Updating lost user passwords

[jumbo jim <ju...@gmail.com>]

Couchdb has a nice feature that allows anonymous users to write to the
_users database. This allows new users to sign up. A logged in user (ie
valid session) has the ability to update/change their password as they have
update privileges to their *own* _user document.

I envisage a scenario when I need to reset the password for a user as they
have forgotten it.

Is it possible to have a privileged user (but not admin) user that is
permitted to make changes to other _user documents? (password changes)...
but, at the same time still permitting anonymous creation of new documents?

Re: Updating lost user passwords

[Jan Lehnardt <ja...@apache.org>]

> On 28 Jul 2015, at 03:05, jumbo jim <ju...@gmail.com> wrote:
> 
> A comment regarding the anonymous creation feature for "_users"
> database.... - while anonymous users are unable to get a list of all
> _users, they are able to see "Number of documents" (users). Can this be
> disabled?

good call, however, this is not possible at the moment.

> 
> On Tue, Jul 28, 2015 at 10:45 AM, jumbo jim <ju...@gmail.com> wrote:
> 
>> Couchdb has a nice feature that allows anonymous users to write to the
>> _users database. This allows new users to sign up. A logged in user (ie
>> valid session) has the ability to update/change their password as they have
>> update privileges to their *own* _user document.
>> 
>> I envisage a scenario when I need to reset the password for a user as they
>> have forgotten it.
>> 
>> Is it possible to have a privileged user (but not admin) user that is
>> permitted to make changes to other _user documents? (password changes)...
>> but, at the same time still permitting anonymous creation of new documents?

only admins can edit other user’s _users docs.

Best
Jan
--


>> 
>> 
>> 
>> 

-- 
Professional Support for Apache CouchDB:
http://www.neighbourhood.ie/couchdb-support/

Re: Updating lost user passwords

[jumbo jim <ju...@gmail.com>]

A comment regarding the anonymous creation feature for "_users"
database.... - while anonymous users are unable to get a list of all
_users, they are able to see "Number of documents" (users). Can this be
disabled?

On Tue, Jul 28, 2015 at 10:45 AM, jumbo jim <ju...@gmail.com> wrote:

> Couchdb has a nice feature that allows anonymous users to write to the
> _users database. This allows new users to sign up. A logged in user (ie
> valid session) has the ability to update/change their password as they have
> update privileges to their *own* _user document.
>
> I envisage a scenario when I need to reset the password for a user as they
> have forgotten it.
>
> Is it possible to have a privileged user (but not admin) user that is
> permitted to make changes to other _user documents? (password changes)...
> but, at the same time still permitting anonymous creation of new documents?
>
>
>
>