incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sebastian Cohnen <sebastiancoh...@googlemail.com>
Subject Re: Problems creating admin users
Date Fri, 18 Jun 2010 16:29:19 GMT
would it be possible to give a readable (and understandable) error message? I'm guessing the
code is 500 in this case? a 403 Forbidden would also be great :)

On 18.06.2010, at 18:15, J Chris Anderson wrote:

> 
> On Jun 18, 2010, at 8:58 AM, Jochen Kempf wrote:
> 
>> Hi,
>> 
>> using couchdb 0.11.0 on Ubuntu 10.04 I get the following error message when
>> trying to add a new admin user vía Futon:
> 
> That's not a very nice error message. Sorry about that.
> 
> You can't create user docs in the user's db, with the role _admin.
> 
> For admins, you need to edit the config, either local.ini or via Futon.
> 
>> 
>> Signup error: {gen_server,call, [couch_query_servers,
>> {get_proc,{doc,<<"_design/_auth">>, {1,
>> [<<4,216,98,51,179,37,75,181,165,61,207,113,3, 249,127,194>>]},
>> {[{<<"language">>,<<"javascript">>}, {<<"validate_doc_update">>,
>> <<"function(newDoc, oldDoc, userCtx) {\n if ((oldDoc || newDoc).type !=
>> 'user') {\n throw({forbidden : 'doc.type must be user'});\n } // we only
>> validate user docs for now\n if (newDoc._deleted === true) {\n // allow
>> deletes by admins and matching users \n // without checking the other
>> fields\n if ((userCtx.roles.indexOf('_admin') != -1) || (userCtx.name ==
>> oldDoc.name)) {\n return;\n } else {\n throw({forbidden : 'Only admins may
>> delete other user docs.'});\n }\n }\n if (!newDoc.name) {\n throw({forbidden
>> : 'doc.name is required'});\n }\n if (!(newDoc.roles && (typeof
>> newDoc.roles.length != 'undefined') )) {\n throw({forbidden : 'doc.roles
>> must be an array'});\n }\n if (newDoc._id !=
>> 'org.couchdb.user:'+newDoc.name) {\n throw({forbidden : 'Docid must be of
>> the form org.couchdb.user:name'});\n }\n if (oldDoc) { // validate all
>> updates\n if (oldDoc.name != newDoc.name) {\n throw({forbidden : 'Usernames
>> may not be changed.'});\n }\n }\n if (newDoc.password_sha && !newDoc.salt)
>> {\n throw({forbidden : 'Users with password_sha must have a salt. See
>> /_utils/script/couch.js for example code.'});\n }\n if
>> (userCtx.roles.indexOf('_admin') == -1) { // not an admin\n if (oldDoc) { //
>> validate non-admin updates\n if (userCtx.name != newDoc.name) {\n
>> throw({forbidden : 'You may only update your own user document.'});\n }\n //
>> validate role updates\n var oldRoles = oldDoc.roles.sort();\n var newRoles =
>> newDoc.roles.sort();\n if (oldRoles.length != newRoles.length) {\n
>> throw({forbidden : 'Only _admin may edit roles'});\n }\n for (var i=0; i <
>> oldRoles.length; i++) {\n if (oldRoles[i] != newRoles[i]) {\n
>> throw({forbidden : 'Only _admin may edit roles'});\n }\n };\n } else if
>> (newDoc.roles.length > 0) {\n throw({forbidden : 'Only _admin may set
>> roles'});\n }\n }\n // no system roles in users db\n for (var i=0; i <
>> newDoc.roles.length; i++) {\n if (newDoc.roles[i][0] == '_') {\n
>> throw({forbidden : 'No system roles (starting with underscore) in users
>> db.'});\n }\n };\n // no system names as names\n if (newDoc.name[0] == '_')
>> {\n throw({forbidden : 'Username may not start with underscore.'});\n }\n
>> }">>}]}, [],false,[]}, {<<"_design/_auth">>,
>> <<"1-04d86233b3254bb5a53dcf7103f97fc2">>}}]}
>> 
>> However I can login vía Futon using the previously entered credentials but
>> there is no corresponding user file added to the "_users" table. It seems
>> that the "_auth" validation function prevents me from adding a new user to
>> the "_users" table.
>> 
>> How can I fix this?
> 


Mime
View raw message