You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@couchdb.apache.org by Scott Weber <sc...@sbcglobal.net> on 2014/04/13 23:28:51 UTC
authentication_redirect is not working.
Lets start with this, because it is almost exactly what I am fighting with, but it doesn't work for me, like it did appear to work for the person how posted this:
http://stackoverflow.com/questions/18966385/couchdb-access-denied-redirect
The application I am building is open to the public, using CouchDB for it's authentication, and 100% inside CouchDB with all JS, CSS, HTML as attachments.
Logically the uses starts at a login page which has no security, and after success login, are redirected to other databases that service page requests (which are based on their name, role, etc...)
When I go directly to a database without logging in, I can't access it. Which is fine, except I am getting that rather dry message:
{"error":"unauthorized","reason":"You are not authorized to access this db."}
Which is really counter intuitive for an application.
I have set the authentication redirect as describe in the link, to send them to the login page, but nothing happens. I still get the above dry message.
This is on both IE and FF.
Any idea how to get an acceptable page?
-Scott
Re: authentication_redirect is not working.
Posted by Scott Weber <sc...@sbcglobal.net>.
Ahh, a new piece of the puzzle has been dribbled in.
The doc said everything about how to set up a rewrite... except that the vhost is supposed to point to it (rather than an actual page).
https://wiki.apache.org/couchdb/Rewriting_urls
The earlier post didn't show a [vhosts] where it pointed to the rewrite.
Because "_rewrite" looks like a design rule. And some design rules are called whether you want them to be or not, as in "_auth". The connection is not spelled out.
Its the difference between the big people who wrote it looking down over the whole system, and the little people trying to learn it looking in and having only disconnected pieces.
Lastly, I am proxy-ing through a server anyway. To restrict _all_dbs, _utils, etc... from the public, but allow them locally. So the front door web server is serving up the root page, and I can direct inbounds anywhere I want from there.
But now that I learned more about how it works, I will experiment with it in the future.
-Scott
________________________________
From: Benoit Chesneau <bc...@gmail.com>
To: "user@couchdb.apache.org" <us...@couchdb.apache.org>; Scott Weber <sc...@sbcglobal.net>
Sent: Friday, April 18, 2014 11:40 PM
Subject: Re: authentication_redirect is not working.
On Fri, Apr 18, 2014 at 3:56 PM, Scott Weber <sc...@sbcglobal.net>wrote:
> Yes, I tried to implement the vhost and redirect. vhost was behaving as
> documented. The redirect was not. There was no change in behavior.
>
I have just tested this rule:
[{
"from": "/",
"to": "index.html"
},
{
"from": "/*",
"to": "*"
},
... other rules to access to dbs
]
and set the vhost to the /db/ddoc/_rewrites
and it was working as expected
>
> The purpose is that I was led to believe that this server would eliminate
> the need for a public facing general web server. As such, real domains show
> you actual content at their root level, not a dry "welcome to couchdb"
> message.
>
> I can see that this is not such a good idea, for a number of reasons.
> Fortunately I have already placed it in a farm behind a formal server, and
> can control access through rewrites and server side scripts. It turned into
> a classic example of using a tool for what it is good at, not trying to
> make it into something it is not designed for.
>
>
The rule above works. I did it a lot f time. Now the only part that is
really missing of the equation is the security. If you want to prevent
people to go on the root you will need to use a proxy on top.
- benoit
Re: authentication_redirect is not working.
Posted by Benoit Chesneau <bc...@gmail.com>.
On Sat, Apr 19, 2014 at 12:51 PM, Johannes Jörg Schmidt <
schmidt@netzmerk.com> wrote:
> We have vhosts and rewrites like this in production for years and it works
> like a charm.
> If you unterstand CouchDBs security model nothing speaks against opening
> its API to the world.
>
> Greetings
> Johannes
>
Also of course I know it works, since I wrote them ;)
- benoit
Re: authentication_redirect is not working.
Posted by Benoit Chesneau <bc...@gmail.com>.
On Sat, Apr 19, 2014 at 12:51 PM, Johannes Jörg Schmidt <
schmidt@netzmerk.com> wrote:
> We have vhosts and rewrites like this in production for years and it works
> like a charm.
> If you unterstand CouchDBs security model nothing speaks against opening
> its API to the world.
>
> Greetings
> Johannes
>
curl -XGET ip:5984 -H"Host=unknown" and you have access to the root.
- benoit.
Re: authentication_redirect is not working.
Posted by Johannes Jörg Schmidt <sc...@netzmerk.com>.
We have vhosts and rewrites like this in production for years and it works
like a charm.
If you unterstand CouchDBs security model nothing speaks against opening
its API to the world.
Greetings
Johannes
Am 19.04.2014 06:41 schrieb "Benoit Chesneau" <bc...@gmail.com>:
> On Fri, Apr 18, 2014 at 3:56 PM, Scott Weber <scotty2541@sbcglobal.net
> >wrote:
>
> > Yes, I tried to implement the vhost and redirect. vhost was behaving as
> > documented. The redirect was not. There was no change in behavior.
