You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ja...@apache.org on 2016/05/16 17:56:24 UTC
couchdb commit: updated refs/heads/auth-tests-wip to 300898b
Repository: couchdb
Updated Branches:
refs/heads/auth-tests-wip [created] 300898b0c
auth-tests wip
*Get cookie-auth to pass \o/*
Current remaining issues are with users_db.js and users_db_security.js.
./dev/run -n1 --with-admin-party-please
Second terminal:
./tests/javascript/run users_db
or
./tests/javascript/run users_db_security
* * *
users_db.js:
JS test output:
test/javascript/tests/users_db.js
Error: function_clause
Trace back (most recent call first):
546: test/javascript/couch.js
CouchError([object Object])
509: test/javascript/couch.js
([object CouchHTTP])
58: test/javascript/couch.js
([object Object])
71: test/javascript/tests/users_db.js # <<<<< place in users_db.js where the error is triggered
testFun()
385: test/javascript/couch_test_runner.js
run_on_modified_server([object Array],testFun)
181: test/javascript/tests/users_db.js
()
37: test/javascript/cli_runner.js
runTest()
48: test/javascript/cli_runner.js
fail
dev/logs/node1.log:
2016-05-16 14:34:31.903 [error] node1@127.0.0.1 <0.682.0> req_err(2080506428) unknown_error : function_clause[<<"chttpd_db:update_doc/4 L970">>,<<"chttpd_db:send_updated_doc/6 L934">>,<<"chttpd:process_request/1 L293">>,<<"chttpd:handle_request_int/1 L229">>,<<"mochiweb_http:headers/6 L122">>,<<"proc_lib:init_p_do_apply/3 L239">>]
* * *
users_db_security.js:
JS test output:
Error: expected 'true', got 'null'
Trace back (most recent call first):
52: test/javascript/test_setup.js
T(false,"expected 'true', got 'null'",(void 0))
321: test/javascript/couch_test_runner.js
TEquals(true,(void 0))
186: test/javascript/tests/users_db_security.js # <<<<< place in users_db_security.js where
() # the error is triggered
385: test/javascript/couch_test_runner.js
run_on_modified_server([object Array],(function () {var res = usersDb.
114: test/javascript/tests/users_db_security.js
()
385: test/javascript/couch_test_runner.js
run_on_modified_server([object Array],(function () {var userDoc = {_id
419: test/javascript/tests/users_db_security.js
()
37: test/javascript/cli_runner.js
runTest()
48: test/javascript/cli_runner.js
dev/logs/node1.log:
2016-05-16 19:46:20.092 [error] Undefined emulator Error in process <0.1938.0> on node 'node1@127.0.0.1' with exit value: {function_clause,[{fabric_doc_update,handle_message,[not_found,{shard,<<42 bytes>>,'node1@127.0.0.1',<<6 bytes>>,[3221225472,3758096383],#Ref<0.0.0.40541>},{1,1,1,[{{shard,<<42 bytes>>,'node1@127.0.0.1',<<6 bytes>>,[3221225472,3758096383],#Ref<0.0.0.40541>},[{doc,<<24 bytes>>,{1,[<<16 bytes>>]},{[{<<4 bytes>>,<<4 bytes>>},{<<4 bytes>>,<<7 bytes>>},{<<4 bytes>>,<<32 bytes>>},{<<5 bytes>>,[]},{<<15 bytes>>,<<6 bytes>>},{<<10 bytes>>,1},{<<11 bytes>>,<<40 bytes>>}]},[],false,[{ref,#Ref<0.0.0.40540>}]}]}],{dict,0,16,16,8,80,48,{[],[],[],[],[],[],[],[],[],[],[],[],...
