[GitHub] artin-phares commented on issue #1179: intermediate certs cut out of cert_file
artin-phares commented on issue #1179: intermediate certs cut out of cert_file URL: https://github.com/apache/couchdb/issues/1179#issuecomment-368141014 @wohali Yeah, that's what I expected to hear. No big deal. Anyway, maybe someone will find the fix for `RequestError: Error: unable to verify the first certificate` here. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[jira] [Commented] (COUCHDB-3255) Conflicts introduced by recreating docs with attachments
[ https://issues.apache.org/jira/browse/COUCHDB-3255?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16374939#comment-16374939 ] ASF subversion and git services commented on COUCHDB-3255: -- Commit 065185f3178e38cef84913f26e3136373fb89d4a in couchdb's branch refs/heads/COUCHDB-3287-pluggable-storage-engines from [~paul.joseph.davis] [ https://gitbox.apache.org/repos/asf?p=couchdb.git;h=065185f ] Ensure deterministic revisions for attachments This re-fixes a corner case when recreating a document with an attachment in a single multipart request. Since we don't detect that we need a new revision until after the document has been serialized we need to be able to deserialize the body so that we can generate the same revisions regardless of the contents of the database. If we don't do this then we end up including information from the position of the attachment on disk in the revision calculation which can introduce branches in the revision tree. I've left this as a separate commit from the pluggable storage engine work so that its called out clearly for us to revisit. COUCHDB-3255 > Conflicts introduced by recreating docs with attachments > > > Key: COUCHDB-3255 > URL: https://issues.apache.org/jira/browse/COUCHDB-3255 > Project: CouchDB > Issue Type: Bug > Components: Database Core >Reporter: Paul Joseph Davis >Priority: Major > > When a document is re-created with an attachment it receives a > non-deterministic revision. This is due to a fairly old commit [1] that > introduced the behavior by accidentally including information about revisions > on disk into the revision id calculation when the revision id was being > calculated by couch_db_updater when it realized that the update was > re-creating a document that was previously deleted. > I'm opening a PR with the fix. > [1] > https://github.com/apache/couchdb-couch/commit/08a94d582cd3086ebcbd51ad8ac98ca6df98a1b7 -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (COUCHDB-3287) Implement pluggable storage engines
[ https://issues.apache.org/jira/browse/COUCHDB-3287?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16374937#comment-16374937 ] ASF subversion and git services commented on COUCHDB-3287: -- Commit fbd85b1ac5dd30fed034528352d3f0f122659b1f in couchdb's branch refs/heads/COUCHDB-3287-pluggable-storage-engines from [~paul.joseph.davis] [ https://gitbox.apache.org/repos/asf?p=couchdb.git;h=fbd85b1 ] Implement pluggable storage engines This change moves the main work of storage engines to run through the new couch_db_engine behavior. This allows us to replace the storage engine with different implementations that can be tailored to specific work loads and environments. COUCHDB-3287 > Implement pluggable storage engines > --- > > Key: COUCHDB-3287 > URL: https://issues.apache.org/jira/browse/COUCHDB-3287 > Project: CouchDB > Issue Type: Improvement >Reporter: Paul Joseph Davis >Priority: Major > > Opening branches for the pluggable storage engine work described here: > http://mail-archives.apache.org/mod_mbox/couchdb-dev/201606.mbox/%3CCAJ_m3YDjA9xym_JRVtd6Xi7LX7Ajwc6EmH_wyCRD1jgTzk8mKA%40mail.gmail.com%3E -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (COUCHDB-3287) Implement pluggable storage engines
[ https://issues.apache.org/jira/browse/COUCHDB-3287?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16374938#comment-16374938 ] ASF subversion and git services commented on COUCHDB-3287: -- Commit d12bafaed2b95e351fae7d46a588d8ea5e0694ac in couchdb's branch refs/heads/COUCHDB-3287-pluggable-storage-engines from [~paul.joseph.davis] [ https://gitbox.apache.org/repos/asf?p=couchdb.git;h=d12bafa ] Add storage engine test suite This allows other storage engine implementations to reuse the same exact test suite without having to resort to shenanigans like keeping vendored copies up to date. COUCHDB-3287 > Implement pluggable storage engines > --- > > Key: COUCHDB-3287 > URL: https://issues.apache.org/jira/browse/COUCHDB-3287 > Project: CouchDB > Issue Type: Improvement >Reporter: Paul Joseph Davis >Priority: Major > > Opening branches for the pluggable storage engine work described here: > http://mail-archives.apache.org/mod_mbox/couchdb-dev/201606.mbox/%3CCAJ_m3YDjA9xym_JRVtd6Xi7LX7Ajwc6EmH_wyCRD1jgTzk8mKA%40mail.gmail.com%3E -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (COUCHDB-3287) Implement pluggable storage engines
[ https://issues.apache.org/jira/browse/COUCHDB-3287?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16374936#comment-16374936 ] ASF subversion and git services commented on COUCHDB-3287: -- Commit 35cc7097585c329deb34a18062867552dbf9e5f1 in couchdb's branch refs/heads/COUCHDB-3287-pluggable-storage-engines from [~paul.joseph.davis] [ https://gitbox.apache.org/repos/asf?p=couchdb.git;h=35cc709 ] Add legacy storage engine implementation This is the legacy storage engine code. I've kept it as part of the core couch application because we'll always need to have at least one storage engine available. COUCHDB-3287 > Implement pluggable storage engines > --- > > Key: COUCHDB-3287 > URL: https://issues.apache.org/jira/browse/COUCHDB-3287 > Project: CouchDB > Issue Type: Improvement >Reporter: Paul Joseph Davis >Priority: Major > > Opening branches for the pluggable storage engine work described here: > http://mail-archives.apache.org/mod_mbox/couchdb-dev/201606.mbox/%3CCAJ_m3YDjA9xym_JRVtd6Xi7LX7Ajwc6EmH_wyCRD1jgTzk8mKA%40mail.gmail.com%3E -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (COUCHDB-3287) Implement pluggable storage engines