> >
>
> I have just tested this rule:
>
> [{
>
> "from": "/",
> "to": "index.html"
> },
> {
>
> "from": "/*",
>
> "to": "*"
> },
> ... other rules to access to dbs
> ]
>
>
>
> and set the vhost to the /db/ddoc/_rewrites
>
> and it was working as expected
>
>
> >
> > The purpose is that I was led to believe that this server would eliminate
> > the need for a public facing general web server. As such, real domains
> show
> > you actual content at their root level, not a dry "welcome to couchdb"
> > message.
> >
>
> > I can see that this is not such a good idea, for a number of reasons.
> > Fortunately I have already placed it in a farm behind a formal server,
> and
> > can control access through rewrites and server side scripts. It turned
> into
> > a classic example of using a tool for what it is good at, not trying to
> > make it into something it is not designed for.
> >
> >
> The rule above works. I did it a lot f time. Now the only part that is
> really missing of the equation is the security. If you want to prevent
> people to go on the root you will need to use a proxy on top.
>
> - benoit
>
Re: authentication_redirect is not working.
Posted by Benoit Chesneau <bc...@gmail.com>.
On Fri, Apr 18, 2014 at 3:56 PM, Scott Weber <sc...@sbcglobal.net>wrote:
> Yes, I tried to implement the vhost and redirect. vhost was behaving as
> documented. The redirect was not. There was no change in behavior.
>
I have just tested this rule:
[{
"from": "/",
"to": "index.html"
},
{
"from": "/*",
"to": "*"
},
... other rules to access to dbs
]
and set the vhost to the /db/ddoc/_rewrites
and it was working as expected
>
> The purpose is that I was led to believe that this server would eliminate
> the need for a public facing general web server. As such, real domains show
> you actual content at their root level, not a dry "welcome to couchdb"
> message.
>
> I can see that this is not such a good idea, for a number of reasons.
> Fortunately I have already placed it in a farm behind a formal server, and
> can control access through rewrites and server side scripts. It turned into
> a classic example of using a tool for what it is good at, not trying to
> make it into something it is not designed for.
>
>
The rule above works. I did it a lot f time. Now the only part that is
really missing of the equation is the security. If you want to prevent
people to go on the root you will need to use a proxy on top.
- benoit
Re: authentication_redirect is not working.
Posted by Scott Weber <sc...@sbcglobal.net>.
Thanks, Stanley.
I will use the correct tools in this case, as it is a production system. I may play with this idea, but it's not going into an actual system. I agree that CouchDB shouldn't be exposed to the world in this way. Apache and IIS are both better solutions (please don't start a debate on Apache/IIS, I have used and am knowledgeable on both).
As Jens said, I sound like a grumpy old grandpa, which I got a good laugh from. I'm not a grandpa (yet), but I have worked on many projects where using new, leading edge tools were the big fad because they are cool. And yet, they were the wrong choice. The end result was unstable, under-preforming, systems and lost business. Eventually layoffs, and a lost market place position. All because 'them young whipper-snappers' wanted to use a production level project as their playground and sandbox. But they sure convinced those VP's that it sounded good.
Yet, kids I interview from school still think they should be able to use flagship products and customer bases as lab rats for new, bleeding edge apps.
Robert Glass has written on this topic, some of which are companies I actually worked for and actually watched his case studies from the side lines.
Anyway, this has gone off topic. I consider it closed. Thanks for the comments.
-Scott
________________________________
From: Stanley Iriele <si...@gmail.com>
To: user@couchdb.apache.org
Sent: Friday, April 18, 2014 1:02 PM
Subject: Re: authentication_redirect is not working.
I've personally used the vhosts +rewrites to solve a similar problem but I
used an internal show function in the ddoc as my web navigation...lastly
all of my attachments/ web pages were in 1 ddoc. And unsafe- rewrites were
enabled... A little proxy for really crazy requests and you're pretty much
good to go... Not that I'm in favor of exposing couch to the world for
crazy websites but you can do what you're trying to do
On Apr 18, 2014 6:56 AM, "Scott Weber" <sc...@sbcglobal.net> wrote:
> Yes, I tried to implement the vhost and redirect. vhost was behaving as
> documented. The redirect was not. There was no change in behavior.
>
> The purpose is that I was led to believe that this server would eliminate
> the need for a public facing general web server. As such, real domains show
> you actual content at their root level, not a dry "welcome to couchdb"
> message.
>
> I can see that this is not such a good idea, for a number of reasons.
> Fortunately I have already placed it in a farm behind a formal server, and
> can control access through rewrites and server side scripts. It turned into
> a classic example of using a tool for what it is good at, not trying to
> make it into something it is not designed for.
