[
https://issues.apache.org/jira/browse/COUCHDB-492?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Benoit Chesneau updated COUCHDB-492:
------------------------------------
Attachment: couch_server.diff
`couch_httpd_auth:create_user_req` and `couch_server:hash_password_admin` use a
different algo to create the hashed password in current CouchDB. So even even
if the _session handler use allready get_user, wich test first local.ini then
users db, auth will fail because expected password hash is different.
Here is a patch that solve it by using same algorihm to make the hash. It don't
change the way hash are calculated in local.ini but only in couch_httpd_auth
which is more recent.
> cascading auth + _session
> -------------------------
>
> Key: COUCHDB-492
> URL: https://issues.apache.org/jira/browse/COUCHDB-492
> Project: CouchDB
> Issue Type: Bug
> Affects Versions: 0.10
> Reporter: Benoit Chesneau
> Fix For: 0.10
>
> Attachments: couch_server.diff
>
>
> Actually when you log your user via _session handler it looks only for user
> in userdb and ignore admins set in local.ini file . Which give some problem
> if users are set manually (without using _user handler), 2 users could have
> the same login, or when the user don't exist in userdb but only in local.ini
> it won't be found and authentifaction will fail.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