[ https://issues.apache.org/jira/browse/COUCHDB-3287?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16374935#comment-16374935 ] ASF subversion and git services commented on COUCHDB-3287: -- Commit 218c9fc550f73ec4daa10921e6d38d42c3949784 in couchdb's branch refs/heads/COUCHDB-3287-pluggable-storage-engines from [~paul.joseph.davis] [ https://gitbox.apache.org/repos/asf?p=couchdb.git;h=218c9fc ] Add couch_db_engine module This is the primary API for pluggable storage engines. This module serves as both a behavior and a call dispatch module for handling the engine state updates. COUCHDB-3287 > Implement pluggable storage engines > --- > > Key: COUCHDB-3287 > URL: https://issues.apache.org/jira/browse/COUCHDB-3287 > Project: CouchDB > Issue Type: Improvement >Reporter: Paul Joseph Davis >Priority: Major > > Opening branches for the pluggable storage engine work described here: > http://mail-archives.apache.org/mod_mbox/couchdb-dev/201606.mbox/%3CCAJ_m3YDjA9xym_JRVtd6Xi7LX7Ajwc6EmH_wyCRD1jgTzk8mKA%40mail.gmail.com%3E -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[GitHub] wohali commented on issue #1179: intermediate certs cut out of cert_file
wohali commented on issue #1179: intermediate certs cut out of cert_file URL: https://github.com/apache/couchdb/issues/1179#issuecomment-368128802 I know that native SSL support in CouchDB is almost entirely provided by the underlying Erlang implementation. If Erlang doesn't support the full chain in the main cert file, we can't either. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] davisp closed pull request #1178: Prevent chttpd multipart zombie processes
davisp closed pull request #1178: Prevent chttpd multipart zombie processes URL: https://github.com/apache/couchdb/pull/1178 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] artin-phares opened a new issue #1179: intermediate certs cut out of cert_file
artin-phares opened a new issue #1179: intermediate certs cut out of cert_file URL: https://github.com/apache/couchdb/issues/1179 I'm configuring https access to couchdb using letsencrypt certificates. ``` [ssl] port = 6984 cert_file = /etc/letsencrypt/live/mydomain/fullchain.pem key_file = /etc/letsencrypt/live/mydomain/privkey.pem ``` It works when I'm requesting couchdb from browser, but does not work when requesting from nodejs. ``` RequestError: Error: unable to verify the first certificate ``` Which means couchdb strips intermediate certificates from full chain. I've ensured that with `openssl s_client -connect mydomain:6984 -showcerts` So browser has all intermediate certificates in its trusted certs store, while nodejs lacks some and therefore it fails to verify the chain. I've managed to get it working with `cacert_file` option, passing chain explicitly. ``` [ssl] port = 6984 cert_file = /etc/letsencrypt/live/mydomain/cert.pem cacert_file = /etc/letsencrypt/live/mydomain/chain.pem key_file = /etc/letsencrypt/live/mydomain/privkey.pem ``` Is there any way couchdb can accept fullchain.pem's right in `cert_file`, without need to specify `cacert_file `? It would be bit easier and closer to nodejs, where we can pass full chain to cert: ``` https.createServer({key: ...'privkey.pem', cert: ...'fullchain.pem'}) ``` This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] sbatururimi commented on issue #71: Or-Clauses
sbatururimi commented on issue #71: Or-Clauses URL: https://github.com/apache/couchdb-nano/issues/71#issuecomment-368062857 Not really. Just propose to add that to the README. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] nickva commented on a change in pull request #1176: Implement pluggable authentication and session support for replicator
nickva commented on a change in pull request #1176: Implement pluggable authentication and session support for replicator URL: https://github.com/apache/couchdb/pull/1176#discussion_r170300058 ## File path: src/couch_replicator/src/couch_replicator_auth_session.erl ## @@ -0,0 +1,545 @@ +% Licensed under the Apache License, Version 2.0 (the "License"); you may not +% use this file except in compliance with the License. You may obtain a copy of +% the License at +% +% http://www.apache.org/licenses/LICENSE-2.0 +% +% Unless required by applicable law or agreed to in writing, software +% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +% License for the specific language governing permissions and limitations under +% the License. + + +% This is the replicator session auth plugin. It implements session based +% authentication for the replicator. The only public API are the functions from +% the couch_replicator_auth behaviour. Most of the logic and state is in the +% gen_server. An instance of a gen_server could be spawned for the source and +% target endpoints of each replication jobs. +% +% The workflow is roughly this: +% +% * On initialization, try to get a cookie in `refresh/1` If an error occurs, +%the crash. If `_session` endpoint fails with a 404 (not found), return +%`ignore` assuming session authentication is not support or we simply hit a +%non-CouchDb server. +% +% * Before each request, auth framework calls `update_headers` API function. +%Before updating the headers and returning, check if need to refresh again. +%The check looks `next_refresh` time. If that time is set (not `infinity`) +%and just expired, then obtain a new cookie, then update headers and +%return. +% +% * After each request, auth framework calls `handle_response` function. If +%request was successful check if a new cookie was sent by the server in the +%`Set-Cookie` header. If it was then then that becomes the current cookie. +% +% * If last request has an auth failure, check if request used a stale cookie +%In this case nothing is done, and the client is told to retry. Next time +%it updates its headers befor the request it should pick up the latest +%cookie. +% +% * If last request failed and cookie was the latest known cookie, schedule a +%refresh and tell client to retry. However, if the cookie was just updated, +%tell the client to continue such that it will handle the auth failure on +%its own via a set of retries with exponential backoffs. This is it to +%ensure if something goes wrong and one of the endpoints issues invalid +%cookies, replicator won't be stuck in a busy loop refreshing them. + + +-module(couch_replicator_auth_session). + + +-behaviour(couch_replicator_auth). +-behaviour(gen_server). + + +-export([ +initialize/1, +update_headers/2, +handle_response/4, +cleanup/1 +]). + +-export([ +init/1, +terminate/2, +handle_call/3, +handle_cast/2, +handle_info/2, +code_change/3, +format_status/2 +]). + + +-include_lib("ibrowse/include/ibrowse.hrl"). +-include_lib("couch_replicator/include/couch_replicator_api_wrap.hrl"). + + +-type headers() :: [{string(), string()}]. +-type code() :: non_neg_integer(). +-type creds() :: {string() | undefined, string() | undefined}. + + +% Behavior API callbacks + + +-spec initialize(#httpdb{}) -> {ok, #httpdb{}, term()} | ignore. +initialize(#httpdb{} = HttpDb) -> +case remove_creds(HttpDb) of +{ok, User, Pass, HttpDb1} -> +case gen_server:start_link(?MODULE, [User, Pass, HttpDb1], []) of +{ok, Pid} -> +{ok, HttpDb1, {Pid, 0}}; +ignore -> +ignore; +{error, Error} -> +{error, Error} +end; +{error, missing_credentials} -> +ignore; +{error, Error} -> +{error, Error} +end. + + +-spec update_headers(term(), headers()) -> {headers(), term()}. +update_headers({Pid, Epoch}, Headers) -> +Args = {update_headers, Headers, Epoch}, +{Headers1, Epoch1} = gen_server:call(Pid, Args, infinity), Review comment: Good call. Will do This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] flimzy commented on a change in pull request #250: Added information, how to increase connection limit
flimzy commented on a change in pull request #250: Added information, how to increase connection limit URL: https://github.com/apache/couchdb-documentation/pull/250#discussion_r170290758 ## File path: src/maintenance/performance.rst ## @@ -212,6 +212,21 @@ This TCP buffering behaviour can be disabled via .. seealso:: Bulk :ref:`load ` and :ref:`store ` API. +Connection limit + + +`MochiWeb`_ is handling CouchDB requests. +By default maximum number of connections is 2048. To change this limit, use Review comment: This sentence is ungrammatical. I suggest either "The default maximum number of connections is..." or "By default, the maximum number of connections is..." This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] flimzy commented on a change in pull request #250: Added information, how to increase connection limit
flimzy commented on a change in pull request #250: Added information, how to increase connection limit URL: https://github.com/apache/couchdb-documentation/pull/250#discussion_r170291192 ## File path: src/maintenance/performance.rst ## @@ -212,6 +212,21 @@ This TCP buffering behaviour can be disabled via .. seealso:: Bulk :ref:`load ` and :ref:`store ` API. +Connection limit + + +`MochiWeb`_ is handling CouchDB requests. +By default maximum number of connections is 2048. To change this limit, use +server_options configuration variable. 'max' indicates maximum number of Review comment: The sentence is also missing an article. It should read: "To change this limit, use the server_options configuration variable." This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] flimzy commented on a change in pull request #250: Added information, how to increase connection limit
flimzy commented on a change in pull request #250: Added information, how to increase connection limit URL: https://github.com/apache/couchdb-documentation/pull/250#discussion_r170291560 ## File path: src/maintenance/performance.rst ## @@ -212,6 +212,21 @@ This TCP buffering behaviour can be disabled via .. seealso:: Bulk :ref:`load ` and :ref:`store ` API. +Connection limit + + +`MochiWeb`_ is handling CouchDB requests. Review comment: I suggest rewording to: "MochiWeb handles CouchDB requests." The current wording is not incorrect, but is a bit awkward in native English. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] nickva commented on a change in pull request #250: Added information, how to increase connection limit
nickva commented on a change in pull request #250: Added information, how to increase connection limit URL: https://github.com/apache/couchdb-documentation/pull/250#discussion_r170286717 ## File path: src/maintenance/performance.rst ## @@ -212,6 +212,21 @@ This TCP buffering behaviour can be disabled via .. seealso:: Bulk :ref:`load ` and :ref:`store ` API. +Connection limit + + +`MochiWeb`_ is handling CouchDB requests. +By default maximum number of connections is 2048. To change this limit, use +server_options configuration variable. 'max' indicates maximum number of +connections. + +.. code-block:: ini + +[httpd] Review comment: For CouchDB 2.x I think this needs to be `[chttpd]` to be applied to the main (clustered) port (by default 5984). `[httpd]` would be for the backend (node local) port (by default 5986). For CouchDB 1.x `[httpd]` works. But I think that should be a separate PR against the 1.6.x branch. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] nickva commented on a change in pull request #250: Added information, how to increase connection limit
nickva commented on a change in pull request #250: Added information, how to increase connection limit URL: https://github.com/apache/couchdb-documentation/pull/250#discussion_r170285131 ## File path: src/maintenance/performance.rst ## @@ -212,6 +212,21 @@ This TCP buffering behaviour can be disabled via .. seealso:: Bulk :ref:`load ` and :ref:`store ` API. +Connection limit + + +`MochiWeb`_ is handling CouchDB requests. +By default maximum number of connections is 2048. To change this limit, use +server_options configuration variable. 'max' indicates maximum number of Review comment: Let's use backticks \` for config string like say \`server_options\` or \`max\` This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] rnewson commented on a change in pull request #1176: Implement pluggable authentication and session support for replicator