>
> -Scott
>
>
>
>
> ________________________________
> From: Benoit Chesneau <bc...@gmail.com>
> To: "user@couchdb.apache.org" <us...@couchdb.apache.org>; Scott Weber <
> scotty2541@sbcglobal.net>
> Sent: Wednesday, April 16, 2014 4:08 AM
> Subject: Re: authentication_redirect is not working.
>
>
> On Mon, Apr 14, 2014 at 7:11 PM, Scott Weber <scotty2541@sbcglobal.net
> >wrote:
>
> > I fought with:
> > / = {couch_httpd_misc_handlers, handle_utils_dir_req,
> > "../share/couchdb/www/index.html"}
> >
> > for hours already. it just gives me
> > " {"error":"unknown_error","reason":"function_clause"} "
> >
> > The file is there, right next to favicon and all those other pages,
> > because apparently this cannot refer to an attachment in a DB.
> >
> > I have searched for hours, and not found any useful doc on
> > handle_welcome_req, handle_utils_dir_req, handle_config_req, etc...
> >
> >
> > I have the server behind IIS, where it was forwarding every request in
> > that domain back to couchDB... so I guess it's time to start looking at
> the
> > ARR and ReWrite modules.
> >
> >
> > -Scott
> >
> >
> Again. Did you try the vhost + redirect rule?
>
> What's the goal of changing this welcome message?
>
>
> >
> > ________________________________
> > From: Benoit Chesneau <bc...@gmail.com>
> > To: "user@couchdb.apache.org" <us...@couchdb.apache.org>; Scott Weber <
> > scotty2541@sbcglobal.net>
> > Sent: Monday, April 14, 2014 11:13 AM
> > Subject: Re: authentication_redirect is not working.
> >
> >
> > On Mon, Apr 14, 2014 at 5:55 PM, Scott Weber <scotty2541@sbcglobal.net
> > >wrote:
> >
> > > No, that doesn't work. It actually is worse.
> > >
> > > If I remap the vhosts to a DB/Document, it gives me the WHOLE DOCUMENT:
> > > [vhosts]
> > > www.mycompany.com = /login/source/
> > >
> > > Results:
> > > www.mycompany.com -> maps to -> www.mycompany.com/login/source/
> > > (where 'login' is the landing zone, and 'source' is the document that
> has
> > > the HTML attachment)
> > >
> > >
> > > On the other hand, when I map it to the document like this:
> > > [vhosts]
> > > www.mycompany.com = /login/source/index.html
> > >
> > > Results:
> > > www.mycompany.com -> maps to ->
> > > www.mycompany.com/login/source/index.html
> > > however, now it is trying to open style sheets and js files that have
> the
> > > name:
> > >
> > > www.mycompany.com/login/source/index.html.mystyle.css
> > > www.mycompany.com/login/source/index.html.mainpage.js
> > >
> > > The obvious work around is to use the former option and mustspecify "
> > > www.mycompany.com/index.html" as required on the address bar.
> > >
> >
> >
> > Actually I also mentioneed something about the rewrite.
> >
> > so
> >
> > www.mycompany.com = /db/ddoc/_rewrite
> >
> > and do the reqrite in it
> >
> > [{ "from": "/",
> > "to": /index.html
> > },...]
> >
> > and put an index.html in your ddoc attachments.
> >
> >
> > >
> > > Which is not what is expected or were hoping for. All other web
> servers
> > > allow a default doc setting, typically index.html or index.htm. Does
> > > CouchDB not have something equivalent?
> > >
> >
> > You may be able to do:
> >
> > / = {couch_httpd_misc_handlers, handle_utils_dir_req,
> > "/path/to/index.html"}
> >
> >
> > but it will probably break some clients and the replication.
> >
> > Another way is to do that on the proxy level.
> >
> > - benoit
> >
Re: authentication_redirect is not working.
Posted by Stanley Iriele <si...@gmail.com>.
I've personally used the vhosts +rewrites to solve a similar problem but I
used an internal show function in the ddoc as my web navigation...lastly
all of my attachments/ web pages were in 1 ddoc. And unsafe- rewrites were
enabled... A little proxy for really crazy requests and you're pretty much
good to go... Not that I'm in favor of exposing couch to the world for
crazy websites but you can do what you're trying to do
On Apr 18, 2014 6:56 AM, "Scott Weber" <sc...@sbcglobal.net> wrote:
> Yes, I tried to implement the vhost and redirect. vhost was behaving as
> documented. The redirect was not. There was no change in behavior.
>
> The purpose is that I was led to believe that this server would eliminate
> the need for a public facing general web server. As such, real domains show
> you actual content at their root level, not a dry "welcome to couchdb"
> message.
>
> I can see that this is not such a good idea, for a number of reasons.
> Fortunately I have already placed it in a farm behind a formal server, and
> can control access through rewrites and server side scripts. It turned into
> a classic example of using a tool for what it is good at, not trying to
> make it into something it is not designed for.
