You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by wo...@apache.org on 2017/07/09 22:05:55 UTC
[couchdb-documentation] branch master updated: Remove OAuth
documentation
This is an automated email from the ASF dual-hosted git repository.
wohali pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/couchdb-documentation.git
The following commit(s) were added to refs/heads/master by this push:
new d672772 Remove OAuth documentation
d672772 is described below
commit d672772d44341899972c012ec7abe64aca193f72
Author: Joan Touzet <jo...@atypical.net>
AuthorDate: Sat Jul 8 00:24:04 2017 -0400
Remove OAuth documentation
Helps resolve issue #656
---
src/api/server/authn.rst | 107 +--------------------------------------
src/api/server/configuration.rst | 9 ++--
src/config/auth.rst | 68 -------------------------
src/config/http-handlers.rst | 7 ---
src/config/http.rst | 5 +-
src/whatsnew/2.0.rst | 2 +
src/whatsnew/2.1.rst | 2 +
7 files changed, 11 insertions(+), 189 deletions(-)
diff --git a/src/api/server/authn.rst b/src/api/server/authn.rst
index 06a2728..4ad7250 100644
--- a/src/api/server/authn.rst
+++ b/src/api/server/authn.rst
@@ -215,7 +215,6 @@ To obtain the first token and thus authenticate a user for the first time, the
"authenticated": "cookie",
"authentication_db": "_users",
"authentication_handlers": [
- "oauth",
"cookie",
"default"
]
@@ -278,7 +277,7 @@ Proxy Authentication
.. code-block:: ini
[httpd]
- authentication_handlers = {couch_httpd_oauth, oauth_authentication_handler}, {couch_httpd_auth, cookie_authentication_handler}, {couch_httpd_auth, proxy_authentication_handler}, {couch_httpd_auth, default_authentication_handler}
+ authentication_handlers = {couch_httpd_auth, cookie_authentication_handler}, {couch_httpd_auth, proxy_authentication_handler}, {couch_httpd_auth, default_authentication_handler}
`Proxy authentication` is very useful in case your application already uses
some external authentication service and you don't want to duplicate users and
@@ -325,7 +324,6 @@ headers to CouchDB with related requests:
"authenticated": "proxy",
"authentication_db": "_users",
"authentication_handlers": [
- "oauth",
"cookie",
"proxy",
"default"
@@ -343,106 +341,3 @@ headers to CouchDB with related requests:
Note that you don't need to request :ref:`session <api/auth/session>`
to be authenticated by this method if all required HTTP headers are provided.
-
-.. _api/auth/oauth:
-
-OAuth Authentication
-====================
-
-CouchDB supports OAuth 1.0 authentication (:rfc:`5849`). OAuth provides a
-method for clients to access server resources without sharing real credentials
-(username and password).
-
-First, :ref:`configure oauth <config/oauth>`, by setting consumer and token
-with their secrets and binding token to real CouchDB username.
-
-Probably, it's not good idea to work with plain curl, let use some scripting
-language like Python:
-
-.. code-block:: python
-
- #!/usr/bin/env python2
- from oauth import oauth # pip install oauth
- import httplib
-
- URL = 'http://localhost:5984/_session'
- CONSUMER_KEY = 'consumer1'
- CONSUMER_SECRET = 'sekr1t'
- TOKEN = 'token1'
- SECRET = 'tokensekr1t'
-
- consumer = oauth.OAuthConsumer(CONSUMER_KEY, CONSUMER_SECRET)
- token = oauth.OAuthToken(TOKEN, SECRET)
- req = oauth.OAuthRequest.from_consumer_and_token(
- consumer,
- token=token,
- http_method='GET',
- http_url=URL,
- parameters={}
- )
- req.sign_request(oauth.OAuthSignatureMethod_HMAC_SHA1(), consumer,token)
-
- headers = req.to_header()
- headers['Accept'] = 'application/json'
-
- con = httplib.HTTPConnection('localhost', 5984)
- con.request('GET', URL, headers=headers)
- resp = con.getresponse()
- print resp.read()
-
-or Ruby:
-
-.. code-block:: ruby
-
- #!/usr/bin/env ruby
-
- require 'oauth' # gem install oauth
-
- URL = 'http://localhost:5984'
- CONSUMER_KEY = 'consumer1'
- CONSUMER_SECRET = 'sekr1t'
- TOKEN = 'token1'
- SECRET = 'tokensekr1t'
-
- @consumer = OAuth::Consumer.new CONSUMER_KEY,
- CONSUMER_SECRET,
- {:site => URL}
-
- @access_token = OAuth::AccessToken.new(@consumer, TOKEN, SECRET)
-
- puts @access_token.get('/_session').body
-
-Both snippets produces similar request and response pair:
-
-.. code-block:: http
-
- GET /_session HTTP/1.1
- Host: localhost:5984
- Accept: application/json
- Authorization: OAuth realm="", oauth_nonce="81430018", oauth_timestamp="1374561749", oauth_consumer_key="consumer1", oauth_signature_method="HMAC-SHA1", oauth_version="1.0", oauth_token="token1", oauth_signature="o4FqJ8%2B9IzUpXH%2Bk4rgnv7L6eTY%3D"
-
-.. code-block:: http
-
- HTTP/1.1 200 OK
- Cache-Control : must-revalidate
- Content-Length : 167
- Content-Type : application/json
- Date : Tue, 23 Jul 2013 06:51:15 GMT
- Server: CouchDB (Erlang/OTP)
-
- {
- "ok": true,
- "info": {
- "authenticated": "oauth",
- "authentication_db": "_users",
- "authentication_handlers": ["oauth", "cookie", "default"]
- },
- "userCtx": {
- "name": "couchdb_username",
- "roles": []
- }
- }
-
-There we request the :ref:`_session <api/auth/session>` resource to ensure
-that authentication was successful and the target CouchDB username is correct.
