Return-Path: 
 <user-return-6468-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org>
Delivered-To: apmail-couchdb-user-archive@www.apache.org
Received: (qmail 50790 invoked from network); 14 Sep 2009 05:26:12 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 14 Sep 2009 05:26:12 -0000
Received: (qmail 43813 invoked by uid 500); 14 Sep 2009 05:26:11 -0000
Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org
Received: (qmail 43715 invoked by uid 500); 14 Sep 2009 05:26:10 -0000
Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@couchdb.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@couchdb.apache.org>
List-Post: <mailto:user@couchdb.apache.org>
List-Id: <user.couchdb.apache.org>
Reply-To: user@couchdb.apache.org
Delivered-To: mailing list user@couchdb.apache.org
Received: (qmail 43705 invoked by uid 99); 14 Sep 2009 05:26:10 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 14 Sep 2009 05:26:10 +0000
X-ASF-Spam-Status: No, hits=1.5 required=10.0
	tests=SPF_PASS,WEIRD_PORT
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of jchris@gmail.com designates
 209.85.212.171 as permitted sender)
Received: from [209.85.212.171] (HELO mail-vw0-f171.google.com)
 (209.85.212.171)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 14 Sep 2009 05:26:01 +0000
Received: by vws1 with SMTP id 1so1647851vws.13
        for <user@couchdb.apache.org>; Sun, 13 Sep 2009 22:25:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:sender:received:in-reply-to
         :references:date:x-google-sender-auth:message-id:subject:from:to
         :content-type:content-transfer-encoding;
        bh=aWaVeROLRgwCndSSrE8Xx2U4asDORtzMflKgfJM7kLQ=;
        b=sr7lyZczAFn9FwLpso1uQRz7oWHTV0haAE+A7plnVZTzEn0yPwmyPNt15My/LWqSm8
         KxENS4dEDhnY5k9TFYGI1nIHC1wKZ2NWM7KE/BCbDzik7eR3FsbWyLCUTRhbGk6O0CKw
         GyGFWaCdDeJ6HoTLGKoheMaL7vYj8RHQFFc5c=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:sender:in-reply-to:references:date
         :x-google-sender-auth:message-id:subject:from:to:content-type
         :content-transfer-encoding;
        b=FlyYkaLaNfjjVwKfZLhq3c9qLKWlHc2e6xI8NUI8Q+w7YLc/SxgSCPEtDbCxjL2op+
         2+v0i8XFOijIbMupF/Sr5yIMvAptiGAMk6Jyz0gV9NGewlsFsrU8M6tofYvs32/nQoi9
         3iCkHZ/WuYUw5RDZNL/HmvLS66CP2LMz/YymI=
MIME-Version: 1.0
Sender: jchris@gmail.com
Received: by 10.220.104.212 with SMTP id q20mr7531499vco.107.1252905940351;
	Sun, 13 Sep 2009 22:25:40 -0700 (PDT)
In-Reply-To: <8b1c89270909131059t306de1b1mf2c15c790f3d070a@mail.gmail.com>
References: <8b1c89270909120747r4245de68v6cd543e1787c3ea8@mail.gmail.com>
	 <e282921e0909122216k6d122940nc0210f8a555ebe1d@mail.gmail.com>
	 <8b1c89270909130131u57209cd4v8b56748c0fa5ee34@mail.gmail.com>
	 <e282921e0909131046s7a89a9a7ode1438790ec1a0a6@mail.gmail.com>
	 <8b1c89270909131059t306de1b1mf2c15c790f3d070a@mail.gmail.com>
Date: Sun, 13 Sep 2009 22:25:40 -0700
X-Google-Sender-Auth: 874b77c8bc9976e5
Message-ID: <e282921e0909132225x1f5911c0h562b5c1ec46c684@mail.gmail.com>
Subject: Re: CouchDB Validation function and security API ..
From: Chris Anderson <jchris@apache.org>
To: user@couchdb.apache.org, dghosh@acm.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Virus-Checked: Checked by ClamAV on apache.org

