Devs,
I've been fine-tuning some of the auth stuff. I'm not done yet, but
this is a status update.
Conflicted user docs now can't be used to login. You must resolve the
conflict first.
I've also normalized some naming, like user docs to name/password
instead of "username" in some places.
The /_session response now returns something like:
{
userCtx : {
name : "[email protected]",
roles : ["_admin", "_replicator", "author"]
},
info : {
authentication_db : "_users",
authenticated : ["cookie"],
authentication_handlers : ["oauth", "cookie", "http_basic"]
},
}
I flirted with the idea of including the userDoc but I'll leave that
up to someone else to tackle.
TODO:
* bcrypt (I think there are some JS implementations out there)
* security object (I think this will be a local doc that apps can
populate with the help of an admin.)
Chris
--
Chris Anderson
http://jchrisa.net
http://couch.io
