You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@couchdb.apache.org by GitBox <gi...@apache.org> on 2020/05/03 00:15:51 UTC

[GitHub] [couchdb] jan-scorl opened a new issue #2861: Can't create a user as a non-admin 

jan-scorl opened a new issue #2861:
URL: https://github.com/apache/couchdb/issues/2861


   [NOTE]: # ( ^^ Provide a general summary of the issue in the title above. ^^ )
   
   ## Description
   The docs say that with the default configuration everyone should be able to create a new user through the `_users` endpoint. If I try to do that though, I receive the `{"error":"unauthorized","reason":"You are not authorized to access this db."}` response. The only way I can successfully create a user right now is by using admin credentials. I have not changed any configuration and `require_valid_user ` is set to false.
   
   [NOTE]: # ( Describe the problem you're encountering. )
   [TIP]:  # ( Do NOT give us access or passwords to your actual CouchDB! )
   
   ## Steps to Reproduce
   
   [NOTE]: # ( Include commands to reproduce, if possible. curl is preferred. )
   
   ## Expected Behaviour
   
   [NOTE]: # ( Tell us what you expected to happen. )
   
   ## Your Environment
   
   [TIP]:  # ( Include as many relevant details about your environment as possible. )
   [TIP]:  # ( You can paste the output of curl http://YOUR-COUCHDB:5984/ here. )
   
   * CouchDB version used: 3.0.0
   * Browser name and version: /
   * Operating system and version: Ubuntu 18.04
   
   ## Additional Context
   
   [TIP]:  # ( Add any other context about the problem here. )
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [couchdb] wohali commented on issue #2861: Can't create a user as a non-admin

Posted by GitBox <gi...@apache.org>.
wohali commented on issue #2861:
URL: https://github.com/apache/couchdb/issues/2861#issuecomment-623174293


   CouchDB has been steadily moving away from the "CouchApps" model (where Couch directly interacts with a web browser) for a long time. The very large percentage of adoption of CouchDB has been in a traditional database layer. 
   
   We discuss some of the reasons behind the change [in our documentation](https://docs.couchdb.org/en/latest/ddocs/index.html?highlight=couchapps), and there's been many discussions on the mailing lists about this.
   
   As recommended there, a great option would be to stand up your favourite server next to CouchDB - it can even be something small in JavaScript via Node.JS - and use that to create users in CouchDB, itself leveraging admin credentials to do so.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [couchdb] jan-scorl commented on issue #2861: Can't create a user as a non-admin

Posted by GitBox <gi...@apache.org>.
jan-scorl commented on issue #2861:
URL: https://github.com/apache/couchdb/issues/2861#issuecomment-623095484


   Thank you for the quick response @wohali .
   
   What was the reasoning behind changing this and only allowing admins to create new users by default? 
   
   I also saw that there is a new setting called `users_db_security_editable`, which defaults to `false`. The docs say the following: 
   > When this configuration setting is set to false, reject any attempts to modify the _users database security object. Modification of this object is deprecated in 3.x and will be completely disallowed in CouchDB 4.x.
   
   If I interpret this correctly, editing the `_users/_security` object will not be possible anymore in the future. Since it defaults to `admins only`, this will be the only option for creating users then. Given these changes, what would you say are the best practices for creating users going forward? 
   
   I liked CouchDB, because the http API was built-in. Since I can't hardcode admin credentials into the clients, I will need a middleman API then, which acts as an admin during user creation. Is that how you intend user creation to work in the future? 


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [couchdb] wohali commented on issue #2861: Can't create a user as a non-admin

Posted by GitBox <gi...@apache.org>.
wohali commented on issue #2861:
URL: https://github.com/apache/couchdb/issues/2861#issuecomment-623058883


   Thanks for the report. This is a duplicate of apache/couchdb-documentation#513 .
   
   We'd love a pull request there to help with this.
   
   You *do* have to create an admin first, then use the admin user to create other users as the default in 3.0.
   
   https://docs.couchdb.org/en/stable/whatsnew/3.0.html
   
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [couchdb] jan-scorl edited a comment on issue #2861: Can't create a user as a non-admin

Posted by GitBox <gi...@apache.org>.
jan-scorl edited a comment on issue #2861:
URL: https://github.com/apache/couchdb/issues/2861#issuecomment-623095484


   Thank you for the quick response @wohali .
   
   What was the reasoning behind changing this and only allowing admins to create new users by default? 
   
   I also saw that there is a new setting called `users_db_security_editable`, which defaults to `false`. The docs say the following: 
   > When this configuration setting is set to false, reject any attempts to modify the _users database security object. Modification of this object is deprecated in 3.x and will be completely disallowed in CouchDB 4.x.
   
   If I interpret this correctly, editing the `_users/_security` object will not be possible anymore in the future. Since it defaults to `admins`, this will be the only option for creating users then. Given these changes, what would you say are the best practices for creating users going forward? 
   
   I liked CouchDB, because the http API was built-in. Since I can't hardcode admin credentials into the client, I will need a middleman API then, which acts as an admin during user creation. Is that how you intend user creation to work in the future? 


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org