-Change the target URL to request required resource.
diff --git a/src/api/server/configuration.rst b/src/api/server/configuration.rst
index 6655fc9..e2ec0f7 100644
--- a/src/api/server/configuration.rst
+++ b/src/api/server/configuration.rst
@@ -92,13 +92,13 @@ the various configuration values within a running CouchDB instance.
},
"httpd": {
"allow_jsonp": "false",
- "authentication_handlers": "{couch_httpd_oauth, oauth_authentication_handler}, {couch_httpd_auth, cookie_authentication_handler}, {couch_httpd_auth, default_authentication_handler}",
+ "authentication_handlers": "{couch_httpd_auth, cookie_authentication_handler}, {couch_httpd_auth, default_authentication_handler}",
"bind_address": "192.168.0.2",
"default_handler": "{couch_httpd_db, handle_request}",
"max_connections": "2048",
"port": "5984",
"secure_rewrites": "true",
- "vhost_global_handlers": "_utils, _uuids, _session, _oauth, _users"
+ "vhost_global_handlers": "_utils, _uuids, _session, _users"
},
"httpd_db_handlers": {
"_changes": "{couch_httpd_db, handle_changes_req}",
@@ -120,7 +120,6 @@ the various configuration values within a running CouchDB instance.
"_active_tasks": "{couch_httpd_misc_handlers, handle_task_status_req}",
"_all_dbs": "{couch_httpd_misc_handlers, handle_all_dbs_req}",
"_config": "{couch_httpd_misc_handlers, handle_config_req}",
- "_oauth": "{couch_httpd_oauth, handle_oauth_req}",
"_replicate": "{couch_httpd_misc_handlers, handle_replicate_req}",
"_restart": "{couch_httpd_misc_handlers, handle_restart_req}",
"_session": "{couch_httpd_auth, handle_session_req}",
@@ -196,13 +195,13 @@ the various configuration values within a running CouchDB instance.
{
"allow_jsonp": "false",
- "authentication_handlers": "{couch_httpd_oauth, oauth_authentication_handler}, {couch_httpd_auth, cookie_authentication_handler}, {couch_httpd_auth, default_authentication_handler}",
+ "authentication_handlers": "{couch_httpd_auth, cookie_authentication_handler}, {couch_httpd_auth, default_authentication_handler}",
"bind_address": "127.0.0.1",
"default_handler": "{couch_httpd_db, handle_request}",
"enable_cors": "false",
"port": "5984",
"secure_rewrites": "true",
- "vhost_global_handlers": "_utils, _uuids, _session, _oauth, _users"
+ "vhost_global_handlers": "_utils, _uuids, _session, _users"
}
.. _api/config/section/key:
diff --git a/src/config/auth.rst b/src/config/auth.rst
index eb5c7ba..1d0e640 100644
--- a/src/config/auth.rst
+++ b/src/config/auth.rst
@@ -284,71 +284,3 @@ Authentication Configuration
[couch_httpd_auth]
x_auth_username = X-Auth-CouchDB-UserName
-
-.. _config/couch_httpd_oauth:
-
-HTTP OAuth Configuration
-========================
-
-.. config:section:: couch_httpd_oauth :: HTTP OAuth Configuration
-
- .. versionadded:: 1.2
-
- .. config:option:: use_users_db
-
- CouchDB is able to store OAuth credentials within user documents instead of
- config file by using this option::
-
- [couch_httpd_oauth]
- use_users_db = true
-
- If set to ``true``, OAuth token and consumer secrets will be looked up in
- the :option:`authentication database <couchdb/users_db_suffix>`.
