You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by Apache Wiki <wi...@apache.org> on 2012/05/02 13:55:40 UTC
[Couchdb Wiki] Update of "How_to_create_users_via_script" by DaveCottlehuber
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Couchdb Wiki" for change notification.
The "How_to_create_users_via_script" page has been changed by DaveCottlehuber:
http://wiki.apache.org/couchdb/How_to_create_users_via_script
Comment:
scripting user creation
New page:
= Creating Users in CouchDB via script =
<<Include(EditTheWiki)>>
<<TableOfContents(3)>>
>From CouchDB 1.2.0 onwards, it is very easy to script the creation of new users by PUTting a correctly formatted JSON document into /_users. Simply PUT a document of the following structure to {{{$COUCHDB/_users/$ID}}}
{{{
{
"_id": "org.couchdb.user:$ID",
"name": "$ID",
"roles": [],
"type": "user",
"password": "$PASSWORD"
}
}}}
The provided password will be salted, and stored as a sha hash.
For example, to create a user {{{wubble}}} with password {{{tubble}}}:
{{{
COUCH=http://admin:passwd@localhost:5984
curl -HContent-Type:application/json -vXPUT $COUCH/_users/org.couchdb.user:wubble --data-binary '{"_id": "org.couchdb.user:wubble","name": "wubble","roles": [],"type": "user","password": "tubble"}'
About to connect() to localhost port 5984 (#0)
* Trying ::1... Connection refused
* Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 5984 (#0)
* Server auth using Basic with user 'admin'
> PUT /_users/org.couchdb.user:wubble HTTP/1.1
> Authorization: Basic YWRtaW66cGFzc3dk
> User-Agent: curl/7.21.4 (universal-apple-darwin11.0) libcurl/7.21.4 OpenSSL/0.9.8r zlib/1.2.5
> Host: localhost:5984
> Accept: */*
> Content-Type:application/json
> Content-Length: 99
>
< HTTP/1.1 201 Created
< Server: CouchDB/1.2.0 (Erlang OTP/R15B01)
< Location: http://localhost:5984/_users/org.couchdb.user:wubble
< ETag: "1-2e5fe1cfee2ab231788f73be8043acb5"
< Date: Wed, 02 May 2012 11:45:29 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 86
< Cache-Control: must-revalidate
<
{"ok":true,"id":"org.couchdb.user:wubble","rev":"1-2e5fe1cfee2ab231788f73be8043acb5"}
* Connection #0 to host localhost left intact
* Closing connection #0
}}}
Notes:
* The user record is not accessible without authentication either as that user, or as a server admin
* The user roles may only be set by a server admin
{{{
$ curl -HContent-Type:application/json http://localhost:5984/_users/org.couchdb.user:wubble
{
"reason" : "missing",
"error" : "not_found"
}
$ curl -HContent-Type:application/json http://wubble:tubble@localhost:5984/_users/org.couchdb.user:wubble
{
"_id": "org.couchdb.user:wubble",
"_rev": "1-2e5fe1cfee2ab231788f73be8043acb5",
"name": "wubble",
"roles": [],
"type": "user",
"password_sha": "96ccc474390c8754ffe225b30740b42a2e01c46b",
"salt": "03f9e0f7e36d3b4c6f83a31c4c51868e"
}
$ curl -HContent-Type:application/json -vXPUT $COUCH/_users/org.couchdb.user:wibble --data-binary '{"_id": "org.couchdb.user:wibble","name": "wibble","roles": ["admin"],"type": "user","password": "tubble"}'
* About to connect() to localhost port 5984 (#0)
* Trying ::1... Connection refused
* Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 5984 (#0)
> PUT /_users/org.couchdb.user:wibble HTTP/1.1
> User-Agent: curl/7.21.4 (universal-apple-darwin11.0) libcurl/7.21.4 OpenSSL/0.9.8r zlib/1.2.5
> Host: localhost:5984
> Accept: */*
> Content-Type:application/json
> Content-Length: 106
>
< HTTP/1.1 403 Forbidden
< Server: CouchDB/1.2.0 (Erlang OTP/R15B01)
< Date: Wed, 02 May 2012 11:49:49 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 59
< Cache-Control: must-revalidate
<
{
"error": "forbidden",
"reason": "Only _admin may set roles"
}
* Connection #0 to host localhost left intact
* Closing connection #0
}}}