You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@couchdb.apache.org by Debasish Ghosh <gh...@gmail.com> on 2009/09/12 16:47:56 UTC
CouchDB Validation function and security API ..
Hi -
The validation function validate_doc_update takes 3 parameters, newdoc,
olddoc and userContext. I am trying to get my head into how the
authentication and authorization stuff is related to this. The CouchDB book
has the following code snippet in 7.2.4 Authorship section ..
function(newDoc, oldDoc, userCtx) {
if (newDoc.author) {
enforce(newDoc.author == userCtx.author,
"You may only update documents with author " + userCtx.author);
}
}
In my linux environment, when I run CouchDB validation functions with a
user-id and password setup in local.ini under [admins], I get the following
as the contents of the third parameter of the validation function :-
{"db" : "test", "name" : null, "roles" : []}
In the above snippet from the book there appears to be a field
userCtx.author. Just wondering how to get it here and why I am not seeing it
in my output.
Also any pointer on the security, authentication and authorization part will
be appreciated.
Thanks in advance ..
- Debasish
Re: CouchDB Validation function and security API ..
Posted by Benoit Chesneau <bc...@gmail.com>.
On Sun, Sep 13, 2009 at 10:31 AM, Debasish Ghosh
<gh...@gmail.com> wrote:
> I think I am doing something wrong. Would appreciate any help on this ...
> In my local.ini, I have set up the following :
>
> [admins]
> [jchris = secretpass
>
> [httpd]
> authentication_handlers = {couch_httpd, default_authentication_handler}
>
> and I create a database using
>
> curl -vX PUT http://jchris:secretpass@localhost:5984/albums
>
> I get : {ok, true}
>
> How do I get the _session handler that you have mentioned ? Doing a ..
>
> $ curl http://jchris:mysecretpassword@localhost:5984/_session
>
> obviously doesn't work, since I have not set anything in the session and it
> gives me an error. You have mentioned in the mail "when you are
> properly logged in". Do I have to handle user login myself through some
> pluggable login module ? I think I am missing something here. Help!
>
> Thanks.
> - Debasish
>
for _session handler you have to setup the cookie auth handler.
- benoit
Re: CouchDB Validation function and security API ..
Posted by Chris Anderson <jc...@apache.org>.
On Sun, Sep 13, 2009 at 10:59 AM, Debasish Ghosh
<gh...@gmail.com> wrote:
> On Sun, Sep 13, 2009 at 11:16 PM, Chris Anderson <jc...@apache.org> wrote:
>
>> On Sun, Sep 13, 2009 at 1:31 AM, Debasish Ghosh
>> <gh...@gmail.com> wrote:
>> > I think I am doing something wrong. Would appreciate any help on this ...
>> > In my local.ini, I have set up the following :
>> >
>> > [admins]
>> > [jchris = secretpass
>> >
>> > [httpd]
>> > authentication_handlers = {couch_httpd, default_authentication_handler}
>> >
>> > and I create a database using
>> >
>> > curl -vX PUT http://jchris:secretpass@localhost:5984/albums
>> >
>> > I get : {ok, true}
>> >
>> > How do I get the _session handler that you have mentioned ? Doing a ..
>> >
>> > $ curl http://jchris:mysecretpassword@localhost:5984/_session
>> >
>>
>> this "just works" for me. I'm not sure about cookie etc... I just give
>> my creds on the curl line and _session gives me back the userCtx.
>>
>
>>> creds on the curl line means as u have mentioned ..
>>> $ curl http://jchris:mysecretpassword@localhost:5984/_session ?
>>> hmm .. doesn't work for me :( .. It gives me something like "illegal
> database name" on _session ..
>>> I am using an April snapshot of 0.10. I will try switching to a more
> recent snapshot ..
>>> Will u mind sharing the local.ini & default.ini ?
>
I'm currently on trunk using make dev && utils/run, my password line is:
jchris = -hashed-7d882376727dadb528a9e4b160809f46674157fb,32ba977823a5e7a4d978b2139149706a
>
>> I'm running from couchdb trunk but I think anything in the 0.10.x
>> branch should work for this.
>>
>> > obviously doesn't work, since I have not set anything in the session and
>> it
>> > gives me an error. You have mentioned in the mail "when you are
>> > properly logged in". Do I have to handle user login myself through some
>> > pluggable login module ? I think I am missing something here. Help!
>> >
>> > Thanks.