>
> -Scott
>
>
>
>
> ________________________________
> From: Benoit Chesneau <bc...@gmail.com>
> To: "user@couchdb.apache.org" <us...@couchdb.apache.org>; Scott Weber <
> scotty2541@sbcglobal.net>
> Sent: Wednesday, April 16, 2014 4:08 AM
> Subject: Re: authentication_redirect is not working.
>
>
> On Mon, Apr 14, 2014 at 7:11 PM, Scott Weber <scotty2541@sbcglobal.net
> >wrote:
>
> > I fought with:
> > / = {couch_httpd_misc_handlers, handle_utils_dir_req,
> > "../share/couchdb/www/index.html"}
> >
> > for hours already. it just gives me
> > " {"error":"unknown_error","reason":"function_clause"} "
> >
> > The file is there, right next to favicon and all those other pages,
> > because apparently this cannot refer to an attachment in a DB.
> >
> > I have searched for hours, and not found any useful doc on
> > handle_welcome_req, handle_utils_dir_req, handle_config_req, etc...
> >
> >
> > I have the server behind IIS, where it was forwarding every request in
> > that domain back to couchDB... so I guess it's time to start looking at
> the
> > ARR and ReWrite modules.
> >
> >
> > -Scott
> >
> >
> Again. Did you try the vhost + redirect rule?
>
> What's the goal of changing this welcome message?
>
>
> >
> > ________________________________
> > From: Benoit Chesneau <bc...@gmail.com>
> > To: "user@couchdb.apache.org" <us...@couchdb.apache.org>; Scott Weber <
> > scotty2541@sbcglobal.net>
> > Sent: Monday, April 14, 2014 11:13 AM
> > Subject: Re: authentication_redirect is not working.
> >
> >
> > On Mon, Apr 14, 2014 at 5:55 PM, Scott Weber <scotty2541@sbcglobal.net
> > >wrote:
> >
> > > No, that doesn't work. It actually is worse.
> > >
> > > If I remap the vhosts to a DB/Document, it gives me the WHOLE DOCUMENT:
> > > [vhosts]
> > > www.mycompany.com = /login/source/
> > >
> > > Results:
> > > www.mycompany.com -> maps to -> www.mycompany.com/login/source/
> > > (where 'login' is the landing zone, and 'source' is the document that
> has
> > > the HTML attachment)
> > >
> > >
> > > On the other hand, when I map it to the document like this:
> > > [vhosts]
> > > www.mycompany.com = /login/source/index.html
> > >
> > > Results:
> > > www.mycompany.com -> maps to ->
> > > www.mycompany.com/login/source/index.html
> > > however, now it is trying to open style sheets and js files that have
> the
> > > name:
> > >
> > > www.mycompany.com/login/source/index.html.mystyle.css
> > > www.mycompany.com/login/source/index.html.mainpage.js
> > >
> > > The obvious work around is to use the former option and mustspecify "
> > > www.mycompany.com/index.html" as required on the address bar.
> > >
> >
> >
> > Actually I also mentioneed something about the rewrite.
> >
> > so
> >
> > www.mycompany.com = /db/ddoc/_rewrite
> >
> > and do the reqrite in it
> >
> > [{ "from": "/",
> > "to": /index.html
> > },...]
> >
> > and put an index.html in your ddoc attachments.
> >
> >
> > >
> > > Which is not what is expected or were hoping for. All other web
> servers
> > > allow a default doc setting, typically index.html or index.htm. Does
> > > CouchDB not have something equivalent?
> > >
> >
> > You may be able to do:
> >
> > / = {couch_httpd_misc_handlers, handle_utils_dir_req,
> > "/path/to/index.html"}
> >
> >
> > but it will probably break some clients and the replication.
> >
> > Another way is to do that on the proxy level.
> >
> > - benoit
> >
Re: authentication_redirect is not working.
Posted by Scott Weber <sc...@sbcglobal.net>.
Yes, I tried to implement the vhost and redirect. vhost was behaving as documented. The redirect was not. There was no change in behavior.
The purpose is that I was led to believe that this server would eliminate the need for a public facing general web server. As such, real domains show you actual content at their root level, not a dry "welcome to couchdb" message.
I can see that this is not such a good idea, for a number of reasons. Fortunately I have already placed it in a farm behind a formal server, and can control access through rewrites and server side scripts. It turned into a classic example of using a tool for what it is good at, not trying to make it into something it is not designed for.
-Scott
________________________________
From: Benoit Chesneau <bc...@gmail.com>
To: "user@couchdb.apache.org" <us...@couchdb.apache.org>; Scott Weber <sc...@sbcglobal.net>
Sent: Wednesday, April 16, 2014 4:08 AM
Subject: Re: authentication_redirect is not working.
On Mon, Apr 14, 2014 at 7:11 PM, Scott Weber <sc...@sbcglobal.net>wrote:
> I fought with:
> / = {couch_httpd_misc_handlers, handle_utils_dir_req,
> "../share/couchdb/www/index.html"}
>
> for hours already. it just gives me
> " {"error":"unknown_error","reason":"function_clause"} "
>
> The file is there, right next to favicon and all those other pages,
> because apparently this cannot refer to an attachment in a DB.
