gambolputty commented on issue #741: error "Unauthorized" (401) when loading "_security"-doc URL: https://github.com/apache/couchdb/issues/741#issuecomment-321658802 Ok. I was able to reproduce this. Step 1: update the `_security`-doc: ``` ~/Python/projects $ curl http://admin:password@server:5984/database/_security -XPUT -d '{"admins":{"names":["admin"],"roles":[]},"members":{"names":[],"roles":[]}}' {"ok":true} ``` Step 2: check the content of `_security`-doc ``` ~/Python/projects $ curl http://admin:password@server:5984/database/_security -v * Trying 1.2.3.4... * TCP_NODELAY set * Connected to 1.2.3.4 (1.2.3.4) port 5984 (#0) * Server auth using Basic with user 'admin' > GET /newscorpus/_security HTTP/1.1 > Host: 1.2.3.4:5984 > Authorization: Basic JdNbLWnpE6WhWE4ddaWUAGYGnlU2ZtFydQRRUFtHjV== > User-Agent: curl/7.52.1 > Accept: */* > < HTTP/1.1 200 OK < X-CouchDB-Body-Time: 0 < X-Couch-Request-ID: a2d27bbf76 < Server: CouchDB/2.1.0 (Erlang OTP/18) < Date: Thu, 10 Aug 2017 19:36:57 GMT < Content-Type: application/json < Content-Length: 76 < Cache-Control: must-revalidate < {"admins":{"names":["admin"],"roles":[]},"members":{"names":[],"roles":[]}} * Curl_http_done: called premature == 0 * Connection #0 to host 1.2.3.4 left intact ``` Step 3: Navigate to Fauxton `http://server:5984/_utils/` & log in Step 4: Click on the database name & open the "Permissions"-page. "admin" is listed under admins on that page. Step 5: Adding a new member ("test") works, but after reloading the page, "admin" & "test" listed before are gone and Chrome DevTools reveals `401 Unauthorized`-Error (still logged in as admin). Response content: ``` {"error":"unauthorized","reason":"You are not authorized to access this db."} ``` Meanwhile member "test" was added to the `_security`-doc: ``` {"admins":{"names":["admin"],"roles":[]},"members":{"names":["test"],"roles":[]}} ``` Step 6: But reloading the "Permissions"-page doesn't reveal any name. I'm still getting a 401-Error in DevTools. And this is when the error message was written to the `_security`-doc, as @rnewson suggested: In my assumption that my changes made on the `Permissions`-page have not been saved (because I kept reloading the page and didn't see them), I tried to add the same member ("test") again. After reproducing this right now (adding the same member again), I can see the error message inside the `_security`-doc now, too, after executing CURL: ``` ~/Python/projects $ curl http://admin:password@server:5984/database/_security {"error":"unauthorized","reason":"You are not authorized to access this db.","members":{"names":["test"]}} ``` ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
With regards, Apache Git Services