>> > - Debasish
>> >
>> > On Sun, Sep 13, 2009 at 10:46 AM, Chris Anderson <jc...@apache.org>
>> wrote:
>> >
>> >> On Sat, Sep 12, 2009 at 7:47 AM, Debasish Ghosh
>> >> <gh...@gmail.com> wrote:
>> >> > Hi -
>> >> >
>> >> > The validation function validate_doc_update takes 3 parameters,
>> newdoc,
>> >> > olddoc and userContext. I am trying to get my head into how the
>> >> > authentication and authorization stuff is related to this. The CouchDB
>> >> book
>> >> > has the following code snippet in 7.2.4 Authorship section ..
>> >> > function(newDoc, oldDoc, userCtx) {
>> >> > if (newDoc.author) {
>> >> > enforce(newDoc.author == userCtx.author,
>> >> > "You may only update documents with author " + userCtx.author);
>> >> > }
>> >> > }
>> >> >
>> >> > In my linux environment, when I run CouchDB validation functions with
>> a
>> >> > user-id and password setup in local.ini under [admins], I get the
>> >> following
>> >> > as the contents of the third parameter of the validation function :-
>> >> >
>> >> > {"db" : "test", "name" : null, "roles" : []}
>> >> >
>> >> > In the above snippet from the book there appears to be a field
>> >> > userCtx.author. Just wondering how to get it here and why I am not
>> seeing
>> >> it
>> >> > in my output.
>> >> >
>> >>
>> >> heh, thanks for the catch.. It should read:
>> >>
>> >> enforce(newDoc.author == userCtx.name
>> >>
>> >> > Also any pointer on the security, authentication and authorization
>> part
>> >> will
>> >> > be appreciated.
>> >> >
>> >>
>> >> I'm not sure, but you should be getting more when you are properly
>> >> logged in -- this is worth investigating more. What do you get for
>> >> this?:
>> >>
>> >> $ curl http://jchris:mysecretpassword@localhost:5984/_session
>> >> {"ok":true,"name":"jchris","roles":["_admin"]}
>> >>
>> >>
>> >> > Thanks in advance ..
>> >> > - Debasish
>> >> >
>> >>
>> >>
>> >>
>> >> --
>> >> Chris Anderson
>> >> http://jchrisa.net
>> >> http://couch.io
>> >>
>> >
>>
>>
>>
>> --
>> Chris Anderson
>> http://jchrisa.net
>> http://couch.io
>>
>
--
Chris Anderson
http://jchrisa.net
http://couch.io
Re: CouchDB Validation function and security API ..
Posted by Debasish Ghosh <gh...@gmail.com>.
On Sun, Sep 13, 2009 at 11:16 PM, Chris Anderson <jc...@apache.org> wrote:
> On Sun, Sep 13, 2009 at 1:31 AM, Debasish Ghosh
> <gh...@gmail.com> wrote:
> > I think I am doing something wrong. Would appreciate any help on this ...
> > In my local.ini, I have set up the following :
> >
> > [admins]
> > [jchris = secretpass
> >
> > [httpd]
> > authentication_handlers = {couch_httpd, default_authentication_handler}
> >
> > and I create a database using
> >
> > curl -vX PUT http://jchris:secretpass@localhost:5984/albums
> >
> > I get : {ok, true}
> >
> > How do I get the _session handler that you have mentioned ? Doing a ..
> >
> > $ curl http://jchris:mysecretpassword@localhost:5984/_session
> >
>
> this "just works" for me. I'm not sure about cookie etc... I just give
> my creds on the curl line and _session gives me back the userCtx.
>
>> creds on the curl line means as u have mentioned ..
>> $ curl http://jchris:mysecretpassword@localhost:5984/_session ?
>> hmm .. doesn't work for me :( .. It gives me something like "illegal
database name" on _session ..
>> I am using an April snapshot of 0.10. I will try switching to a more
recent snapshot ..
>> Will u mind sharing the local.ini & default.ini ?
> I'm running from couchdb trunk but I think anything in the 0.10.x
> branch should work for this.
>
> > obviously doesn't work, since I have not set anything in the session and
> it
> > gives me an error. You have mentioned in the mail "when you are
> > properly logged in". Do I have to handle user login myself through some
> > pluggable login module ? I think I am missing something here. Help!
> >
> > Thanks.
> > - Debasish
> >
> > On Sun, Sep 13, 2009 at 10:46 AM, Chris Anderson <jc...@apache.org>
> wrote:
> >
> >> On Sat, Sep 12, 2009 at 7:47 AM, Debasish Ghosh
> >> <gh...@gmail.com> wrote:
> >> > Hi -
> >> >
> >> > The validation function validate_doc_update takes 3 parameters,
> newdoc,
> >> > olddoc and userContext. I am trying to get my head into how the
> >> > authentication and authorization stuff is related to this. The CouchDB
> >> book
> >> > has the following code snippet in 7.2.4 Authorship section ..
