incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Newson <rnew...@apache.org>
Subject Re: passwords
Date Tue, 23 Apr 2013 13:17:26 GMT
Probably, I only have time today to test and backport this issue,
given that I wrote the fix for it.

eta 10 mins.

On 23 April 2013 14:14, Noah Slater <nslater@apache.org> wrote:
> Any other bugs while we're at it. I'll be sending out a formal request
> tonight for people to do merges. But may as well mention it now.
>
>
> On 23 April 2013 14:11, Robert Newson <rnewson@apache.org> wrote:
>
>> good thought.
>>
>> On 23 April 2013 14:07, Noah Slater <nslater@apache.org> wrote:
>> > Can we put this into one or more of the bugfixes branches?
>> >
>> >
>> > On 23 April 2013 14:02, Robert Newson <rnewson@apache.org> wrote:
>> >
>> >> I believe the fix for this is 5d4ef930 which is on master (which will
>> >> be 1.4) only.
>> >>
>> >> specifically;
>> >>
>> >> -        [Name, Pass] = re:split(NamePass, ":", [{return, list}]),
>> >> +        [Name, Pass] = re:split(NamePass, ":", [{return, list}, {parts,
>> >> 2}]),
>> >>
>> >> B.
>> >>
>> >>
>> >>
>> >>
>> >> On 23 April 2013 13:59, Robert Newson <rnewson@apache.org> wrote:
>> >> > Ah, that's a great distinction, rings a bell!
>> >> >
>> >> > On 23 April 2013 13:39, Dave Cottlehuber <dch@jsonified.com>
wrote:
>> >> >> On 23 April 2013 13:15, svilen <az@svilendobrev.com> wrote:
>> >> >>> g'day
>> >> >>>
>> >> >>> i am trying to set a user with a password that is not just
>> >> alphanumeric.
>> >> >>> e.g. "b:@" (or if uri-encoded, b%3A%40)
>> >> >>>
>> >> >>> but the result of getting the /_users/ doc is always
>> 401-unauthorized.
>> >> >>>
>> >> >>> if i login in Futon, it seems to work.
>> >> >>> when i compute the pasword_sha myself and compare to whats
in
>> user/doc,
>> >> >>> it matches.
>> >> >>>
>> >> >>> but http via basic authentication won't let me in.
>> >> >>> e.g.
>> >> >>> curl -vX GET
>> >> >>> http://auser:b%3A%40@server:5984/_users/org.couchdb.user%3Aauser
>> >> >>>
>> >> >>> (seems the subject is very tricky and rarely paid attention
to in
>> >> >>> various http libraries i looked recently. Everyone just lumps
the
>> >> >>> usr+":"+psw and uri-encoding/decoding is left out..)
>> >> >>
>> >> >> Hi Svilen,
>> >> >>
>> >> >> From curl, you can:
>> >> >>
>> >> >> curl -vX GET $COUCH -u tricky:p@sswd
>> >> >>
>> >> >> and leaving off the password field allows you to enter it manually
or
>> >> >> even echo ':p@sswd' | curl …
>> >> >>
>> >> >> or if you're POSTing I think you can also use this:
>> >> >> http://curl.haxx.se/docs/manpage.html#--data-urlencode
>> >> >>
>> >> >> curl -d name=john --data-urlencode passwd=@31&3*J
>> >> https://www.mysite.com
>> >> >>
>> >> >> Anyway AFAICT there's a bug in CouchDB if the password starts with
a
>> `:`
>> >> >>
>> >> >> $COUCH=http://admin:pwd@localhost:5984
>> >> >>
>> >> >> curl -HContent-Type:application/json \
>> >> >>   -vXPUT $COUCH/_users/org.couchdb.user:mrtricky \
>> >> >>   --data-binary '{"_id": "org.couchdb.user:mrtricky","name":
>> >> >> "mrtricky","roles": [],"type": "user","password": ":pwd"}'
>> >> >>
>> >> >> I would expect that I can subsequently use either curl or httpie.org
>> ,
>> >> >> neither of them succeed with -u mrtricky::pwd or -u mrtricky &
>> getting
>> >> >> password from terminal.
>> >> >>
>> >> >> A+
>> >> >> Dave
>> >>
>> >
>> >
>> >
>> > --
>> > NS
>>
>
>
>
> --
> NS

Mime
View raw message