)
>
> -Patrick Barnes
>
>
>



-- 
Chris Anderson
http://jchrisa.net
http://couch.io