2016-05-16 19:46:20.093 [error] node1@127.0.0.1 <0.1602.0> req_err(1320117845) badmatch : {function_clause,
[{fabric_doc_update,handle_message,
[not_found,
{shard,<<"shards/c0000000-dfffffff/_users.1463420709">>,
'node1@127.0.0.1',<<"_users">>,
[3221225472,3758096383],
#Ref<0.0.0.40541>},
{1,1,1,
[{{shard,<<"shards/c0000000-dfffffff/_users.1463420709">>,
'node1@127.0.0.1',<<"_users">>,
[3221225472,3758096383],
#Ref<0.0.0.40541>},
[{doc,<<"org.couchdb.user:rnewson">>,
{1,
[<<160,186,22,20,84,62,68,165,50,104,255,197,135,68,137,
132>>]},
{[{<<"type">>,<<"user">>},
{<<"name">>,<<"rnewson">>},
{<<"salt">>,<<"455064159003b44956d0deeab778ba77">>},
{<<"roles">>,[]},
{<<"password_scheme">>,<<"pbkdf2">>},
{<<"iterations">>,1},
{<<"derived_key">>,
<<"dcfaca803d9fcd53c7882beccddb074760d7da5f">>}]},
[],false,
[{ref,#Ref<0.0.0.40540>}]}]}],
{dict,0,16,16,8,80,48,
{[],[],[],[],[],[],[],[],[],[],[],[],[],[],[],[]},
{{[],[],[],[],[],[],[],[],[],[],[],[],[],[],[],[]}}}}],
[{file,"src/fabric_doc_update.erl"},{line,55}]},
{rexi_utils,process_mailbox,6,[{file,"src/rexi_utils.erl"},{line,55}]},
{fabric_doc_update,go,3,[{file,"src/fabric_doc_update.erl"},{line,39}]},
{fabric,update_docs,3,[{file,"src/fabric.erl"},{line,245}]},
{fabric,update_doc,3,[{file,"src/fabric.erl"},{line,225}]},
{chttpd_auth_cache,'-update_user_creds/3-fun-0-',1,
[{file,"src/chttpd_auth_cache.erl"},{line,55}]}]}
[<<"couch_httpd_auth:maybe_upgrade_password_hash/6 L408">>,<<"couch_httpd_auth:handle_session_req/2 L311">>,<<"chttpd:process_request/1 L293">>,<<"chttpd:handle_request_int/1 L229">>,<<"mochiweb_http:headers/6 L122">>,<<"proc_lib:init_p_do_apply/3 L239">>]
2016-05-16 19:46:20.093 [notice] node1@127.0.0.1 <0.1602.0> fa720ffc9c 127.0.0.1 127.0.0.1:15984 undefined POST /_session 500 ok 2
Applying https://github.com/apache/couchdb-mem3/pull/21 makes no difference.
* * *
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/300898b0
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/300898b0
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/300898b0
Branch: refs/heads/auth-tests-wip
Commit: 300898b0cc41444ca5343ea295bc9e85ac173fe0
Parents: 52442d2
Author: Jan Lehnardt <ja...@apache.org>
Authored: Mon May 16 19:30:19 2016 +0200
Committer: Jan Lehnardt <ja...@apache.org>
Committed: Mon May 16 19:48:27 2016 +0200
----------------------------------------------------------------------
test/javascript/couch.js | 2 +-
test/javascript/couch_test_runner.js | 7 +++++
test/javascript/tests/cookie_auth.js | 35 +++++++++++--------------
test/javascript/tests/users_db.js | 22 +++++++++++-----
test/javascript/tests/users_db_security.js | 31 +++++++++++-----------
5 files changed, 54 insertions(+), 43 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/300898b0/test/javascript/couch.js
----------------------------------------------------------------------
diff --git a/test/javascript/couch.js b/test/javascript/couch.js
index 1a2f950..dd9a408 100644
--- a/test/javascript/couch.js
+++ b/test/javascript/couch.js
@@ -470,7 +470,7 @@ CouchDB.requestStats = function(path, test) {
query_arg = "?flush=true";
}
- var url = "/_stats/" + path.join("/") + query_arg;
+ var url = "/_node/node1@127.0.0.1/_stats/" + path.join("/") + query_arg;
var stat = CouchDB.request("GET", url).responseText;
return JSON.parse(stat);
};
http://git-wip-us.apache.org/repos/asf/couchdb/blob/300898b0/test/javascript/couch_test_runner.js
----------------------------------------------------------------------
diff --git a/test/javascript/couch_test_runner.js b/test/javascript/couch_test_runner.js
index 887e988..253b545 100644
--- a/test/javascript/couch_test_runner.js
+++ b/test/javascript/couch_test_runner.js
@@ -507,3 +507,10 @@ function retry_part(fct, n, duration) {
}
}
+function wait(ms) {
+ var t0 = new Date(), t1;
+ do {
+ CouchDB.request("GET", "/");
+ t1 = new Date();
+ } while ((t1 - t0) <= ms);
+}
http://git-wip-us.apache.org/repos/asf/couchdb/blob/300898b0/test/javascript/tests/cookie_auth.js
----------------------------------------------------------------------
diff --git a/test/javascript/tests/cookie_auth.js b/test/javascript/tests/cookie_auth.js
index df4c9bd..9a14416 100644
--- a/test/javascript/tests/cookie_auth.js
+++ b/test/javascript/tests/cookie_auth.js
@@ -11,18 +11,17 @@
// the License.