rnewson commented on a change in pull request #1176: Implement pluggable authentication and session support for replicator URL: https://github.com/apache/couchdb/pull/1176#discussion_r170285825 ## File path: src/couch_replicator/src/couch_replicator_auth_session.erl ## @@ -0,0 +1,545 @@ +% Licensed under the Apache License, Version 2.0 (the "License"); you may not +% use this file except in compliance with the License. You may obtain a copy of +% the License at +% +% http://www.apache.org/licenses/LICENSE-2.0 +% +% Unless required by applicable law or agreed to in writing, software +% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +% License for the specific language governing permissions and limitations under +% the License. + + +% This is the replicator session auth plugin. It implements session based +% authentication for the replicator. The only public API are the functions from +% the couch_replicator_auth behaviour. Most of the logic and state is in the +% gen_server. An instance of a gen_server could be spawned for the source and +% target endpoints of each replication jobs. +% +% The workflow is roughly this: +% +% * On initialization, try to get a cookie in `refresh/1` If an error occurs, +%the crash. If `_session` endpoint fails with a 404 (not found), return +%`ignore` assuming session authentication is not support or we simply hit a +%non-CouchDb server. +% +% * Before each request, auth framework calls `update_headers` API function. +%Before updating the headers and returning, check if need to refresh again. +%The check looks `next_refresh` time. If that time is set (not `infinity`) +%and just expired, then obtain a new cookie, then update headers and +%return. +% +% * After each request, auth framework calls `handle_response` function. If +%request was successful check if a new cookie was sent by the server in the +%`Set-Cookie` header. If it was then then that becomes the current cookie. +% +% * If last request has an auth failure, check if request used a stale cookie +%In this case nothing is done, and the client is told to retry. Next time +%it updates its headers befor the request it should pick up the latest +%cookie. +% +% * If last request failed and cookie was the latest known cookie, schedule a +%refresh and tell client to retry. However, if the cookie was just updated, +%tell the client to continue such that it will handle the auth failure on +%its own via a set of retries with exponential backoffs. This is it to +%ensure if something goes wrong and one of the endpoints issues invalid +%cookies, replicator won't be stuck in a busy loop refreshing them. + + +-module(couch_replicator_auth_session). + + +-behaviour(couch_replicator_auth). +-behaviour(gen_server). + + +-export([ +initialize/1, +update_headers/2, +handle_response/4, +cleanup/1 +]). + +-export([ +init/1, +terminate/2, +handle_call/3, +handle_cast/2, +handle_info/2, +code_change/3, +format_status/2 +]). + + +-include_lib("ibrowse/include/ibrowse.hrl"). +-include_lib("couch_replicator/include/couch_replicator_api_wrap.hrl"). + + +-type headers() :: [{string(), string()}]. +-type code() :: non_neg_integer(). +-type creds() :: {string() | undefined, string() | undefined}. + + +% Behavior API callbacks + + +-spec initialize(#httpdb{}) -> {ok, #httpdb{}, term()} | ignore. +initialize(#httpdb{} = HttpDb) -> +case remove_creds(HttpDb) of +{ok, User, Pass, HttpDb1} -> +case gen_server:start_link(?MODULE, [User, Pass, HttpDb1], []) of +{ok, Pid} -> +{ok, HttpDb1, {Pid, 0}}; +ignore -> +ignore; +{error, Error} -> +{error, Error} +end; +{error, missing_credentials} -> +ignore; +{error, Error} -> +{error, Error} +end. + + +-spec update_headers(term(), headers()) -> {headers(), term()}. +update_headers({Pid, Epoch}, Headers) -> +Args = {update_headers, Headers, Epoch}, +{Headers1, Epoch1} = gen_server:call(Pid, Args, infinity), Review comment: `infinity` timeout is a problem waiting to happen. I suggest a (small) multiple of the request timeout to cover the time that might be spent in a message queue. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] rnewson commented on a change in pull request #1176: Implement pluggable authentication and session support for replicator
rnewson commented on a change in pull request #1176: Implement pluggable authentication and session support for replicator URL: https://github.com/apache/couchdb/pull/1176#discussion_r170285923 ## File path: src/couch_replicator/src/couch_replicator_auth_session.erl ## @@ -0,0 +1,545 @@ +% Licensed under the Apache License, Version 2.0 (the "License"); you may not +% use this file except in compliance with the License. You may obtain a copy of +% the License at +% +% http://www.apache.org/licenses/LICENSE-2.0 +% +% Unless required by applicable law or agreed to in writing, software +% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +% License for the specific language governing permissions and limitations under +% the License. + + +% This is the replicator session auth plugin. It implements session based +% authentication for the replicator. The only public API are the functions from +% the couch_replicator_auth behaviour. Most of the logic and state is in the +% gen_server. An instance of a gen_server could be spawned for the source and +% target endpoints of each replication jobs. +% +% The workflow is roughly this: +% +% * On initialization, try to get a cookie in `refresh/1` If an error occurs, +%the crash. If `_session` endpoint fails with a 404 (not found), return +%`ignore` assuming session authentication is not support or we simply hit a +%non-CouchDb server. +% +% * Before each request, auth framework calls `update_headers` API function. +%Before updating the headers and returning, check if need to refresh again. +%The check looks `next_refresh` time. If that time is set (not `infinity`) +%and just expired, then obtain a new cookie, then update headers and +%return. +% +% * After each request, auth framework calls `handle_response` function. If +%request was successful check if a new cookie was sent by the server in the +%`Set-Cookie` header. If it was then then that becomes the current cookie. +% +% * If last request has an auth failure, check if request used a stale cookie +%In this case nothing is done, and the client is told to retry. Next time +%it updates its headers befor the request it should pick up the latest +%cookie. +% +% * If last request failed and cookie was the latest known cookie, schedule a +%refresh and tell client to retry. However, if the cookie was just updated, +%tell the client to continue such that it will handle the auth failure on +%its own via a set of retries with exponential backoffs. This is it to +%ensure if something goes wrong and one of the endpoints issues invalid +%cookies, replicator won't be stuck in a busy loop refreshing them. + + +-module(couch_replicator_auth_session). + + +-behaviour(couch_replicator_auth). +-behaviour(gen_server). + + +-export([ +initialize/1, +update_headers/2, +handle_response/4, +cleanup/1 +]). + +-export([ +init/1, +terminate/2, +handle_call/3, +handle_cast/2, +handle_info/2, +code_change/3, +format_status/2 +]). + + +-include_lib("ibrowse/include/ibrowse.hrl"). +-include_lib("couch_replicator/include/couch_replicator_api_wrap.hrl"). + + +-type headers() :: [{string(), string()}]. +-type code() :: non_neg_integer(). +-type creds() :: {string() | undefined, string() | undefined}. + + +% Behavior API callbacks + + +-spec initialize(#httpdb{}) -> {ok, #httpdb{}, term()} | ignore. +initialize(#httpdb{} = HttpDb) -> +case remove_creds(HttpDb) of +{ok, User, Pass, HttpDb1} -> +case gen_server:start_link(?MODULE, [User, Pass, HttpDb1], []) of +{ok, Pid} -> +{ok, HttpDb1, {Pid, 0}}; +ignore -> +ignore; +{error, Error} -> +{error, Error} +end; +{error, missing_credentials} -> +ignore; +{error, Error} -> +{error, Error} +end. + + +-spec update_headers(term(), headers()) -> {headers(), term()}. +update_headers({Pid, Epoch}, Headers) -> +Args = {update_headers, Headers, Epoch}, +{Headers1, Epoch1} = gen_server:call(Pid, Args, infinity), +{Headers1, {Pid, Epoch1}}. + + +-spec handle_response(term(), code(), headers(), term()) -> +{continue | retry, term()}. +handle_response({Pid, Epoch}, Code, Headers, Body) -> +Args = {handle_response, Code, Headers, Body, Epoch}, +{Retry, Epoch1} = gen_server:call(Pid, Args, infinity), +{Retry, {Pid, Epoch1}}. + + +-spec cleanup(term()) -> ok. +cleanup({Pid, _Epoch}) -> +gen_server:call(Pid, stop, infinity). + + +%% Definitions + +-define(MIN_UPDATE_INTERVAL, 5). + + +%% gen_server state + +-record(state, { +epoch = 0 :: non_neg_integer(), +cookie :: string() | undefined, +user :: string() | undefined, +pass :: string() | undefined,
[GitHub] rnewson commented on a change in pull request #1176: Implement pluggable authentication and session support for replicator
rnewson commented on a change in pull request #1176: Implement pluggable authentication and session support for replicator URL: https://github.com/apache/couchdb/pull/1176#discussion_r170285480 ## File path: src/couch_replicator/src/couch_replicator_auth_basic.erl ## @@ -0,0 +1,52 @@ +% Licensed under the Apache License, Version 2.0 (the "License"); you may not +% use this file except in compliance with the License. You may obtain a copy of +% the License at +% +% http://www.apache.org/licenses/LICENSE-2.0 +% +% Unless required by applicable law or agreed to in writing, software +% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +% License for the specific language governing permissions and limitations under +% the License. + +-module(couch_replicator_auth_basic). Review comment: the `http://user:pass@host/db` form is never what's sent in an http request, though. the user:pass part has to be converted to `Authentication: Basic `. That translation is happening elsewhere (in ibrowse), leaving this module empty. It's just a bit odd to call this module 'basic' as if it does basic auth, when in fact it does nothing (and basic auth happens independently). This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] janl closed issue #55: Feature: CouchDB 2.0 - Multiple View Queries
janl closed issue #55: Feature: CouchDB 2.0 - Multiple View Queries URL: https://github.com/apache/couchdb-nano/issues/55 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] janl commented on issue #55: Feature: CouchDB 2.0 - Multiple View Queries
janl commented on issue #55: Feature: CouchDB 2.0 - Multiple View Queries URL: https://github.com/apache/couchdb-nano/issues/55#issuecomment-368043954 Closing in favor of #56 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] janl commented on issue #63: Increase the minimum engine version
janl commented on issue #63: Increase the minimum engine version URL: https://github.com/apache/couchdb-nano/issues/63#issuecomment-368043808 Would take a PR for engine: 6+ This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] janl commented on issue #66: Is a native promise version planned
janl commented on issue #66: Is a native promise version planned URL: https://github.com/apache/couchdb-nano/issues/66#issuecomment-368043564 This is nice, wanna maybe add this to the README? Happy to merge a PR. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] janl closed issue #68: Can't create DBs via nano, but can do so via command line
janl closed issue #68: Can't create DBs via nano, but can do so via command line URL: https://github.com/apache/couchdb-nano/issues/68 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] janl commented on issue #70: Function db.get returns database information when empty docname provided
janl commented on issue #70: Function db.get returns database information when empty docname provided URL: https://github.com/apache/couchdb-nano/issues/70#issuecomment-368043233 Good bug, would accept a PR for this. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] janl commented on issue #71: Or-Clauses
janl commented on issue #71: Or-Clauses URL: https://github.com/apache/couchdb-nano/issues/71#issuecomment-368043100 @sbatururimi wanna submit a PR against the README? This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] janl commented on issue #56: Added support for multiple view queries
janl commented on issue #56: Added support for multiple view queries URL: https://github.com/apache/couchdb-nano/pull/56#issuecomment-368042828 Good patch, but we?ll have to insist on tests. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] janl closed pull request #57: remove extra apostrophe
janl closed pull request #57: remove extra apostrophe URL: https://github.com/apache/couchdb-nano/pull/57 This is a PR merged from a forked repository. As GitHub hides the original diff on merge, it is displayed below for the sake of provenance: As this is a foreign pull request (from a fork), the diff is supplied below (as it won't show otherwise due to GitHub magic): diff --git a/README.md b/README.md index b5fd8fc..4f78c27 100644 --- a/README.md +++ b/README.md @@ -377,7 +377,7 @@ Gets database information: ```js nano.db.info(function(err, body) { if (!err) { -console.log('got database info'', body); +console.log('got database info', body); } }); ``` This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] janl closed pull request #62: fix request dependency to ~2.81.0 to avoid later version which breaks?
