incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Newson <rnew...@apache.org>
Subject Re: deleting own user account
Date Fri, 22 Jun 2012 16:58:50 GMT
Yeah, this looks like a bug/regression caused by the system db security patch (e5503ffef957dc5e8784c7223e318738ae79b6df)

The userCtx name is compared to the "name" field inside the document to be updated. In the
case of a deletion, it has no such field, so the test fails. Thus, a user cannot delete their
own account. They are supposed to be able to, so this is a bug. Please file a JIRA ticket.

b.

On 22 Jun 2012, at 16:35, Gregor Martynus wrote:

> Can anybody confirm that when signed in as a user, I cannot DELETE my own _users doc?
It's simple to test in futon. 
> Is this a feature, or a bug?
> 
> I tested it on couchDB 1.2 myself. 
> 
> -- 
> Gregor Martynus
> 
> 
> On Wednesday, 20. June 2012 at 19:35, Gregor Martynus wrote:
> 
>> Robert, I get a 200 when I GET the same path. When I'm signed in as "test" in futon
and delete my own /_users doc, I get a 404 as well. Is that not the case for you?
>> 
>> I'm on couchDB 1.2, tested locally and on IrisCouch 
>> 
>> -- 
>> Gregor Martynus
>> 
>> 
>> On Wednesday, 20. June 2012 at 18:45, Robert Newson wrote:
>> 
>>> 
>>> Do you get a 200 when you GET that same doc id? I suspect you get a 404. If so,
check you have the right id, perhaps you need to escape some fields. Better, try deleting
it from Futon which handles the escaping for you.
>>> 
>>> If you're deleting an admin user, then you need to modify your .ini files (preferably
via /_config/admins) instead.
>>> 
>>> B.
>>> 
>>> On 20 Jun 2012, at 17:28, Gregor Martynus wrote:
>>> 
>>>> I'm quite sure that this worked before, but doesn't seem to work anymore.

>>>> 
>>>> Let's say I have a user account "test" and am signed in as "test".
>>>> The _rev number of users/org.couchdb.user:test is '1-234'
>>>> 
>>>> Shouldn't I be able to delete my own account with
>>>> DELETE /users/org.couchdb.user:test?rev=1-234
>>>> ?
>>>> 
>>>> I get a 404 response, but am still signed in as test
>>>> 
>>>> The same happens when I try to PUT the document with _deleted: true ...
>>>> 
>>>> Any idea? 
>>>> 
>>>> -- 
>>>> Gregor
>>>> 
>>> 
>>> 
>>> 
>>> 
>> 
>> 
> 


Mime
View raw message