couchTests.cookie_auth = function(debug) {
- return console.log('TODO: config not available on cluster');
// This tests cookie-based authentication.
- //return console.log('TODO');
- // TODO: re-write so we get along withOUT changed config
- // poss.: re-write so we just use _users and add some docs (and we delete those b4 running). Admin party should not hurt when logging in more
var db_name = get_random_db_name();
var db = new CouchDB(db_name, {"X-Couch-Full-Commit":"false"});
db.createDb();
// used later, needs to be global here
- var users_db_name = get_random_db_name();
+ var users_db_name = '_users';
+ var usersDb = new CouchDB(users_db_name, {"X-Couch-Full-Commit":"false"});
+ try { usersDb.createDb(); } catch (e) { /* ignore if exists*/ }
+
if (debug) debugger;
var password = "3.141592653589";
@@ -90,13 +89,13 @@ couchTests.cookie_auth = function(debug) {
TEquals("Jason Davies", checkDoc.name);
var jchrisUserDoc = CouchDB.prepareUserDoc({
- name: "jchris@apache.org"
+ name: "jchris"
}, "funnybone");
T(usersDb.save(jchrisUserDoc).ok);
// make sure we cant create duplicate users
var duplicateJchrisDoc = CouchDB.prepareUserDoc({
- name: "jchris@apache.org"
+ name: "jchris"
}, "eh, Boo-Boo?");
try {
@@ -194,8 +193,8 @@ couchTests.cookie_auth = function(debug) {
// test users db validations
//
// test that you can't update docs unless you are logged in as the user (or are admin)
- T(CouchDB.login("jchris@apache.org", "funnybone").ok);
- T(CouchDB.session().userCtx.name == "jchris@apache.org");
+ T(CouchDB.login("jchris", "funnybone").ok);
+ T(CouchDB.session().userCtx.name == "jchris");
T(CouchDB.session().userCtx.roles.length == 0);
jasonUserDoc.foo=3;
@@ -223,6 +222,7 @@ couchTests.cookie_auth = function(debug) {
jchrisUserDoc.foo = ["foo"];
T(save_as(usersDb, jchrisUserDoc, "jan"));
+ wait(5000) // wait for auth cache invalidation
// test that you can't save system (underscore) roles even if you are admin
jchrisUserDoc.roles = ["_bar"];
@@ -232,8 +232,8 @@ couchTests.cookie_auth = function(debug) {
T(usersDb.last_req.status == 403);
// make sure the foo role has been applied
- T(CouchDB.login("jchris@apache.org", "funnybone").ok);
- T(CouchDB.session().userCtx.name == "jchris@apache.org");
+ T(CouchDB.login("jchris", "funnybone").ok);
+ T(CouchDB.session().userCtx.name == "jchris");
T(CouchDB.session().userCtx.roles.indexOf("_admin") == -1);
T(CouchDB.session().userCtx.roles.indexOf("foo") != -1);
@@ -245,9 +245,9 @@ couchTests.cookie_auth = function(debug) {
TEquals(true, CouchDB.login("jan", "apple").ok);
run_on_modified_server([{section: "admins",
- key: "jchris@apache.org", value: "funnybone"}], function() {
- T(CouchDB.login("jchris@apache.org", "funnybone").ok);
