kvzhkv commented on issue #747: proxy authentication still not configurable URL: https://github.com/apache/couchdb/issues/747#issuecomment-322042279 Yes, when I use cURL or postman to set up `_security` document there is no bugs... Anyway, problem with `_security` not worries me as much as problem with proxy authentication. So, using cURL, I'm getting my config with admin username and password `curl -X GET \ http://localhost:5984/_node/couchdb@localhost/_config/ \ -H 'authorization: Basic YWRtaW46Y291Y2hkYmFkbWlu'` here it is: > { > "native_query_servers": { > "query": "{mango_native_proc, start_link, []}" > }, > "httpd_design_handlers": { > "_compact": "{couch_mrview_http, handle_compact_req}", > "_info": "{couch_mrview_http, handle_info_req}", > "_list": "{couch_mrview_show, handle_view_list_req}", > "_rewrite": "{couch_httpd_rewrite, handle_rewrite_req}", > "_show": "{couch_mrview_show, handle_doc_show_req}", > "_update": "{couch_mrview_show, handle_doc_update_req}", > "_view": "{couch_mrview_http, handle_view_req}", > "_view_changes": "{couch_mrview_http, handle_view_changes_req}" > }, > "uuids": { > "algorithm": "sequential", > "max_count": "1000" > }, > "cluster": { > "n": "1", > "q": "2" > }, > "cors": { > "credentials": "false" > }, > "chttpd": { > "backlog": "512", > "bind_address": "0.0.0.0", > "docroot": "./share/www", > "port": "5984", > "require_valid_user": "false", > "socket_options": "[{recbuf, 262144}, {sndbuf, 262144}, {nodelay, true}]" > }, > "httpd_global_handlers": { > "/": "{couch_httpd_misc_handlers, handle_welcome_req, <<\"Welcome\">>}", > "_active_tasks": "{couch_httpd_misc_handlers, handle_task_status_req}", > "_all_dbs": "{couch_httpd_misc_handlers, handle_all_dbs_req}", > "_config": "{couch_httpd_misc_handlers, handle_config_req}", > "_plugins": "{couch_plugins_httpd, handle_req}", > "_replicate": "{couch_replicator_httpd, handle_req}", > "_restart": "{couch_httpd_misc_handlers, handle_restart_req}", > "_session": "{couch_httpd_auth, handle_session_req}", > "_stats": "{couch_stats_httpd, handle_stats_req}", > "_system": "{chttpd_misc, handle_system_req}", > "_utils": "{couch_httpd_misc_handlers, handle_utils_dir_req, \"./share/www\"}", > "_uuids": "{couch_httpd_misc_handlers, handle_uuids_req}", > "favicon.ico": "{couch_httpd_misc_handlers, handle_favicon_req, \"./share/www\"}" > }, > "attachments": { > "compressible_types": "text/*, application/javascript, application/json, application/xml", > "compression_level": "8" > }, > "admins": { > "admin": "-pbkdf2-b1d43483c194bfec3513950d35b196a430961363,05c745791b552869aac2ba9afcd1043b,10" > }, > "query_server_config": { > "os_process_limit": "100", > "reduce_limit": "true" > }, > "vendor": { > "name": "The Apache Software Foundation" > }, > "chttpd_auth": { > "authentication_db": "_users", > "proxy_use_secret": "false", > "secret": "secret", > "x_auth_roles": "X-Auth-CouchDB-Roles", > "x_auth_token": "X-Auth-CouchDB-Token", > "x_auth_username": "X-Auth-CouchDB-UserName" > }, > "replicator": { > "connection_timeout": "30000", > "http_connections": "20", > "interval": "60000", > "max_churn": "20", > "max_jobs": "500", > "retries_per_request": "10", > "socket_options": "[{keepalive, true}, {nodelay, false}]", > "ssl_certificate_max_depth": "3", > "startup_jitter": "5000", > "verify_ssl_certificates": "false", > "worker_batch_size": "500", > "worker_processes": "4" > }, > "ssl": { > "port": "6984" > }, > "log": { > "file": "/Users/konstantin/Library/Logs/CouchDB2.log", > "level": "info", > "writer": "file" > }, > "indexers": { > "couch_mrview": "true" > }, > "view_compaction": { > "keyvalue_buffer_size": "2097152" > }, > "query_servers": { > "coffeescript": "./bin/couchjs ./share/server/main-coffee.js", > "javascript": "./bin/couchjs ./share/server/main.js" > }, > "features": { > "scheduler": "true" > }, > "daemons": { > "auth_cache": "{couch_auth_cache, start_link, []}", > "compaction_daemon": "{couch_compaction_daemon, start_link, []}", > "couch_peruser": "{couch_peruser, start_link, []}", > "external_manager": "{couch_external_manager, start_link, []}", > "httpd": "{couch_httpd, start_link, []}", > "index_server": "{couch_index_server, start_link, []}", > "os_daemons": "{couch_os_daemons, start_link, []}", > "query_servers": "{couch_proc_manager, start_link, []}", > "uuids": "{couch_uuids, start, []}", > "vhosts": "{couch_httpd_vhost, start_link, []}" > }, > "couch_peruser": { > "delete_dbs": "false", > "enable": "false" > }, > "httpd": { > "allow_jsonp": "false", > "authentication_handlers": "{chttpd_auth, proxy_authentification_handler}, {chttpd_auth, default_authentication_handler}", > "bind_address": "127.0.0.1", > "default_handler": "{couch_httpd_db, handle_request}", > "enable_cors": "false", > "enable_xframe_options": "false", > "max_http_request_size": "67108864", > "port": "5986", > "secure_rewrites": "true", > "socket_options": "[{recbuf, 262144}, {sndbuf, 262144}]", > "vhost_global_handlers": "_utils, _uuids, _session, _users" > }, > "httpd_db_handlers": { > "_all_docs": "{couch_mrview_http, handle_all_docs_req}", > "_changes": "{couch_httpd_db, handle_db_changes_req}", > "_compact": "{couch_httpd_db, handle_compact_req}", > "_design": "{couch_httpd_db, handle_design_req}", > "_design_docs": "{couch_mrview_http, handle_design_docs_req}", > "_local_docs": "{couch_mrview_http, handle_local_docs_req}", > "_temp_view": "{couch_mrview_http, handle_temp_view_req}", > "_view_cleanup": "{couch_mrview_http, handle_cleanup_req}" > }, > "database_compaction": { > "checkpoint_after": "5242880", > "doc_buffer_size": "524288" > }, > "csp": { > "enable": "true" > }, > "couch_httpd_auth": { > "allow_persistent_cookies": "false", > "auth_cache_size": "50", > "authentication_db": "_users", > "authentication_redirect": "/_utils/session.html", > "iterations": "10", > "require_valid_user": "true", > "secret": "734b6574959bc80b2178a26ea227426b", > "timeout": "600" > }, > "couchdb": { > "attachment_stream_buffer_size": "4096", > "changes_doc_ids_optimization_threshold": "100", > "database_dir": "/Users/konstantin/Library/Application Support/CouchDB2/var/lib/couchdb", > "default_security": "admin_local", > "delayed_commits": "false", > "file_compression": "snappy", > "max_dbs_open": "500", > "os_process_timeout": "5000", > "uri_file": "/Users/konstantin/Library/Application Support/CouchDB2/var/run/couchdb/couch.uri", > "uuid": "58ec703a7dbd7c09602dd53365e74f00", > "view_index_dir": "/Users/konstantin/Library/Application Support/CouchDB2/var/lib/couchdb" > }, > "compactions": { > "_default": "[{db_fragmentation, \"70%\"}, {view_fragmentation, \"60%\"}]" > }, > "compaction_daemon": { > "check_interval": "300", > "min_file_size": "131072" > } > } Then I do this: `curl -X GET \ http://localhost:5984/_session \ -H 'accept: application/json' \ -H 'content-type: application/json' \ -H 'X-Auth-CouchDB-UserName: testuser'` response: > { > "ok": true, > "userCtx": { > "name": null, > "roles": [] > }, > "info": { > "authentication_db": "_users", > "authentication_handlers": [ > "cookie", > "default" > ] > } > } so there is no "proxy" in authentication_handlers getting _security of test database with admin username and password `curl -X GET \ http://localhost:5984/test/_security \ -H 'authorization: Basic YWRtaW46Y291Y2hkYmFkbWlu'` response: > { > "admins": { > "names": [ > "testuser" > ] > }, > "members": { > "names": [ > "testuser" > ] > } > } trying to GET db with proxy header `curl -X GET \ http://localhost:5984/test \ -H 'accept: application/json' \ -H 'content-type: application/json' \ -H 'X-Auth-CouchDB-UserName: testuser'` response: > { > "error": "unauthorized", > "reason": "You are not authorized to access this db." > } proxy not working... Today I've also tried the same operations on Windows 10 with postman and got exactly the same results. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
With regards, Apache Git Services