On Sun, Sep 13, 2009 at 10:59 AM, Debasish Ghosh
<ghosh.debasish@gmail.com> wrote:
> On Sun, Sep 13, 2009 at 11:16 PM, Chris Anderson <jchris@apache.org> wrot=
e:
>
>> On Sun, Sep 13, 2009 at 1:31 AM, Debasish Ghosh
>> <ghosh.debasish@gmail.com> wrote:
>> > I think I am doing something wrong. Would appreciate any help on this =
...
>> > In my local.ini, I have set up the following :
>> >
>> > [admins]
>> > [jchris =3D secretpass
>> >
>> > [httpd]
>> > authentication_handlers =3D {couch_httpd, default_authentication_handl=
er}
>> >
>> > and I create a database using
>> >
>> > curl -vX PUT http://jchris:secretpass@localhost:5984/albums
>> >
>> > I get : {ok, true}
>> >
>> > How do I get the _session handler that you have mentioned ? Doing a ..
>> >
>> > $ curl http://jchris:mysecretpassword@localhost:5984/_session
>> >
>>
>> this "just works" for me. I'm not sure about cookie etc... I just give
>> my creds on the curl line and _session gives me back the userCtx.
>>
>
>>> creds on the curl line means as u have mentioned ..
>>> $ curl http://jchris:mysecretpassword@localhost:5984/_session ?
>>> hmm .. doesn't work for me :( .. It gives me something like "illegal
> database name" on _session ..
>>> I am using an April snapshot of 0.10. I will try switching to a more
> recent snapshot ..
>>> Will u mind sharing the local.ini & default.ini ?
>

I'm currently on trunk using make dev && utils/run, my password line is:

jchris =3D -hashed-7d882376727dadb528a9e4b160809f46674157fb,32ba977823a5e7a=
4d978b2139149706a

>
>> I'm running from couchdb trunk but I think anything in the 0.10.x
>> branch should work for this.
>>
>> > obviously doesn't work, since I have not set anything in the session a=
nd
>> it
>> > gives me an error. You have mentioned in the mail "when you are
>> > properly logged in". Do I have to handle user login myself through som=
e
>> > pluggable login module ? I think I am missing something here. Help!
>> >
>> > Thanks.
>> > - Debasish
>> >
>> > On Sun, Sep 13, 2009 at 10:46 AM, Chris Anderson <jchris@apache.org>
>> wrote:
>> >
>> >> On Sat, Sep 12, 2009 at 7:47 AM, Debasish Ghosh
>> >> <ghosh.debasish@gmail.com> wrote:
>> >> > Hi -
>> >> >
>> >> > The validation function validate_doc_update takes 3 parameters,
>> newdoc,
>> >> > olddoc and userContext. I am trying to get my head into how the
>> >> > authentication and authorization stuff is related to this. The Couc=
hDB
>> >> book
>> >> > has the following code snippet in 7.2.4 Authorship section ..
>> >> > function(newDoc, oldDoc, userCtx) {
>> >> > =A0if (newDoc.author) {
>> >> > =A0 =A0enforce(newDoc.author =3D=3D userCtx.author,
>> >> > =A0 =A0 =A0"You may only update documents with author " + userCtx.a=
uthor);
>> >> > =A0}
>> >> > }
>> >> >
>> >> > In my linux environment, when I run CouchDB validation functions wi=
th
>> a
>> >> > user-id and password setup in local.ini under [admins], I get the
>> >> following
>> >> > as the contents of the third parameter of the validation function :=
-
>> >> >
>> >> > {"db" : "test", "name" : null, "roles" : []}
>> >> >
>> >> > In the above snippet from the book there appears to be a field
>> >> > userCtx.author. Just wondering how to get it here and why I am not
>> seeing
>> >> it
>> >> > in my output.
>> >> >
>> >>
>> >> heh, thanks for the catch.. It should read:
>> >>
>> >> enforce(newDoc.author =3D=3D userCtx.name
>> >>
>> >> > Also any pointer on the security, authentication and authorization
>> part
>> >> will
>> >> > be appreciated.
>> >> >
>> >>
>> >> I'm not sure, but you should be getting more when you are properly
>> >> logged in -- this is worth investigating more. What do you get for
>> >> this?:
>> >>
>> >> $ curl http://jchris:mysecretpassword@localhost:5984/_session
>> >> {"ok":true,"name":"jchris","roles":["_admin"]}
>> >>
>> >>
>> >> > Thanks in advance ..
>> >> > - Debasish
>> >> >
>> >>
>> >>
>> >>
>> >> --
>> >> Chris Anderson
>> >> http://jchrisa.net
>> >> http://couch.io
>> >>
>> >
>>
>>
>>
>> --
>> Chris Anderson
>> http://jchrisa.net
>> http://couch.io
>>
>



--=20
Chris Anderson
http://jchrisa.net
http://couch.io