You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@couchdb.apache.org by Jens Alfke <je...@mooseyard.com> on 2009/02/15 05:16:05 UTC
Getting "unauthorized" errors replicating from jchris's twitter-client-design
Hi -- I've just gotten CouchDB installed (SVN trunk r743373, OS X
10.5.6, dependencies installed via DarwinPorts). The test suite
passes, and a couple of the simple examples from the O'Reilly book-in-
progress work, but when I try to replicate the Twitter client as
described in jchris's "My Couch Or Yours" blog post, I keep getting
errors.
Actually the Replicator in the Futon interface doesn't show anything,
it just never stops the spinny progress indicator. But this
immediately gets dumped to the log file:
[Sun, 15 Feb 2009 03:58:57 GMT] [error] [emulator] Error in process
<0.214.0> with exit value: {{nocatch,{unauthorized,<<39 bytes>>}},
[{couch_db,validate_doc_update,3},{couch_db,'-update_docs/4-lc
$^1/1-8-',2},{lists,zipwith,3},{couch_db,update_docs,4},
{couch_rep,save_docs_buffer,3}]}
[Sun, 15 Feb 2009 03:58:57 GMT] [error] [<0.49.0>]
{error_report,<0.22.0>,
{<0.49.0>,std_error,
{mochiweb_socket_server,235,
{child_error,
{{nocatch,
{unauthorized,
<<"You are not a server or database admin.">>}},
[{couch_db,validate_doc_update,3},
{couch_db,'-update_docs/4-lc$^1/1-8-',2},
{lists,zipwith,3},
{couch_db,update_docs,4},
{couch_rep,save_docs_buffer,3}]}}}}}
Looks like some sort of permissions problem. I have, as advised in the
installation instructions, added an admin account to the local.ini
setup. But I've logged in with that account in the browser (I've tried
both Safari and Firefox) and I can create db's and documents via the
web interface. Is there a specific problem with replication and admin
access?
Thanks,
—Jens
Re: Getting "unauthorized" errors replicating from jchris's
twitter-client-design
Posted by Chris Anderson <jc...@apache.org>.
On Sun, Feb 15, 2009 at 2:46 PM, Jens Alfke <je...@mooseyard.com> wrote:
>
> On Feb 15, 2009, at 2:30 PM, Damien Katz wrote:
>
>> Jan is correct. This looks to be because design doc is replicating, which
>> requires a security check. If the target replica has on admin security
>> turned, this will break. The security patch is meant to deal with these
>> issues.
>
> By "target" do you mean the source or destination of the replication? The
> destination db (mine) has access protection enabled too, but from Jan's
> previous answer it sounded like the issue was with the source db (jchris's
> public server) being write-access controlled.
>
The issue is that the validation function does not allow docs to be
saved by other users than than the user listed as the doc author. This
makes total sense for editing docs, but breaks down in that it does
not allow docs created by the author on my machine, to be saved by
replication into the db on your machine, unless you are logged into
your machine as me.
(OK I just realized that I'm probably talkng about Sofa's db
http://jchrisa.net/drl and not the Twitter client.
The twitter-client design doc
http://jchrisa.net/twitter-client/_design/twitter-client has no
validation function. It could be a different issue. Also my couch is
running on not-quite-trunk ATM...
Chris
--
Chris Anderson
http://jchris.mfdz.com
Re: Getting "unauthorized" errors replicating from jchris's twitter-client-design
Posted by Damien Katz <da...@apache.org>.
By target I mean destination. The target is refusing to accept the
design doc, because the it's not being sent with admin credentials. It
checks the HTTP credentials when updating the design document, whether
it by replication or by direct POST.
-Damien
On Feb 15, 2009, at 5:46 PM, Jens Alfke wrote:
>
> On Feb 15, 2009, at 2:30 PM, Damien Katz wrote:
>
>> Jan is correct. This looks to be because design doc is replicating,
>> which requires a security check. If the target replica has on admin
>> security turned, this will break. The security patch is meant to
>> deal with these issues.
>
> By "target" do you mean the source or destination of the
> replication? The destination db (mine) has access protection enabled
> too, but from Jan's previous answer it sounded like the issue was
> with the source db (jchris's public server) being write-access
> controlled.
>
> —Jens
Re: Getting "unauthorized" errors replicating from jchris's twitter-client-design
Posted by Jens Alfke <je...@mooseyard.com>.
On Feb 15, 2009, at 2:30 PM, Damien Katz wrote:
> Jan is correct. This looks to be because design doc is replicating,
> which requires a security check. If the target replica has on admin
> security turned, this will break. The security patch is meant to
> deal with these issues.
By "target" do you mean the source or destination of the replication?
The destination db (mine) has access protection enabled too, but from
Jan's previous answer it sounded like the issue was with the source db
(jchris's public server) being write-access controlled.
—Jens
Re: Getting "unauthorized" errors replicating from jchris's twitter-client-design
Posted by Damien Katz <da...@apache.org>.
On Feb 15, 2009, at 1:40 PM, Jan Lehnardt wrote:
> Hi Jens,
>
> On 15 Feb 2009, at 19:04, Jens Alfke wrote:
>
>> On Feb 15, 2009, at 2:01 AM, Jan Lehnardt wrote:
>>
>>> Chris has set up his instance so that we all can read, but only
>>> he can write to it. At the moment, replication does not fully
>>> work with authentication-enabled replication sources. But
>>> this is being worked on.
>>
>> Ah, OK. This must have worked when he posted the blog entry 3
>> months ago, but broken since.
>
> I'd guess he just didn't have access controls set up back then.
>
>
>> The things I'm most interested in doing with CouchDB would involve
>> both replication and access control, so this is a problem for me.