> >> > function(newDoc, oldDoc, userCtx) {
> >> > if (newDoc.author) {
> >> > enforce(newDoc.author == userCtx.author,
> >> > "You may only update documents with author " + userCtx.author);
> >> > }
> >> > }
> >> >
> >> > In my linux environment, when I run CouchDB validation functions with
> a
> >> > user-id and password setup in local.ini under [admins], I get the
> >> following
> >> > as the contents of the third parameter of the validation function :-
> >> >
> >> > {"db" : "test", "name" : null, "roles" : []}
> >> >
> >> > In the above snippet from the book there appears to be a field
> >> > userCtx.author. Just wondering how to get it here and why I am not
> seeing
> >> it
> >> > in my output.
> >> >
> >>
> >> heh, thanks for the catch.. It should read:
> >>
> >> enforce(newDoc.author == userCtx.name
> >>
> >> > Also any pointer on the security, authentication and authorization
> part
> >> will
> >> > be appreciated.
> >> >
> >>
> >> I'm not sure, but you should be getting more when you are properly
> >> logged in -- this is worth investigating more. What do you get for
> >> this?:
> >>
> >> $ curl http://jchris:mysecretpassword@localhost:5984/_session
> >> {"ok":true,"name":"jchris","roles":["_admin"]}
> >>
> >>
> >> > Thanks in advance ..
> >> > - Debasish
> >> >
> >>
> >>
> >>
> >> --
> >> Chris Anderson
> >> http://jchrisa.net
> >> http://couch.io
> >>
> >
>
>
>
> --
> Chris Anderson
> http://jchrisa.net
> http://couch.io
>
Re: CouchDB Validation function and security API ..
Posted by Chris Anderson <jc...@apache.org>.
On Sun, Sep 13, 2009 at 1:31 AM, Debasish Ghosh
<gh...@gmail.com> wrote:
> I think I am doing something wrong. Would appreciate any help on this ...
> In my local.ini, I have set up the following :
>
> [admins]
> [jchris = secretpass
>
> [httpd]
> authentication_handlers = {couch_httpd, default_authentication_handler}
>
> and I create a database using
>
> curl -vX PUT http://jchris:secretpass@localhost:5984/albums
>
> I get : {ok, true}
>
> How do I get the _session handler that you have mentioned ? Doing a ..
>
> $ curl http://jchris:mysecretpassword@localhost:5984/_session
>
this "just works" for me. I'm not sure about cookie etc... I just give
my creds on the curl line and _session gives me back the userCtx.
I'm running from couchdb trunk but I think anything in the 0.10.x
branch should work for this.
> obviously doesn't work, since I have not set anything in the session and it
> gives me an error. You have mentioned in the mail "when you are
> properly logged in". Do I have to handle user login myself through some
> pluggable login module ? I think I am missing something here. Help!
>
> Thanks.
> - Debasish
>
> On Sun, Sep 13, 2009 at 10:46 AM, Chris Anderson <jc...@apache.org> wrote:
>
>> On Sat, Sep 12, 2009 at 7:47 AM, Debasish Ghosh
>> <gh...@gmail.com> wrote:
>> > Hi -
>> >
>> > The validation function validate_doc_update takes 3 parameters, newdoc,
>> > olddoc and userContext. I am trying to get my head into how the
>> > authentication and authorization stuff is related to this. The CouchDB
>> book
>> > has the following code snippet in 7.2.4 Authorship section ..
>> > function(newDoc, oldDoc, userCtx) {
>> > if (newDoc.author) {
>> > enforce(newDoc.author == userCtx.author,
>> > "You may only update documents with author " + userCtx.author);
>> > }
>> > }
>> >
>> > In my linux environment, when I run CouchDB validation functions with a
>> > user-id and password setup in local.ini under [admins], I get the
>> following
>> > as the contents of the third parameter of the validation function :-
>> >
>> > {"db" : "test", "name" : null, "roles" : []}
>> >
>> > In the above snippet from the book there appears to be a field
>> > userCtx.author. Just wondering how to get it here and why I am not seeing
>> it
>> > in my output.
>> >
>>
>> heh, thanks for the catch.. It should read:
>>
>> enforce(newDoc.author == userCtx.name
>>
>> > Also any pointer on the security, authentication and authorization part
>> will
>> > be appreciated.
