You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@couchdb.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2016/02/09 16:11:18 UTC
[jira] [Commented] (COUCHDB-2948) Internal server error returned
instead of 403 Forbidden when cassim is disabled
[ https://issues.apache.org/jira/browse/COUCHDB-2948?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15139044#comment-15139044 ]
ASF GitHub Bot commented on COUCHDB-2948:
-----------------------------------------
GitHub user mikewallace1979 opened a pull request:
https://github.com/apache/couchdb-fabric/pull/38
Return forbidden error if encountered on any shard
This commit fixes an issue which caused HTTP 500 errors to be
returned when an authorized user attempted to access a database
that they did not have permission to access, when cassim is
disabled.
Instead of returning an internal server error once all shards
have failed to open we add a receive clause so that we throw
a forbidden error if one is encountered on any shard. This is the
same approach we already take for unauthorized errors.
Closes COUCHDB-2948
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/mikewallace1979/couchdb-fabric 2948-return-forbidden-error-if-encountered-on-any-shard
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/couchdb-fabric/pull/38.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #38
----
commit cb6e82a6f9c1827f3ef9f880d927183fad61333f
Author: Mike Wallace <mi...@apache.org>
Date: 2016-02-09T14:31:55Z
Return forbidden error if encountered on any shard
This commit fixes an issue which caused HTTP 500 errors to be
returned when an authorized user attempted to access a database
that they did not have permission to access, when cassim is
disabled.
Instead of returning an internal server error once all shards
have failed to open we add a receive clause so that we throw
a forbidden error if one is encountered on any shard. This is the
same approach we already take for unauthorized errors.
Closes COUCHDB-2948
----
> Internal server error returned instead of 403 Forbidden when cassim is disabled
> -------------------------------------------------------------------------------
>
> Key: COUCHDB-2948
> URL: https://issues.apache.org/jira/browse/COUCHDB-2948
> Project: CouchDB
> Issue Type: Bug
> Components: Database Core
> Reporter: Mike Wallace
>
> When cassim is disabled and an authenticated user attempts to access a database that they do not have permission to access, we should be returning an HTTP 403, e.g.:
> {"error":"forbidden","reason":"You are not allowed to access this db."}
> Currently we get the following:
> {"error":"internal_server_error","reason":"No DB shards could be opened.","ref":1865933553}
> What is happening is we're attempting to open all the shards with the user context then throwing an internal server error when we run out of shards:
> https://github.com/apache/couchdb-fabric/blob/master/src/fabric_util.erl#L179-L180
> There is a special case for unauthorized errors: https://github.com/apache/couchdb-fabric/blob/master/src/fabric_util.erl#L188-L189
> If we add something similar for forbidden errors then that would solve this issue.
> Note this is not an issue when using cassim because it stores the security metadata in the _metadata database.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)