janl closed pull request #62: fix request dependency to ~2.81.0 to avoid later version which breaks? URL: https://github.com/apache/couchdb-nano/pull/62 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] janl commented on issue #64: Update README.md
janl commented on issue #64: Update README.md URL: https://github.com/apache/couchdb-nano/pull/64#issuecomment-368042489 thanks This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] janl closed pull request #64: Update README.md
janl closed pull request #64: Update README.md URL: https://github.com/apache/couchdb-nano/pull/64 This is a PR merged from a forked repository. As GitHub hides the original diff on merge, it is displayed below for the sake of provenance: As this is a foreign pull request (from a fork), the diff is supplied below (as it won't show otherwise due to GitHub magic): diff --git a/README.md b/README.md index b5fd8fc..4f78c27 100644 --- a/README.md +++ b/README.md @@ -377,7 +377,7 @@ Gets database information: ```js nano.db.info(function(err, body) { if (!err) { -console.log('got database info'', body); +console.log('got database info', body); } }); ``` This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] janl commented on issue #69: fix typo in README example
janl commented on issue #69: fix typo in README example URL: https://github.com/apache/couchdb-nano/pull/69#issuecomment-368042347 thanks This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] janl closed issue #52: Feature: Couch 2.0 db.index Support
janl closed issue #52: Feature: Couch 2.0 db.index Support URL: https://github.com/apache/couchdb-nano/issues/52 This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] janl closed pull request #69: fix typo in README example
janl closed pull request #69: fix typo in README example URL: https://github.com/apache/couchdb-nano/pull/69 This is a PR merged from a forked repository. As GitHub hides the original diff on merge, it is displayed below for the sake of provenance: As this is a foreign pull request (from a fork), the diff is supplied below (as it won't show otherwise due to GitHub magic): diff --git a/README.md b/README.md index b5fd8fc..4f78c27 100644 --- a/README.md +++ b/README.md @@ -377,7 +377,7 @@ Gets database information: ```js nano.db.info(function(err, body) { if (!err) { -console.log('got database info'', body); +console.log('got database info', body); } }); ``` This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] janl closed pull request #72: Add couchdb 2.* index creation support
janl closed pull request #72: Add couchdb 2.* index creation support URL: https://github.com/apache/couchdb-nano/pull/72 This is a PR merged from a forked repository. As GitHub hides the original diff on merge, it is displayed below for the sake of provenance: As this is a foreign pull request (from a fork), the diff is supplied below (as it won't show otherwise due to GitHub magic): diff --git a/README.md b/README.md index b5fd8fc..d440d1e 100644 --- a/README.md +++ b/README.md @@ -33,9 +33,9 @@ or save `nano` as a dependency of your project with - [nano.db.list([callback])](#nanodblistcallback) - [nano.db.compact(name, [designname], [callback])](#nanodbcompactname-designname-callback) - [nano.db.replicate(source, target, [opts], [callback])](#nanodbreplicatesource-target-opts-callback) - - [nano.db.replication.enable(source, target, [opts], [callback])](#nanodbreplicatorenablesource-target-opts-callback) - - [nano.db.replication.query(id, [opts], [callback])](#nanodbreplicatorquery-id-opts-callback) - - [nano.db.replication.disable(id, [opts], [callback])](#nanodbreplicatordisable-id-opts-callback) + - [nano.db.replication.enable(source, target, [opts], [callback])](#nanodbreplicationenablesource-target-opts-callback) + - [nano.db.replication.query(id, [opts], [callback])](#nanodbreplicationenablesource-target-opts-callback) + - [nano.db.replication.disable(id, [opts], [callback])](#nanodbreplicationdisableid-opts-callback) - [nano.db.changes(name, [params], [callback])](#nanodbchangesname-params-callback) - [nano.db.follow(name, [params], [callback])](#nanodbfollowname-params-callback) - [nano.db.info([callback])](#nanodbinfocallback) @@ -53,7 +53,8 @@ or save `nano` as a dependency of your project with - [db.bulk(docs, [params], [callback])](#dbbulkdocs-params-callback) - [db.list([params], [callback])](#dblistparams-callback) - [db.fetch(docnames, [params], [callback])](#dbfetchdocnames-params-callback) - - [db.fetchRevs(docnames, [params], [callback])](#dbfetchRevsdocnames-params-callback) + - [db.fetchRevs(docnames, [params], [callback])](#dbfetchrevsdocnames-params-callback) + - [db.createIndex(indexDef, [callback])](#dbcreateindexindexdef-callback) - [Multipart functions](#multipart-functions) - [db.multipart.insert(doc, attachments, [params], [callback])](#dbmultipartinsertdoc-attachments-params-callback) - [db.multipart.get(docname, [params], [callback])](#dbmultipartgetdocname-params-callback) @@ -615,6 +616,21 @@ Bulk fetch of the revisions of the database documents, `docnames` are specified additional query string `params` can be specified, this is the same method as fetch but `include_docs` is not automatically set to `true`. +### db.createIndex(indexDef, [callback]) + +Create