>> >
>>
>> I'm not sure, but you should be getting more when you are properly
>> logged in -- this is worth investigating more. What do you get for
>> this?:
>>
>> $ curl http://jchris:mysecretpassword@localhost:5984/_session
>> {"ok":true,"name":"jchris","roles":["_admin"]}
>>
>>
>> > Thanks in advance ..
>> > - Debasish
>> >
>>
>>
>>
>> --
>> Chris Anderson
>> http://jchrisa.net
>> http://couch.io
>>
>
--
Chris Anderson
http://jchrisa.net
http://couch.io
Re: CouchDB Validation function and security API ..
Posted by Debasish Ghosh <gh...@gmail.com>.
I think I am doing something wrong. Would appreciate any help on this ...
In my local.ini, I have set up the following :
[admins]
[jchris = secretpass
[httpd]
authentication_handlers = {couch_httpd, default_authentication_handler}
and I create a database using
curl -vX PUT http://jchris:secretpass@localhost:5984/albums
I get : {ok, true}
How do I get the _session handler that you have mentioned ? Doing a ..
$ curl http://jchris:mysecretpassword@localhost:5984/_session
obviously doesn't work, since I have not set anything in the session and it
gives me an error. You have mentioned in the mail "when you are
properly logged in". Do I have to handle user login myself through some
pluggable login module ? I think I am missing something here. Help!
Thanks.
- Debasish
On Sun, Sep 13, 2009 at 10:46 AM, Chris Anderson <jc...@apache.org> wrote:
> On Sat, Sep 12, 2009 at 7:47 AM, Debasish Ghosh
> <gh...@gmail.com> wrote:
> > Hi -
> >
> > The validation function validate_doc_update takes 3 parameters, newdoc,
> > olddoc and userContext. I am trying to get my head into how the
> > authentication and authorization stuff is related to this. The CouchDB
> book
> > has the following code snippet in 7.2.4 Authorship section ..
> > function(newDoc, oldDoc, userCtx) {
> > if (newDoc.author) {
> > enforce(newDoc.author == userCtx.author,
> > "You may only update documents with author " + userCtx.author);
> > }
> > }
> >
> > In my linux environment, when I run CouchDB validation functions with a
> > user-id and password setup in local.ini under [admins], I get the
> following
> > as the contents of the third parameter of the validation function :-
> >
> > {"db" : "test", "name" : null, "roles" : []}
> >
> > In the above snippet from the book there appears to be a field
> > userCtx.author. Just wondering how to get it here and why I am not seeing
> it
> > in my output.
> >
>
> heh, thanks for the catch.. It should read:
>
> enforce(newDoc.author == userCtx.name
>
> > Also any pointer on the security, authentication and authorization part
> will
> > be appreciated.
> >
>
> I'm not sure, but you should be getting more when you are properly
> logged in -- this is worth investigating more. What do you get for
> this?:
>
> $ curl http://jchris:mysecretpassword@localhost:5984/_session
> {"ok":true,"name":"jchris","roles":["_admin"]}
>
>
> > Thanks in advance ..
> > - Debasish
> >
>
>
>
> --
> Chris Anderson
> http://jchrisa.net
> http://couch.io
>
Re: CouchDB Validation function and security API ..
Posted by Chris Anderson <jc...@apache.org>.
On Sat, Sep 12, 2009 at 7:47 AM, Debasish Ghosh
<gh...@gmail.com> wrote:
> Hi -
>
> The validation function validate_doc_update takes 3 parameters, newdoc,
> olddoc and userContext. I am trying to get my head into how the
> authentication and authorization stuff is related to this. The CouchDB book
> has the following code snippet in 7.2.4 Authorship section ..
> function(newDoc, oldDoc, userCtx) {
> if (newDoc.author) {
> enforce(newDoc.author == userCtx.author,
> "You may only update documents with author " + userCtx.author);
> }
> }
>
> In my linux environment, when I run CouchDB validation functions with a
> user-id and password setup in local.ini under [admins], I get the following
> as the contents of the third parameter of the validation function :-
>
> {"db" : "test", "name" : null, "roles" : []}
>
> In the above snippet from the book there appears to be a field
> userCtx.author. Just wondering how to get it here and why I am not seeing it
> in my output.
>
heh, thanks for the catch.. It should read:
enforce(newDoc.author == userCtx.name
> Also any pointer on the security, authentication and authorization part will
> be appreciated.
>
I'm not sure, but you should be getting more when you are properly
logged in -- this is worth investigating more. What do you get for
this?:
$ curl http://jchris:mysecretpassword@localhost:5984/_session
{"ok":true,"name":"jchris","roles":["_admin"]}
> Thanks in advance ..
> - Debasish
>
--
Chris Anderson
http://jchrisa.net
http://couch.io