gambolputty commented on issue #741: error "Unauthorized" (401) when loading 
"_security"-doc
URL: https://github.com/apache/couchdb/issues/741#issuecomment-321658802
 
 
   Ok. I was able to reproduce this.
   
   **Step 1**: update the `_security`-doc:
   ```
   ~/Python/projects $ curl 
http://admin:password@server:5984/database/_security -XPUT -d 
'{"admins":{"names":["admin"],"roles":[]},"members":{"names":[],"roles":[]}}'
   {"ok":true}
   ```
   
   **Step 2**: check the content of `_security`-doc
   ```
   ~/Python/projects $ curl 
http://admin:password@server:5984/database/_security -v
   *   Trying 1.2.3.4...
   * TCP_NODELAY set
   * Connected to 1.2.3.4 (1.2.3.4) port 5984 (#0)
   * Server auth using Basic with user 'admin'
   > GET /newscorpus/_security HTTP/1.1
   > Host: 1.2.3.4:5984
   > Authorization: Basic JdNbLWnpE6WhWE4ddaWUAGYGnlU2ZtFydQRRUFtHjV==
   > User-Agent: curl/7.52.1
   > Accept: */*
   >
   < HTTP/1.1 200 OK
   < X-CouchDB-Body-Time: 0
   < X-Couch-Request-ID: a2d27bbf76
   < Server: CouchDB/2.1.0 (Erlang OTP/18)
   < Date: Thu, 10 Aug 2017 19:36:57 GMT
   < Content-Type: application/json
   < Content-Length: 76
   < Cache-Control: must-revalidate
   <
   {"admins":{"names":["admin"],"roles":[]},"members":{"names":[],"roles":[]}}
   * Curl_http_done: called premature == 0
   * Connection #0 to host 1.2.3.4 left intact
   ```
   
   **Step 3**: Navigate to Fauxton `http://server:5984/_utils/` & log in
   **Step 4**: Click on the database name & open the "Permissions"-page. 
"admin" is listed under admins on that page.
   **Step 5**: Adding a new member ("test") works, but after reloading the 
page, "admin" & "test" listed before are gone and Chrome DevTools reveals `401 
Unauthorized`-Error (still logged in as admin). Response content: 
   ```
   {"error":"unauthorized","reason":"You are not authorized to access this db."}
   ```
   Meanwhile member "test" was added to the `_security`-doc:
   ```
   
{"admins":{"names":["admin"],"roles":[]},"members":{"names":["test"],"roles":[]}}
   ```
   
   **Step 6**: But reloading the "Permissions"-page doesn't reveal any name. 
I'm still getting a 401-Error in DevTools. And this is when the error message 
was written to the `_security`-doc, as @rnewson suggested: In my assumption 
that my changes made on the `Permissions`-page have not been saved (because I 
kept reloading the page and didn't see them), I tried to add the same member 
("test") again. After reproducing this right now (adding the same member 
again), I can see the error message inside the `_security`-doc now, too, after 
executing CURL:
   ```
   ~/Python/projects $ curl http://admin:password@server:5984/database/_security
   {"error":"unauthorized","reason":"You are not authorized to access this 
db.","members":{"names":["test"]}}
   ```
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

Reply via email to