>
> I have searched for hours, and not found any useful doc on
> handle_welcome_req, handle_utils_dir_req, handle_config_req, etc...
>
>
> I have the server behind IIS, where it was forwarding every request in
> that domain back to couchDB... so I guess it's time to start looking at the
> ARR and ReWrite modules.
>
>
> -Scott
>
>
Again. Did you try the vhost + redirect rule?
What's the goal of changing this welcome message?
>
> ________________________________
> From: Benoit Chesneau <bc...@gmail.com>
> To: "user@couchdb.apache.org" <us...@couchdb.apache.org>; Scott Weber <
> scotty2541@sbcglobal.net>
> Sent: Monday, April 14, 2014 11:13 AM
> Subject: Re: authentication_redirect is not working.
>
>
> On Mon, Apr 14, 2014 at 5:55 PM, Scott Weber <scotty2541@sbcglobal.net
> >wrote:
>
> > No, that doesn't work. It actually is worse.
> >
> > If I remap the vhosts to a DB/Document, it gives me the WHOLE DOCUMENT:
> > [vhosts]
> > www.mycompany.com = /login/source/
> >
> > Results:
> > www.mycompany.com -> maps to -> www.mycompany.com/login/source/
> > (where 'login' is the landing zone, and 'source' is the document that has
> > the HTML attachment)
> >
> >
> > On the other hand, when I map it to the document like this:
> > [vhosts]
> > www.mycompany.com = /login/source/index.html
> >
> > Results:
> > www.mycompany.com -> maps to ->
> > www.mycompany.com/login/source/index.html
> > however, now it is trying to open style sheets and js files that have the
> > name:
> >
> > www.mycompany.com/login/source/index.html.mystyle.css
> > www.mycompany.com/login/source/index.html.mainpage.js
> >
> > The obvious work around is to use the former option and mustspecify "
> > www.mycompany.com/index.html" as required on the address bar.
> >
>
>
> Actually I also mentioneed something about the rewrite.
>
> so
>
> www.mycompany.com = /db/ddoc/_rewrite
>
> and do the reqrite in it
>
> [{ "from": "/",
> "to": /index.html
> },...]
>
> and put an index.html in your ddoc attachments.
>
>
> >
> > Which is not what is expected or were hoping for. All other web servers
> > allow a default doc setting, typically index.html or index.htm. Does
> > CouchDB not have something equivalent?
> >
>
> You may be able to do:
>
> / = {couch_httpd_misc_handlers, handle_utils_dir_req,
> "/path/to/index.html"}
>
>
> but it will probably break some clients and the replication.
>
> Another way is to do that on the proxy level.
>
> - benoit
>
Re: authentication_redirect is not working.
Posted by Benoit Chesneau <bc...@gmail.com>.
On Mon, Apr 14, 2014 at 7:11 PM, Scott Weber <sc...@sbcglobal.net>wrote:
> I fought with:
> / = {couch_httpd_misc_handlers, handle_utils_dir_req,
> "../share/couchdb/www/index.html"}
>
> for hours already. it just gives me
> " {"error":"unknown_error","reason":"function_clause"} "
>
> The file is there, right next to favicon and all those other pages,
> because apparently this cannot refer to an attachment in a DB.
>
> I have searched for hours, and not found any useful doc on
> handle_welcome_req, handle_utils_dir_req, handle_config_req, etc...
>
>
> I have the server behind IIS, where it was forwarding every request in
> that domain back to couchDB... so I guess it's time to start looking at the
> ARR and ReWrite modules.
>
>
> -Scott
>
>
Again. Did you try the vhost + redirect rule?
What's the goal of changing this welcome message?
>
> ________________________________
> From: Benoit Chesneau <bc...@gmail.com>
> To: "user@couchdb.apache.org" <us...@couchdb.apache.org>; Scott Weber <
> scotty2541@sbcglobal.net>
> Sent: Monday, April 14, 2014 11:13 AM
> Subject: Re: authentication_redirect is not working.
>
>
> On Mon, Apr 14, 2014 at 5:55 PM, Scott Weber <scotty2541@sbcglobal.net
> >wrote:
>
> > No, that doesn't work. It actually is worse.
> >
> > If I remap the vhosts to a DB/Document, it gives me the WHOLE DOCUMENT:
> > [vhosts]
> > www.mycompany.com = /login/source/
> >
> > Results:
> > www.mycompany.com -> maps to -> www.mycompany.com/login/source/
> > (where 'login' is the landing zone, and 'source' is the document that has
> > the HTML attachment)
> >
> >
> > On the other hand, when I map it to the document like this:
> > [vhosts]
> > www.mycompany.com = /login/source/index.html
> >
> > Results:
> > www.mycompany.com -> maps to ->
> > www.mycompany.com/login/source/index.html
> > however, now it is trying to open style sheets and js files that have the
> > name:
> >
> > www.mycompany.com/login/source/index.html.mystyle.css
> > www.mycompany.com/login/source/index.html.mainpage.js
> >
> > The obvious work around is to use the former option and mustspecify "
> > www.mycompany.com/index.html" as required on the address bar.
