You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@couchdb.apache.org by "Richard Ellis (JIRA)" <ji...@apache.org> on 2016/05/20 08:49:12 UTC
[jira] [Created] (COUCHDB-3019) URL encoded characters in
replication URL user info cause auth failures
Richard Ellis created COUCHDB-3019:
--------------------------------------
Summary: URL encoded characters in replication URL user info cause auth failures
Key: COUCHDB-3019
URL: https://issues.apache.org/jira/browse/COUCHDB-3019
Project: CouchDB
Issue Type: Bug
Components: Replication
Reporter: Richard Ellis
Special characters in passwords cause authentication failures when they are URL encoded as part of a source or target property when POSTing to the _replicate endpoint.
Maybe this is a regression because this page suggests this was only an issue in older CouchDB versions: https://wiki.apache.org/couchdb/Replication#Username_Workaround_.28older_CouchDBs_only.29
Example with password "special%@password" on CouchDB 1.6.1
POST /_replicate HTTP/1.1
{"source":"http://testuser:special%25%40password@localhost:5984/35d37f3362474b539269a7b84bc9d424","create_target":true,"target":"http://testuser:special%25%40password@localhost:5984/c4ffd94e3d4e432d941bdd59cfd2d541"}
HTTP/1.1 500 Internal Server Error
Server: CouchDB/1.6.1 (Erlang OTP/17)
{"error":"unauthorized","reason":"unauthorized to access or create database http://testuser:*****@localhost:5984/35d37f3362474b539269a7b84bc9d424/"}
The HEAD request to access the source database gets a 401:
[debug] [<0.203.0>] Minor error in HTTP request: {unauthorized,
<<"Name or password is incorrect.">>}
[debug] [<0.203.0>] Stacktrace: [{couch_httpd_auth,
default_authentication_handler,1,
[{file,"couch_httpd_auth.erl"},
{line,81}]},
{couch_httpd,authenticate_request,2,
[{file,"couch_httpd.erl"},{line,401}]},
{couch_httpd,handle_request_int,5,
[{file,"couch_httpd.erl"},{line,316}]},
{mochiweb_http,headers,5,
[{file,"mochiweb_http.erl"},{line,94}]},
{proc_lib,init_p_do_apply,3,
[{file,"proc_lib.erl"},{line,237}]}]
[info] [<0.203.0>] 127.0.0.1 - - HEAD /35d37f3362474b539269a7b84bc9d424/ 401
[debug] [<0.203.0>] httpd 401 error response:
{"error":"unauthorized","reason":"Name or password is incorrect."}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)