- These secrets are stored in a top level field named ``"oauth"`` in user
- documents, as below.
-
- .. code-block:: javascript
-
- {
- "_id": "org.couchdb.user:joe",
- "type": "user",
- "name": "joe",
- "password_sha": "fe95df1ca59a9b567bdca5cbaf8412abd6e06121",
- "salt": "4e170ffeb6f34daecfd814dfb4001a73"
- "roles": ["foo", "bar"],
- "oauth": {
- "consumer_keys": {
- "consumerKey1": "key1Secret",
- "consumerKey2": "key2Secret"
- },
- "tokens": {
- "token1": "token1Secret",
- "token2": "token2Secret"
- }
- }
- }
-
-.. _config/oauth:
-
-OAuth Configuration
-===================
-
-.. config:section:: oauth_* :: OAuth Configuration
-
- To let users be authenticated by :ref:`api/auth/oauth` (:rfc:`5849`), three
- special sections must be set up in the :ref:`configuration <config>` file:
-
- #. The Consumer secret::
-
- [oauth_consumer_secrets]
- consumer1 = sekr1t
-
- #. Token secrets::
-
- [oauth_token_secrets]
- token1 = tokensekr1t
-
- #. A mapping from tokens to users::
-
- [oauth_token_users]
- token1 = couchdb_username
diff --git a/src/config/http-handlers.rst b/src/config/http-handlers.rst
index 76c1a93..a4ab5dd 100644
--- a/src/config/http-handlers.rst
+++ b/src/config/http-handlers.rst
@@ -72,13 +72,6 @@ Global HTTP Handlers
[httpd_global_handlers]
_config = {couch_httpd_misc_handlers, handle_config_req}
- .. config:option:: _oauth
-
- ::
-
- [httpd_global_handlers]
- _oauth = {couch_httpd_oauth, handle_oauth_req}
-
.. config:option:: _replicate
Provides an API to run
diff --git a/src/config/http.rst b/src/config/http.rst
index a89bf86..6817317 100644
--- a/src/config/http.rst
+++ b/src/config/http.rst
@@ -41,9 +41,8 @@ HTTP Server Options
let users to use one of provided methods::
[httpd]
- authentication_handlers = {couch_httpd_oauth, oauth_authentication_handler}, {couch_httpd_auth, cookie_authentication_handler}, {couch_httpd_auth, default_authentication_handler}
+ authentication_handlers = {couch_httpd_auth, cookie_authentication_handler}, {couch_httpd_auth, default_authentication_handler}
- - ``{couch_httpd_oauth, oauth_authentication_handler}``: handles OAuth;
- ``{couch_httpd_auth, cookie_authentication_handler}``: used for Cookie auth;
- ``{couch_httpd_auth, proxy_authentication_handler}``: used for Proxy auth;
- ``{couch_httpd_auth, default_authentication_handler}``: used for Basic auth;
@@ -171,7 +170,7 @@ HTTP Server Options
<vhosts>`::
[httpd]
- vhost_global_handlers = _utils, _uuids, _session, _oauth, _users
+ vhost_global_handlers = _utils, _uuids, _session, _users
.. config:option:: x_forwarded_host :: X-Forwarder-Host
diff --git a/src/whatsnew/2.0.rst b/src/whatsnew/2.0.rst
index 8c90998..c82ab8f 100644
--- a/src/whatsnew/2.0.rst
+++ b/src/whatsnew/2.0.rst
@@ -131,6 +131,8 @@ in time for the 2.0.0 release:
that contain the design document.
* :issue:`2804`: The fast_view optimization is not enabled on the clustered
interface.
+* :ghissue:`656`: The OAuth 1.0 support is broken and deprecated. It will be
+ removed in a future version of CouchDB.
.. _known issues: https://s.apache.org/couchdb-2.0-known-issues
.. _CouchDB JIRA instance: https://issues.apache.org/jira/browse/COUCHDB
diff --git a/src/whatsnew/2.1.rst b/src/whatsnew/2.1.rst
index 095dd7b..1cf2a52 100644
--- a/src/whatsnew/2.1.rst
+++ b/src/whatsnew/2.1.rst
@@ -25,6 +25,8 @@
Version 2.1.0
=============
+* The deprecated (and broken) OAuth 1.0 implementation has been removed.
+
* New scheduling replicator. The core of the new replicator is a
scheduler which allows running a large number of replication
jobs by switching between them, stopping some and starting others
--
To stop receiving notification emails like this one, please contact
['"commits@couchdb.apache.org" <co...@couchdb.apache.org>'].