> >
>
>
> Actually I also mentioneed something about the rewrite.
>
> so
>
> www.mycompany.com = /db/ddoc/_rewrite
>
> and do the reqrite in it
>
> [{ "from": "/",
> "to": /index.html
> },...]
>
> and put an index.html in your ddoc attachments.
>
>
> >
> > Which is not what is expected or were hoping for. All other web servers
> > allow a default doc setting, typically index.html or index.htm. Does
> > CouchDB not have something equivalent?
> >
>
> You may be able to do:
>
> / = {couch_httpd_misc_handlers, handle_utils_dir_req,
> "/path/to/index.html"}
>
>
> but it will probably break some clients and the replication.
>
> Another way is to do that on the proxy level.
>
> - benoit
>
Re: authentication_redirect is not working.
Posted by Scott Weber <sc...@sbcglobal.net>.
I fought with:
/ = {couch_httpd_misc_handlers, handle_utils_dir_req, "../share/couchdb/www/index.html"}
for hours already. it just gives me
" {"error":"unknown_error","reason":"function_clause"} "
The file is there, right next to favicon and all those other pages, because apparently this cannot refer to an attachment in a DB.
I have searched for hours, and not found any useful doc on handle_welcome_req, handle_utils_dir_req, handle_config_req, etc...
I have the server behind IIS, where it was forwarding every request in that domain back to couchDB... so I guess it's time to start looking at the ARR and ReWrite modules.
-Scott
________________________________
From: Benoit Chesneau <bc...@gmail.com>
To: "user@couchdb.apache.org" <us...@couchdb.apache.org>; Scott Weber <sc...@sbcglobal.net>
Sent: Monday, April 14, 2014 11:13 AM
Subject: Re: authentication_redirect is not working.
On Mon, Apr 14, 2014 at 5:55 PM, Scott Weber <sc...@sbcglobal.net>wrote:
> No, that doesn't work. It actually is worse.
>
> If I remap the vhosts to a DB/Document, it gives me the WHOLE DOCUMENT:
> [vhosts]
> www.mycompany.com = /login/source/
>
> Results:
> www.mycompany.com -> maps to -> www.mycompany.com/login/source/
> (where 'login' is the landing zone, and 'source' is the document that has
> the HTML attachment)
>
>
> On the other hand, when I map it to the document like this:
> [vhosts]
> www.mycompany.com = /login/source/index.html
>
> Results:
> www.mycompany.com -> maps to ->
> www.mycompany.com/login/source/index.html
> however, now it is trying to open style sheets and js files that have the
> name:
>
> www.mycompany.com/login/source/index.html.mystyle.css
> www.mycompany.com/login/source/index.html.mainpage.js
>
> The obvious work around is to use the former option and mustspecify "
> www.mycompany.com/index.html" as required on the address bar.
>
Actually I also mentioneed something about the rewrite.
so
www.mycompany.com = /db/ddoc/_rewrite
and do the reqrite in it
[{ "from": "/",
"to": /index.html
},...]
and put an index.html in your ddoc attachments.
>
> Which is not what is expected or were hoping for. All other web servers
> allow a default doc setting, typically index.html or index.htm. Does
> CouchDB not have something equivalent?
>
You may be able to do:
/ = {couch_httpd_misc_handlers, handle_utils_dir_req, "/path/to/index.html"}
but it will probably break some clients and the replication.
Another way is to do that on the proxy level.
- benoit
Re: authentication_redirect is not working.
Posted by Benoit Chesneau <bc...@gmail.com>.
On Mon, Apr 14, 2014 at 5:55 PM, Scott Weber <sc...@sbcglobal.net>wrote:
> No, that doesn't work. It actually is worse.
>
> If I remap the vhosts to a DB/Document, it gives me the WHOLE DOCUMENT:
> [vhosts]
> www.mycompany.com = /login/source/
>
> Results:
> www.mycompany.com -> maps to -> www.mycompany.com/login/source/
> (where 'login' is the landing zone, and 'source' is the document that has
> the HTML attachment)
>
>
> On the other hand, when I map it to the document like this:
> [vhosts]
> www.mycompany.com = /login/source/index.html
>
> Results:
> www.mycompany.com -> maps to ->
> www.mycompany.com/login/source/index.html
> however, now it is trying to open style sheets and js files that have the
> name:
>
> www.mycompany.com/login/source/index.html.mystyle.css
> www.mycompany.com/login/source/index.html.mainpage.js
>
> The obvious work around is to use the former option and mustspecify "
> www.mycompany.com/index.html" as required on the address bar.
>
Actually I also mentioneed something about the rewrite.
so
www.mycompany.com = /db/ddoc/_rewrite
and do the reqrite in it
[{ "from": "/",
"to": /index.html
},...]
and put an index.html in your ddoc attachments.