- T(CouchDB.session().userCtx.name == "jchris@apache.org");
+ key: "jchris", value: "funnybone"}], function() {
+ T(CouchDB.login("jchris", "funnybone").ok);
+ T(CouchDB.session().userCtx.name == "jchris");
T(CouchDB.session().userCtx.roles.indexOf("_admin") != -1);
// test that jchris still has the foo role
T(CouchDB.session().userCtx.roles.indexOf("foo") != -1);
@@ -258,9 +258,9 @@ couchTests.cookie_auth = function(debug) {
delete jchrisUserDoc.password_sha;
T(usersDb.save(jchrisUserDoc).ok);
T(CouchDB.logout().ok);
- T(CouchDB.login("jchris@apache.org", "funnybone").ok);
+ T(CouchDB.login("jchris", "funnybone").ok);
var s = CouchDB.session();
- T(s.userCtx.name == "jchris@apache.org");
+ T(s.userCtx.name == "jchris");
T(s.userCtx.roles.indexOf("_admin") != -1);
// test session info
T(s.info.authenticated == "cookie");
@@ -277,9 +277,6 @@ couchTests.cookie_auth = function(debug) {
TEquals(true, CouchDB.login("jan", "apple").ok);
};
- var usersDb = new CouchDB(users_db_name, {"X-Couch-Full-Commit":"false"});
- usersDb.createDb();
-
run_on_modified_server(
[
{section: "couch_httpd_auth",
http://git-wip-us.apache.org/repos/asf/couchdb/blob/300898b0/test/javascript/tests/users_db.js
----------------------------------------------------------------------
diff --git a/test/javascript/tests/users_db.js b/test/javascript/tests/users_db.js
index ada0047..7027b07 100644
--- a/test/javascript/tests/users_db.js
+++ b/test/javascript/tests/users_db.js
@@ -15,8 +15,9 @@ couchTests.users_db = function(debug) {
// This tests the users db, especially validations
// this should also test that you can log into the couch
- var users_db_name = '_users'; //get_random_db_name();
+ var users_db_name = '_users';
var usersDb = new CouchDB(users_db_name, {"X-Couch-Full-Commit":"false"});
+ try { usersDb.createDb(); } catch (e) { /* ignore if exists*/ }
// test that you can treat "_user" as a db-name
// this can complicate people who try to secure the users db with
@@ -32,8 +33,8 @@ couchTests.users_db = function(debug) {
// since it doesn\u2019t wait for the ddoc to be created.
// in a full test suite run, this is fine.
// dev trick: run `test/javascript/run basics users_db`
- var ddoc = usersDb.open("_design/_auth");
- T(ddoc.validate_doc_update);
+ // var ddoc = usersDb.open("_design/_auth");
+ // T(ddoc.validate_doc_update);
// test that you can login as a user using basic auth
var jchrisUserDoc = CouchDB.prepareUserDoc({
@@ -60,14 +61,14 @@ couchTests.users_db = function(debug) {
}
});
T(s.name == null);
- T(s.info.authenticated == "default");
+ T(s.info.authenticated == "local");
// ok, now create a conflicting edit on the jchris doc, and make sure there's no login.
