Return-Path: Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: (qmail 82274 invoked from network); 5 Aug 2010 14:11:32 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 5 Aug 2010 14:11:32 -0000 Received: (qmail 5697 invoked by uid 500); 5 Aug 2010 14:11:31 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 5280 invoked by uid 500); 5 Aug 2010 14:11:27 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 5270 invoked by uid 99); 5 Aug 2010 14:11:26 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 05 Aug 2010 14:11:26 +0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of mahendra.m@gmail.com designates 209.85.212.180 as permitted sender) Received: from [209.85.212.180] (HELO mail-px0-f180.google.com) (209.85.212.180) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 05 Aug 2010 14:11:22 +0000 Received: by pxi3 with SMTP id 3so3879796pxi.11 for ; Thu, 05 Aug 2010 07:11:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=h5vqc3QBseHdwOGJbPK99vOZJAZfUFp7lRLp5NEuLQw=; b=rLcPRwOt/ON0boZmWrNiP/koB7sW3S6IV+tZn2EeRSpxeG/FDRea7kA2ACD3EsqEqJ WahxFBjOLu80GJRRByDNnRqEzKZooMAcTqi5V0kvlB0Jah9gIRWzlkwgbYIKjJepdX9L xsdnC+OO0mvD56VbBS5BmUZpcJjYBsd8DbZxE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=pGpAMH+VuV+5khpkuOrDwQ7comTcIj+nE+RQnsWWf/pkhcAj5RwdAd77xB+zu4oEzX 1ctoWJzRW8tDFZIKqfcet+EwueVeqfuPDf9agkuAUYTTSbYsUb01x/nzLF+yTSAK2bri +KjaRqr3x6MHzBZmyKwpPwOTqid7kSntnBlSc= MIME-Version: 1.0 Received: by 10.142.1.12 with SMTP id 12mr9040995wfa.233.1281017461888; Thu, 05 Aug 2010 07:11:01 -0700 (PDT) Received: by 10.142.203.3 with HTTP; Thu, 5 Aug 2010 07:11:01 -0700 (PDT) Date: Thu, 5 Aug 2010 19:41:01 +0530 Message-ID: Subject: Issues while using couchdb http cookie auth From: Mahendra M To: user@couchdb.apache.org Content-Type: text/plain; charset=ISO-8859-1 Hi, I was trying to setup and use couchdb http cookie auth. I could not find any "official" documentation for the same. A bit of searching around gave me these. 1. http://pierrel.posterous.com/securing-couchdb (seems new) 2. http://www.mail-archive.com/dev@couchdb.apache.org/msg02631.html (2009) 3. http://www.jasondavies.com/blog/2009/05/27/secure-cookie-authentication-couchdb My requirement is this. * Have one db with user related docs. * The key of the doc is the userid * The sha1 hashed password for each user is stored in his doc. * I want to issue cookies based on a userid and password posted to couchdb. Originally, I was trying on writing my own show function to do an auth. Then I saw that couchdb itself has support for doing this. The methods discussed in the above thread(s) are really good and I wanted to try it out. However, it is not working even after following both the examples. I keep getting an error {"error":"unauthorized","reason":"Name or password is incorrect."} The debug logs also don't give out much information. Looks like I have not set up things properly and the above docs are a bit confusing. Also, could not find anything on the couchdb wiki. So, I wanted to check if there is any other documentation on how to make use of http cookie auth. Or has anyone tried and got it working ? In link(1), it explains how to setup a single auth scheme for a couchdb node and making use of /_session to get a cookie. In link(2), it looks like adding _login and _logout handlers to each db. Does this mean that each db can have it's own user/password sets ? Also, what parameters must be passed to _login ? Also, this says that the "users" view values must have a member "password" whereas the previous link asks for a member "password_sha". Which is the correct approach to follow ? or are both valid ? I am a bit confused as of now :-) Regards, Mahendra http://twitter.com/mahendra