>
> Which is not what is expected or were hoping for. All other web servers
> allow a default doc setting, typically index.html or index.htm. Does
> CouchDB not have something equivalent?
>
You may be able to do:
/ = {couch_httpd_misc_handlers, handle_utils_dir_req, "/path/to/index.html"}
but it will probably break some clients and the replication.
Another way is to do that on the proxy level.
- benoit
Re: authentication_redirect is not working.
Posted by Scott Weber <sc...@sbcglobal.net>.
No, that doesn't work. It actually is worse.
If I remap the vhosts to a DB/Document, it gives me the WHOLE DOCUMENT:
[vhosts]
www.mycompany.com = /login/source/
Results:
www.mycompany.com -> maps to -> www.mycompany.com/login/source/
(where 'login' is the landing zone, and 'source' is the document that has the HTML attachment)
On the other hand, when I map it to the document like this:
[vhosts]
www.mycompany.com = /login/source/index.html
Results:
www.mycompany.com -> maps to -> www.mycompany.com/login/source/index.html
however, now it is trying to open style sheets and js files that have the name:
www.mycompany.com/login/source/index.html.mystyle.css
www.mycompany.com/login/source/index.html.mainpage.js
The obvious work around is to use the former option and mustspecify "www.mycompany.com/index.html" as required on the address bar.
Which is not what is expected or were hoping for. All other web servers allow a default doc setting, typically index.html or index.htm. Does CouchDB not have something equivalent?
-Scott
________________________________
From: Benoit Chesneau <bc...@gmail.com>
To: "user@couchdb.apache.org" <us...@couchdb.apache.org>; Scott Weber <sc...@sbcglobal.net>
Sent: Monday, April 14, 2014 9:22 AM
Subject: Re: authentication_redirect is not working.
On Mon, Apr 14, 2014 at 4:14 PM, Scott Weber <sc...@sbcglobal.net>wrote:
> Hmmmm.
> So your saying that 'www.mycompany.com/'
> would have to look like:
>
> {"couchdb":"Welcome","uuid":"5efb66f9db578b0fb0bffc3be5b56682","version":"1.5.0","vendor":{"version":"1.5.0","name":"SomeCompany"}}
> becauase CouchDB can't set up a page that looks like a standard default
> "index.html" ?
>
>
You can use the vhost feature + redirect to redirect / to a page in a doc
or a ddoc.
- benoit
>
>
>
>
>
> ________________________________
> From: Johannes Jörg Schmidt <sc...@netzmerk.com>
> To: user@couchdb.apache.org
> Sent: Monday, April 14, 2014 2:57 AM
> Subject: Re: authentication_redirect is not working.
>
>
> Basically its because CouchDB assumes browsers are requesting JSON.
>
> https://issues.apache.org/jira/browse/COUCHDB-1175 is not resolved,
> because
> the devs were not able to gain consense.
>
> Greetings
> Am 13.04.2014 23:29 schrieb "Scott Weber" <sc...@sbcglobal.net>:
>
> > Lets start with this, because it is almost exactly what I am fighting
> > with, but it doesn't work for me, like it did appear to work for the
> person
> > how posted this:
> >
> >
> >
> http://stackoverflow.com/questions/18966385/couchdb-access-denied-redirect
> >
> > The application I am building is open to the public, using CouchDB for
> > it's authentication, and 100% inside CouchDB with all JS, CSS, HTML as
> > attachments.
> >
> > Logically the uses starts at a login page which has no security, and
> after
> > success login, are redirected to other databases that service page
> requests
> > (which are based on their name, role, etc...)
> >
> > When I go directly to a database without logging in, I can't access it.
> > Which is fine, except I am getting that rather dry message:
> >
> >
> > {"error":"unauthorized","reason":"You are not authorized to access this
> > db."}
> > Which is really counter intuitive for an application.
> >
> > I have set the authentication redirect as describe in the link, to send
> > them to the login page, but nothing happens. I still get the above dry
> > message.
> >
> > This is on both IE and FF.
> >
> > Any idea how to get an acceptable page?
> >
> >
> > -Scott
>
Re: authentication_redirect is not working.
Posted by Benoit Chesneau <bc...@gmail.com>.
On Mon, Apr 14, 2014 at 4:14 PM, Scott Weber <sc...@sbcglobal.net>wrote:
> Hmmmm.
> So your saying that 'www.mycompany.com/'
> would have to look like:
>
> {"couchdb":"Welcome","uuid":"5efb66f9db578b0fb0bffc3be5b56682","version":"1.5.0","vendor":{"version":"1.5.0","name":"SomeCompany"}}
> becauase CouchDB can't set up a page that looks like a standard default
> "index.html" ?
>
>
You can use the vhost feature + redirect to redirect / to a page in a doc
or a ddoc.