var jchrisUser2 = JSON.parse(JSON.stringify(jchrisUserDoc));
jchrisUser2.foo = "bar";
- var r = usersDb.save(jchrisUser2)
- T(r.ok);
+
+ T(usersDb.save(jchrisUser2).ok);
try {
usersDb.save(jchrisUserDoc);
T(false && "should be an update conflict");
@@ -80,6 +81,7 @@ couchTests.users_db = function(debug) {
var jchrisWithConflict = usersDb.open(jchrisUserDoc._id, {conflicts : true});
T(jchrisWithConflict._conflicts.length == 1);
+ wait(5000) // wait for auth_cache invalidation
// no login with conflicted user doc
try {
@@ -171,7 +173,13 @@ couchTests.users_db = function(debug) {
};
- testFun()
+ run_on_modified_server(
+ [{section: "couch_httpd_auth",
+ key: "iterations", value: "1"},
+ {section: "admins",
+ key: "jan", value: "apple"}],
+ testFun
+ );
usersDb.deleteDb(); // cleanup
}
http://git-wip-us.apache.org/repos/asf/couchdb/blob/300898b0/test/javascript/tests/users_db_security.js
----------------------------------------------------------------------
diff --git a/test/javascript/tests/users_db_security.js b/test/javascript/tests/users_db_security.js
index 2c606a1..355bb03 100644
--- a/test/javascript/tests/users_db_security.js
+++ b/test/javascript/tests/users_db_security.js
@@ -11,18 +11,11 @@
// the License.
couchTests.users_db_security = function(debug) {
- return console.log('TODO after at least COUCHDB-2991 is adressed');
- var db_name = get_random_db_name();
+ var db_name = '_users';
var usersDb = new CouchDB(db_name, {"X-Couch-Full-Commit":"false"});
- if (debug) debugger;
+ try { usersDb.createDb(); } catch (e) { /* ignore if exists*/ }
- function wait(ms) {
- var t0 = new Date(), t1;
- do {
- CouchDB.request("GET", "/");
- t1 = new Date();
- } while ((t1 - t0) <= ms);
- }
+ if (debug) debugger;
var loginUser = function(username) {
var pws = {
@@ -32,6 +25,9 @@ couchTests.users_db_security = function(debug) {
fdmanana: "foobar",
benoitc: "test"
};
+ // we are changing jchris\u2019s password further down
+ // the next two lines keep the code cleaner in
+ // the actual tests
var username1 = username.replace(/[0-9]$/, "");
var password = pws[username];
T(CouchDB.login(username1, pws[username]).ok);
@@ -98,7 +94,7 @@ couchTests.users_db_security = function(debug) {
// jan's gonna be admin as he's the first user
TEquals(true, usersDb.save(userDoc).ok, "should save document");
- userDoc = usersDb.open("org.couchdb.user:jchris");
+ userDoc = open_as(usersDb, "org.couchdb.user:jchris", "jchris");
TEquals(undefined, userDoc.password, "password field should be null 1");
TEquals(40, userDoc.derived_key.length, "derived_key should exist");
TEquals(32, userDoc.salt.length, "salt should exist");
@@ -141,7 +137,7 @@ couchTests.users_db_security = function(debug) {
jchrisDoc.password = "couch";
TEquals(true, save_as(usersDb, jchrisDoc, "jchris").ok);
- wait(100);
+ wait(5000);
var jchrisDoc = open_as(usersDb, "org.couchdb.user:jchris", "jchris1");
TEquals(undefined, jchrisDoc.password, "password field should be null 2");
@@ -184,8 +180,11 @@ couchTests.users_db_security = function(debug) {
T(!rnewsonDoc.derived_key);
T(!rnewsonDoc.iterations);
- TEquals(true, CouchDB.login("rnewson", "plaintext_password").ok);
- rnewsonDoc = usersDb.open(rnewsonDoc._id);
+ wait(5000); // wait for auth cache invalidation
+ var r = CouchDB.login("rnewson", "plaintext_password")
+ log(r)
+ TEquals(true, r.ok);
+ rnewsonDoc = open_as(usersDb, rnewsonDoc._id, "rnewson");
TEquals("pbkdf2", rnewsonDoc.password_scheme);
T(rnewsonDoc.salt != salt);
T(!rnewsonDoc.password_sha);
@@ -415,8 +414,8 @@ couchTests.users_db_security = function(debug) {
run_on_modified_server(
[{section: "couch_httpd_auth",
key: "iterations", value: "1"},
- {section: "couch_httpd_auth",
- key: "authentication_db", value: usersDb.name}],
+ {section: "admins",
+ key: "jan", value: "apple"}],
testFun
);
usersDb.deleteDb(); // cleanup