incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mahendra M <mahendr...@gmail.com>
Subject Issues while using couchdb http cookie auth
Date Thu, 05 Aug 2010 14:11:01 GMT
Hi,

I was trying to setup and use couchdb http cookie auth. I could
not find any "official" documentation for the same. A bit of searching around
gave me these.

1. http://pierrel.posterous.com/securing-couchdb (seems new)
2. http://www.mail-archive.com/dev@couchdb.apache.org/msg02631.html (2009)
3. http://www.jasondavies.com/blog/2009/05/27/secure-cookie-authentication-couchdb

My requirement is this.
* Have one db with user related docs.
* The key of the doc is the userid
* The sha1 hashed password for each user is stored in his doc.
* I want to issue cookies based on a userid and password posted to couchdb.

Originally, I was trying on writing my own show function to do an
auth. Then I saw
that couchdb itself has support for doing this.

The methods discussed in the above thread(s) are really good and I wanted to
try it out. However, it is not working even after following both the examples.

I keep getting an error
{"error":"unauthorized","reason":"Name or password is incorrect."}

The debug logs also don't give out much information.

Looks like I have not set up things properly and the above docs are a bit
confusing. Also, could not find anything on the couchdb wiki.

So, I wanted to check if there is any other documentation on how to make
use of http cookie auth.

Or has anyone tried and got it working ?

In link(1), it explains how to setup a single auth scheme for a couchdb node and
making use of /_session to get a cookie.

In link(2), it looks like adding _login and _logout handlers to each
db. Does this
mean that each db can have it's own user/password sets ? Also, what parameters
must be passed to _login ? Also, this says that the "users" view
values must have
a member "password" whereas the previous link asks for a member "password_sha".

Which is the correct approach to follow ? or are both valid ?
I am a bit confused as of now :-)

Regards,
Mahendra

http://twitter.com/mahendra

Mime
View raw message