[
https://issues.apache.org/jira/browse/COUCHDB-1155?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13039899#comment-13039899
]
Noah Slater commented on COUCHDB-1155:
--------------------------------------
I was stung by this today. I'm trying to build a CouchApp, but instead of
building the page with client-side JavaScript, I am doing it all using shows
and list functions. The first hurdle I ran into while implementing an
authentication system was that the parts of the template that indicate whether
you are logged in or not would fail to update. Turns out that CouchDB is
caching the results of these functions, across sessions. So, I am +1 on
updating Etag calculation depending on authenticated user, as well as roles.
Until this is implemented I will have to use the unique role per user bodge.
> Etag send by list function does not depend on userCtx
> -----------------------------------------------------
>
> Key: COUCHDB-1155
> URL: https://issues.apache.org/jira/browse/COUCHDB-1155
> Project: CouchDB
> Issue Type: Bug
> Components: HTTP Interface
> Affects Versions: 1.0.2
> Reporter: Johannes J. Schmidt
>
> List functions should send a different Etag when requested by different users.
> The following curl session shows identical Etags for different users. CouchDB
> must not be in admin party mode.
> PROTOCOL=http
> DOMAIN="127.0.0.1:5984"
> DB=testdb
> # admin credentials for db creation
> ADMIN=admin:secure
> # this user must have an empty roles array
> USER=user:secure
> curl -XDELETE $PROTOCOL://$ADMIN@$DOMAIN/$DB
> curl -XPUT $PROTOCOL://$ADMIN@$DOMAIN/$DB
> curl -XPUT $PROTOCOL://$ADMIN@$DOMAIN/$DB/foo -d '{"count":1}'
> curl -XPUT $PROTOCOL://$ADMIN@$DOMAIN/$DB/_design/foo -d '{ "views": { "bar":
> { "map": "function(doc) { emit(doc._id, null); }" } }, "lists": { "bar":
> "function(head, req) { return req.userCtx.name || \"anonymous\" }" }}'
> curl -s $PROTOCOL://$DOMAIN/$DB/_design/foo/_list/bar/bar --head | grep Etag
> curl -s $PROTOCOL://$USER@$DOMAIN/$DB/_design/foo/_list/bar/bar --head | grep
> Etag
> #=> Etag: "A1NKHA0935KMCSHFSK94EHZNL"
> #=> Etag: "A1NKHA0935KMCSHFSK94EHZNL"
> This issue is important for standalone CouchDB applications which use list
> functions depending on the user context, eg. showing a login button or
> username.
> regards
> Johannes
> PS: I tried to write a javascript test case but this issue can only be
> reproduced if the server is not in admin party mode, which the test suite
> requires. I am not so familar with those tests to temporarily change the
> admin party.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
