You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@couchdb.apache.org by "Alexander Shorin (JIRA)" <ji...@apache.org> on 2013/06/22 00:56:19 UTC
[jira] [Created] (COUCHDB-1837) Incorrect HTTP response on attempt
to update other user doc with public fields enabled
Alexander Shorin created COUCHDB-1837:
-----------------------------------------
Summary: Incorrect HTTP response on attempt to update other user doc with public fields enabled
Key: COUCHDB-1837
URL: https://issues.apache.org/jira/browse/COUCHDB-1837
Project: CouchDB
Issue Type: Bug
Components: HTTP Interface
Reporter: Alexander Shorin
When `public_fields` are specified (see [8d7ab8b1|https://git-wip-us.apache.org/repos/asf?p=couchdb.git;a=commit;h=8d7ab8b18dd20f8785e69f4420c6f93a2edbfa60] commit) and regular user tries to update other user doc, CouchDB return HTTP 404 Not Found request while HTTP 403 Forbidden is more expected.
Steps to reproduce:
1. Enable `public_fields`
{code}
curl -X PUT http://localhost:5984/_config/couch_httpd_auth/public_fields -d '"name,email,whatever"' -H "Content-Type: application/json" --user couch_admin
{code}
2. Setup some users
{code}
curl -X PUT http://localhost:5984/_users/org.couchdb.user:abc -d '{"name":"abc", "roles":[], "type":"user", "password": "cba"}' -H "Content-Type: application/json"
curl -X PUT http://localhost:5984/_users/org.couchdb.user:def -d '{"name":"def", "roles":[], "type":"user", "password": "fed"}' -H "Content-Type: application/json"
{code}
3. Now user `abc` may browse `def` doc
{code}
> curl -v http://abc:cba@localhost:5984/_users/org.couchdb.user:def
HTTP/1.1 200 OK
Cache-Control: must-revalidate
Content-Length: 88
Content-Type: text/plain; charset=utf-8
Date: Fri, 21 Jun 2013 22:48:03 GMT
ETag: "1-fa20c151bb6946527d261e9ef4338923"
Server: CouchDB/1.4.0+build.8d7ab8b (Erlang OTP/R16B)
{"_id":"org.couchdb.user:def","_rev":"1-fa20c151bb6946527d261e9ef4338923","name":"def"}
{code}
4. Try to save `def`'s doc:
{code}
curl -v -X PUT http://abc:cba@localhost:5984/_users/org.couchdb.user:def -d '{}' -H "Content-Type: application/json"
HTTP/1.1 404 Object Not Found
Server: CouchDB/1.4.0+build.8d7ab8b (Erlang OTP/R16B)
Date: Fri, 21 Jun 2013 22:49:44 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 41
Cache-Control: must-revalidate
{"error":"not_found","reason":"missing"}
{code}
Since `org.couchdb.user:def` doc is actually exists and available for direct GET request 404 response is incorrect and confuses while HTTP 403 Forbidden is expected.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira