dharders commented on issue #741: error "Unauthorized" (401) when loading 
"_security"-doc
URL: https://github.com/apache/couchdb/issues/741#issuecomment-321472504
 
 
   @wohali 
   
   1. Yes
   2. Both, however, admin is defined `_users` db and in 
`/opt/couchdb/etc/local.d/10-admins.ini` instead of `local.ini` as my current 
installation used the package installer and interactive terminal put it there 
instead. Manually copying it to `local.ini` didn't seem to help either :( 
   
   ```
   ///opt/couchdb/etc/local.d/10-admins.ini
   
   # Package-introduced administrative user
   [admins]
   admin = -pbkdf2-longstring,10
   
   [couchdb]
   uuid = longstring
   
   [chttpd]
   bind_address = 127.0.0.1
   port = 5984
   require_valid_user = false
   
   [cluster]
   n = 1
   
   [couch_httpd_auth]
   secret = longstring
   require_valid_user = false
   ```
   3. Curl / Steps after install complete
   ```
   // stop warnings in log if dbs don't exist
   curl -u admin:admin -X PUT http://127.0.0.1:5984/_users
   curl -u admin:admin -X PUT http://127.0.0.1:5984/_replicator
   curl -u admin:admin -X PUT http://127.0.0.1:5984/_global_changes
   curl -u admin:admin -X PUT http://127.0.0.1:5984/_metadata
   
   //Check install by visiting http://127.0.0.1:5984/_utils
   //Click verify, all good
   //I think I then Clicked Setup, Single Node, admin & password, Bind to 
127.0.0.1 Port 5984, even though 
   //...I had done it via interactive terminal install ? Can't remember.
   
   // Set require_valid_user to true
   curl  -u admin:admin -X PUT 
127.0.0.1:5984/_node/couchdb@localhost/_config/couch_httpd_auth/require_valid_user
 -d '"true"'
   curl  -u admin:admin -X PUT 
127.0.0.1:5984/_node/couchdb@localhost/_config/chttpd/require_valid_user -d 
'"true"'
   
   // Set admin as member of db's
   curl -u "admin:admin" -X PUT "127.0.0.1:5984/_users/_security" -d 
'{"admins":{"names":[],"roles":[]},"members":{"names":["admin"],"roles":[]}}'
   curl -u "admin:admin" -X PUT "127.0.0.1:5984/_replicator/_security" -d 
'{"admins":{"names":[],"roles":[]},"members":{"names":["admin"],"roles":[]}}'
   curl -u "admin:admin" -X PUT "127.0.0.1:5984/_global_changes/_security" -d 
'{"admins":{"names":[],"roles":[]},"members":{"names":["admin"],"roles":[]}}'
   curl -u "admin:admin" -X PUT "127.0.0.1:5984/_metadata/_security" -d 
'{"admins":{"names":[],"roles":[]},"members":{"names":["admin"],"roles":[]}}'
   
   // create new user
   curl -u admin:admin -H 'Content-Type: application/json' -X PUT -d '{"_id": 
"org.couchdb.user:newuser", "type": "user", "name": "newuser", "password": 
"newuser", "roles": [] }' 127.0.0.1:5984/_users/org.couchdb.user:newuser
   
   // create new db for newuser
   curl -u "admin:admin" -X PUT "127.0.0.1:5984/newuser"
   
   // set db permissions (access to admin and newuser)
   curl -u "admin:admin" -X PUT "127.0.0.1:5984/newuser/_security" -d 
'{"admins":{"names":[],"roles":[]},"members":{"names":["admin","newuser"],"roles":[]}}'
   
   // manually change admin password through fauxton
   // goto any db and click permissions
   // no members present
   // chrome devtools show 401 Unauthorized fetch to db/_security, looks like 
no auth info sent in header
   // manually type same db/_security url in address bar. 200 OK, but body 
contents is:
   // {"error":"unauthorized","reason":"Authentication 
required.","members":{"names":["admin","newuser"]}} 
   ```
   I also noted a few console errors within fauxton related to worker CSP 
'unsafe-eval', DOMException all seemingly due to Worker related  stuff.
   
   
   
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

Reply via email to