- benoit
>
>
>
>
>
> ________________________________
> From: Johannes Jörg Schmidt <sc...@netzmerk.com>
> To: user@couchdb.apache.org
> Sent: Monday, April 14, 2014 2:57 AM
> Subject: Re: authentication_redirect is not working.
>
>
> Basically its because CouchDB assumes browsers are requesting JSON.
>
> https://issues.apache.org/jira/browse/COUCHDB-1175 is not resolved,
> because
> the devs were not able to gain consense.
>
> Greetings
> Am 13.04.2014 23:29 schrieb "Scott Weber" <sc...@sbcglobal.net>:
>
> > Lets start with this, because it is almost exactly what I am fighting
> > with, but it doesn't work for me, like it did appear to work for the
> person
> > how posted this:
> >
> >
> >
> http://stackoverflow.com/questions/18966385/couchdb-access-denied-redirect
> >
> > The application I am building is open to the public, using CouchDB for
> > it's authentication, and 100% inside CouchDB with all JS, CSS, HTML as
> > attachments.
> >
> > Logically the uses starts at a login page which has no security, and
> after
> > success login, are redirected to other databases that service page
> requests
> > (which are based on their name, role, etc...)
> >
> > When I go directly to a database without logging in, I can't access it.
> > Which is fine, except I am getting that rather dry message:
> >
> >
> > {"error":"unauthorized","reason":"You are not authorized to access this
> > db."}
> > Which is really counter intuitive for an application.
> >
> > I have set the authentication redirect as describe in the link, to send
> > them to the login page, but nothing happens. I still get the above dry
> > message.
> >
> > This is on both IE and FF.
> >
> > Any idea how to get an acceptable page?
> >
> >
> > -Scott
>
Re: authentication_redirect is not working.
Posted by Scott Weber <sc...@sbcglobal.net>.
Hmmmm.
So your saying that 'www.mycompany.com/'
would have to look like:
{"couchdb":"Welcome","uuid":"5efb66f9db578b0fb0bffc3be5b56682","version":"1.5.0","vendor":{"version":"1.5.0","name":"SomeCompany"}}
becauase CouchDB can't set up a page that looks like a standard default "index.html" ?
________________________________
From: Johannes Jörg Schmidt <sc...@netzmerk.com>
To: user@couchdb.apache.org
Sent: Monday, April 14, 2014 2:57 AM
Subject: Re: authentication_redirect is not working.
Basically its because CouchDB assumes browsers are requesting JSON.
https://issues.apache.org/jira/browse/COUCHDB-1175 is not resolved, because
the devs were not able to gain consense.
Greetings
Am 13.04.2014 23:29 schrieb "Scott Weber" <sc...@sbcglobal.net>:
> Lets start with this, because it is almost exactly what I am fighting
> with, but it doesn't work for me, like it did appear to work for the person
> how posted this:
>
>
> http://stackoverflow.com/questions/18966385/couchdb-access-denied-redirect
>
> The application I am building is open to the public, using CouchDB for
> it's authentication, and 100% inside CouchDB with all JS, CSS, HTML as
> attachments.
>
> Logically the uses starts at a login page which has no security, and after
> success login, are redirected to other databases that service page requests
> (which are based on their name, role, etc...)
>
> When I go directly to a database without logging in, I can't access it.
> Which is fine, except I am getting that rather dry message:
>
>
> {"error":"unauthorized","reason":"You are not authorized to access this
> db."}
> Which is really counter intuitive for an application.
>
> I have set the authentication redirect as describe in the link, to send
> them to the login page, but nothing happens. I still get the above dry
> message.
>
> This is on both IE and FF.
>
> Any idea how to get an acceptable page?
>
>
> -Scott
Re: authentication_redirect is not working.
Posted by Johannes Jörg Schmidt <sc...@netzmerk.com>.
Basically its because CouchDB assumes browsers are requesting JSON.
https://issues.apache.org/jira/browse/COUCHDB-1175 is not resolved, because
the devs were not able to gain consense.
Greetings
Am 13.04.2014 23:29 schrieb "Scott Weber" <sc...@sbcglobal.net>:
> Lets start with this, because it is almost exactly what I am fighting
> with, but it doesn't work for me, like it did appear to work for the person
> how posted this:
>
>
> http://stackoverflow.com/questions/18966385/couchdb-access-denied-redirect
>
> The application I am building is open to the public, using CouchDB for
> it's authentication, and 100% inside CouchDB with all JS, CSS, HTML as
> attachments.
>
> Logically the uses starts at a login page which has no security, and after
> success login, are redirected to other databases that service page requests
> (which are based on their name, role, etc...)
>
> When I go directly to a database without logging in, I can't access it.
> Which is fine, except I am getting that rather dry message:
>
>
> {"error":"unauthorized","reason":"You are not authorized to access this
> db."}
> Which is really counter intuitive for an application.
>
> I have set the authentication redirect as describe in the link, to send
> them to the login page, but nothing happens. I still get the above dry
> message.
>
> This is on both IE and FF.
>
> Any idea how to get an acceptable page?
>
>
> -Scott