>> Do you have an idea when this bug will be fixed? And/or a link to
>> the issue tracker? Thanks!
>
> I don't think we have an open JIRA ticket for this.
> https://issues.apache.org/jira/browse/COUCHDB
>
> Also, technically it is not a bug, but a not-invented-yet feature :)
>
> The patch is one of the things Damien is currently working on.
> Keep an eye on http://svn.apache.org/viewvc/couchdb/branches/rep_security/
> for progress. In recent discussions Damien mentioned that its a or a
> few weeks off. I hope that works for you.
>
> The patch will be announced on the dev@ mailing-list, too.
Jan is correct. This looks to be because design doc is replicating,
which requires a security check. If the target replica has on admin
security turned, this will break. The security patch is meant to deal
with these issues.
-Damien
>
>
>
>>> The book is describing reality for when it is going to be
>>> released. Some things we write about might not yet work
>>> as described.
>>
>> The things from the book actually seem to be working in my build.
>> This example came from his blog.
>
> Great! :)
>
> Cheers
> Jan
> --
>
Re: Getting "unauthorized" errors replicating from jchris's twitter-client-design
Posted by Jan Lehnardt <ja...@apache.org>.
Hi Jens,
On 15 Feb 2009, at 19:04, Jens Alfke wrote:
> On Feb 15, 2009, at 2:01 AM, Jan Lehnardt wrote:
>
>> Chris has set up his instance so that we all can read, but only
>> he can write to it. At the moment, replication does not fully
>> work with authentication-enabled replication sources. But
>> this is being worked on.
>
> Ah, OK. This must have worked when he posted the blog entry 3 months
> ago, but broken since.
I'd guess he just didn't have access controls set up back then.
> The things I'm most interested in doing with CouchDB would involve
> both replication and access control, so this is a problem for me. Do
> you have an idea when this bug will be fixed? And/or a link to the
> issue tracker? Thanks!
I don't think we have an open JIRA ticket for this.
https://issues.apache.org/jira/browse/COUCHDB
Also, technically it is not a bug, but a not-invented-yet feature :)
The patch is one of the things Damien is currently working on.
Keep an eye on http://svn.apache.org/viewvc/couchdb/branches/rep_security/
for progress. In recent discussions Damien mentioned that its a or a
few weeks off. I hope that works for you.
The patch will be announced on the dev@ mailing-list, too.
>> The book is describing reality for when it is going to be
>> released. Some things we write about might not yet work
>> as described.
>
> The things from the book actually seem to be working in my build.
> This example came from his blog.
Great! :)
Cheers
Jan
--
Re: Getting "unauthorized" errors replicating from jchris's twitter-client-design
Posted by Jens Alfke <je...@mooseyard.com>.
On Feb 15, 2009, at 2:01 AM, Jan Lehnardt wrote:
> Chris has set up his instance so that we all can read, but only
> he can write to it. At the moment, replication does not fully
> work with authentication-enabled replication sources. But
> this is being worked on.
Ah, OK. This must have worked when he posted the blog entry 3 months
ago, but broken since.
The things I'm most interested in doing with CouchDB would involve
both replication and access control, so this is a problem for me. Do
you have an idea when this bug will be fixed? And/or a link to the
issue tracker? Thanks!
> The book is describing reality for when it is going to be
> released. Some things we write about might not yet work
> as described.
The things from the book actually seem to be working in my build. This
example came from his blog.
—Jens
Re: Getting "unauthorized" errors replicating from jchris's twitter-client-design
Posted by Jan Lehnardt <ja...@apache.org>.
Quick guess:
Chris has set up his instance so that we all can read, but only
he can write to it. At the moment, replication does not fully
work with authentication-enabled replication sources. But
this is being worked on.
The book is describing reality for when it is going to be
released. Some things we write about might not yet work
as described.
Cheers
Jan
--
On 15 Feb 2009, at 05:16, Jens Alfke wrote:
> Hi -- I've just gotten CouchDB installed (SVN trunk r743373, OS X
> 10.5.6, dependencies installed via DarwinPorts). The test suite
> passes, and a couple of the simple examples from the O'Reilly book-
> in-progress work, but when I try to replicate the Twitter client as
> described in jchris's "My Couch Or Yours" blog post, I keep getting
> errors.
>
> Actually the Replicator in the Futon interface doesn't show
> anything, it just never stops the spinny progress indicator. But
> this immediately gets dumped to the log file:
>
> [Sun, 15 Feb 2009 03:58:57 GMT] [error] [emulator] Error in process
> <0.214.0> with exit value: {{nocatch,{unauthorized,<<39 bytes>>}},
> [{couch_db,validate_doc_update,3},{couch_db,'-update_docs/4-lc
> $^1/1-8-',2},{lists,zipwith,3},{couch_db,update_docs,4},
> {couch_rep,save_docs_buffer,3}]}
>
> [Sun, 15 Feb 2009 03:58:57 GMT] [error] [<0.49.0>]
> {error_report,<0.22.0>,
> {<0.49.0>,std_error,
> {mochiweb_socket_server,235,
> {child_error,
> {{nocatch,
> {unauthorized,
> <<"You are not a server or database admin.">>}},
> [{couch_db,validate_doc_update,3},
> {couch_db,'-update_docs/4-lc$^1/1-8-',2},
> {lists,zipwith,3},
> {couch_db,update_docs,4},
> {couch_rep,save_docs_buffer,3}]}}}}}
>
> Looks like some sort of permissions problem. I have, as advised in
> the installation instructions, added an admin account to the
> local.ini setup. But I've logged in with that account in the browser
> (I've tried both Safari and Firefox) and I can create db's and
> documents via the web interface. Is there a specific problem with
> replication and admin access?
>
> Thanks,
>
> —Jens