[
https://issues.apache.org/jira/browse/COUCHDB-34?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12668767#action_12668767
]
Adam Kocoloski commented on COUCHDB-34:
---------------------------------------
I posted some code that makes Couch respond with a 401 status code if a user
attempts a replication without proper authentication:
http://github.com/kocolosk/couchdb/tree/jira-34
Getting that to work was slightly tricky since it required tracking exceptions
across processes. I chose to rework a bit of the message passing in the
replication module as a result.
One downside of this fix is that the replication test will get stuck if run in
a browser on a server that has admins defined. Previously that test would just
fail when it tried to replicate to a "remote" target, but now when the 401 code
comes back the browser keeps asking for credentials, not realizing that the
credentials belong in the JSON body instead of the Authorization Header.
The response in the case of a local target is the usual
{"error":"unauthorized","reason":"You are not a server or database admin."}
but if you attempt an unauthorized replication to a remote target you'll receive
{"error":"unauthorized","reason":"Please authenticate to the target server in
the JSON body."}
> Enable replicator to use HTTP authentication
> --------------------------------------------
>
> Key: COUCHDB-34
> URL: https://issues.apache.org/jira/browse/COUCHDB-34
> Project: CouchDB
> Issue Type: New Feature
> Components: Database Core
> Reporter: Christopher Lenz
> Priority: Blocker
> Fix For: 0.9
>
>
> You can currently give the CouchDB replicator HTTP URIs to remote databases.
> However, if one of those remote instances is behind HTTP authentication, the
> replication will fail. It should be possible to specify authentication
> credentials to the replicator, which it would then use in response to 401
> responses.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