index on database fields, as specified in +[CouchDB doc](http://docs.couchdb.org/en/latest/api/database/find.html#db-index). + +```js +var indexDef = { + index: { fields: ['foo'] }, + name: 'fooindex' +}; +alice.createIndex(indexDef, function(err, result) { + console.log(result); +}); +``` + ## Multipart functions ### db.multipart.insert(doc, attachments, params, [callback]) diff --git a/lib/nano.js b/lib/nano.js index 70fec9a..69fed84 100644 --- a/lib/nano.js +++ b/lib/nano.js @@ -761,6 +761,15 @@ module.exports = exports = nano = function dbScope(cfg) { }, callback); } +function createIndex(indexDef, callback) { + return relax({ +db: dbName, +path: '_index', +method: 'POST', +body: indexDef + }, callback); +} + // db level exports docScope = { info: function(cb) { @@ -806,6 +815,7 @@ module.exports = exports = nano = function dbScope(cfg) { spatial: viewSpatial, view: viewDocs, find: find, + createIndex: createIndex, viewWithList: viewWithList, server: serverScope, replication: { diff --git a/tests/fixtures/document/create_index.json b/tests/fixtures/document/create_index.json new file mode 100644 index 000..a419823 --- /dev/null +++ b/tests/fixtures/document/create_index.json @@ -0,0 +1,19 @@ +[ + { "method" : "put" + , "path" : "/document_create_index" + , "status" : 201 + , "response" : "{ \"ok\": true }" + } +, { "method" : "put" + , "status" : 201 + , "path" : "/document_create_index/foobaz" + , "body" : "{\"foo\":\"baz\"}" + , "response" : "{\"ok\":true,\"id\":\"foobaz\",\"rev\":\"1-611488\"}" + } +, { "method" : "post" + , "path" : "/document_create_index/_index" + , "status" : 200 + , "body" : "{\"name\":\"fooindex\",\"index\":{\"fields\":[\"foo\"]}}" + , "response" : "{\"result\":\"created\",\"id\":\"_design/a7ee061f1a2c0c6882258b2f1e148b714e79ccea\",\"name\": \"fooindex\"}" + } +] diff --git a/tests/integration/document/create_index.js b/tests/integration/document/create_index.js new file mode 100644 index 000..dab3cee --- /dev/null +++
[GitHub] janl commented on issue #72: Add couchdb 2.* index creation support
janl commented on issue #72: Add couchdb 2.* index creation support URL: https://github.com/apache/couchdb-nano/pull/72#issuecomment-368042249 solid, thanks! This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] nickva commented on a change in pull request #1176: Implement pluggable authentication and session support for replicator
nickva commented on a change in pull request #1176: Implement pluggable authentication and session support for replicator URL: https://github.com/apache/couchdb/pull/1176#discussion_r170109817 ## File path: src/couch_replicator/src/couch_replicator_auth_session.erl ## @@ -0,0 +1,545 @@ +% Licensed under the Apache License, Version 2.0 (the "License"); you may not +% use this file except in compliance with the License. You may obtain a copy of +% the License at +% +% http://www.apache.org/licenses/LICENSE-2.0 +% +% Unless required by applicable law or agreed to in writing, software +% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +% License for the specific language governing permissions and limitations under +% the License. + + +% This is the replicator session auth plugin. It implements session based +% authentication for the replicator. The only public API are the functions from +% the couch_replicator_auth behaviour. Most of the logic and state is in the +% gen_server. An instance of a gen_server could be spawned for the source and +% target endpoints of each replication jobs. +% +% The workflow is roughly this: +% +% * On initialization, try to get a cookie in `refresh/1` If an error occurs, +%the crash. If `_session` endpoint fails with a 404 (not found), return +%`ignore` assuming session authentication is not support or we simply hit a +%non-CouchDb server. +% +% * Before each request, auth framework calls `update_headers` API function. +%Before updating the headers and returning, check if need to refresh again. +%The check looks `next_refresh` time. If that time is set (not `infinity`) +%and just expired, then obtain a new cookie, then update headers and +%return. +% +% * After each request, auth framework calls `handle_response` function. If +%request was successful check if a new cookie was sent by the server in the +%`Set-Cookie` header. If it was then then that becomes the current cookie. +% +% * If last request has an auth failure, check if request used a stale cookie +%In this case nothing is done, and the client is told to retry. Next time +%it updates its headers befor the request it should pick up the latest +%cookie. +% +% * If last request failed and cookie was the latest known cookie, schedule a +%refresh and tell client to retry. However, if the cookie was just updated, +%tell the client to continue such that it will handle the auth failure on +%its own via a set of retries with exponential backoffs. This is it to +%ensure if something goes wrong and one of the endpoints issues invalid +%cookies, replicator won't be stuck in a busy loop refreshing them. + + +-module(couch_replicator_auth_session). + + +-behaviour(couch_replicator_auth). +-behaviour(gen_server). + + +-export([ +initialize/1, +update_headers/2, +handle_response/4, +cleanup/1 +]). + +-export([ +init/1, +terminate/2, +handle_call/3, +handle_cast/2, +handle_info/2, +code_change/3, +format_status/2 +]). + + +-include_lib("ibrowse/include/ibrowse.hrl"). +-include_lib("couch_replicator/include/couch_replicator_api_wrap.hrl"). + + +-type headers() :: [{string(), string()}]. +-type code() :: non_neg_integer(). +-type creds() :: {string() | undefined, string() | undefined}. + + +% Behavior API callbacks + + +-spec initialize(#httpdb{}) -> {ok, #httpdb{}, term()} | ignore. +initialize(#httpdb{} = HttpDb) -> +case remove_creds(HttpDb) of +{ok, User, Pass, HttpDb1} -> +case gen_server:start_link(?MODULE, [User, Pass, HttpDb1], []) of +{ok, Pid} -> +{ok, HttpDb1, {Pid, 0}}; +ignore -> +ignore; +{error, Error} -> +{error, Error} +end; +{error, missing_credentials} -> +ignore; +{error, Error} -> +{error, Error} +end. + + +-spec update_headers(term(), headers()) -> {headers(), term()}. +update_headers({Pid, Epoch}, Headers) -> +Args = {update_headers, Headers, Epoch}, +{Headers1, Epoch1} = gen_server:call(Pid, Args, infinity), +{Headers1, {Pid, Epoch1}}. + + +-spec handle_response(term(), code(), headers(), term()) -> +{continue | retry, term()}. +handle_response({Pid, Epoch}, Code, Headers, Body) -> +Args = {handle_response, Code, Headers, Body, Epoch}, +{Retry, Epoch1} = gen_server:call(Pid, Args, infinity), +{Retry, {Pid, Epoch1}}. + + +-spec cleanup(term()) -> ok. +cleanup({Pid, _Epoch}) -> +gen_server:call(Pid, stop, infinity). + + +%% Definitions + +-define(MIN_UPDATE_INTERVAL, 5). + + +%% gen_server state + +-record(state, { +epoch = 0 :: non_neg_integer(), +cookie :: string() | undefined, +user :: string() | undefined, +pass :: string() | undefined, +
[GitHub] janl commented on issue #1160: Add support for Bcrypt password hashing
janl commented on issue #1160: Add support for Bcrypt password hashing URL: https://github.com/apache/couchdb/pull/1160#issuecomment-368027284 @pierrekilly nice work overall, and thanks again for the contribution. This is nearly ready to go, but it?d be great to get test coverage up a little bit. Namely, it?d be great to have a test that proves that: - [ ] after setting the password scheme to `bcrypt`: - [ ] that creation of users works - [ ] that users can authenticate - [ ] that the password scheme in the users doc is indeed `bcrypt` - [ ] for admin users in the couchdb config - [ ] that creation of admins works - [ ] that admins can authenticate - [ ] that the password scheme in the configuration is indeed `bcrypt` - [ ] that users with passwords hashed by different schemes can still log in, with the tasing scheme changed - [ ] create new user (has pbkdf2 hash) - [ ] change scheme to bcrypt - [ ] create new user (has bcrypt hash) - [ ] test that both users can still log in - [ ] change scheme back to pbkdf2 - [ ] test that both users can still log in This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] janl commented on issue #1160: Add support for Bcrypt password hashing
janl commented on issue #1160: Add support for Bcrypt password hashing URL: https://github.com/apache/couchdb/pull/1160#issuecomment-368027284 @pierrekilly nice work overall, and thanks again for the contribution. This is nearly ready to go, but it?d be great to get test coverage up a little bit. Namely, it?d be great to have a test that proves that: - [ ] after setting the password scheme to `bcrypt`: - [ ] that creation of users works - [ ] that users can authenticate - [ ] that the password scheme in the users doc is indeed `bcrypt` - [ ] for admin users in the couchdb config - [ ] that creation of admins works - [ ] that admins can authenticate - [ ] that the password scheme in the configuration is indeed `bcrypt` -[ ] that users with passwords hashed by different schemes can still log in, with the tasing scheme changed - [ ] create new user (has pbkdf2 hash) - [ ] change hash This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] janl commented on issue #1160: Add support for Bcrypt password hashing
janl commented on issue #1160: Add support for Bcrypt password hashing URL: https://github.com/apache/couchdb/pull/1160#issuecomment-368019167 Added LICENSE and NOTICE entries This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] janl commented on issue #1160: Add support for Bcrypt password hashing
janl commented on issue #1160: Add support for Bcrypt password hashing URL: https://github.com/apache/couchdb/pull/1160#issuecomment-368018221 I updated the dependency location and rebased master. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] janl commented on issue #1160: Add support for Bcrypt password hashing
janl commented on issue #1160: Add support for Bcrypt password hashing URL: https://github.com/apache/couchdb/pull/1160#issuecomment-368011878 We now have https://github.com/apache/couchdb-erlang-bcrypt This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] nickva commented on a change in pull request #1176: Implement pluggable authentication and session support for replicator
nickva commented on a change in pull request #1176: Implement pluggable authentication and session support for replicator URL: https://github.com/apache/couchdb/pull/1176#discussion_r170199307 ## File path: src/couch_replicator/src/couch_replicator_auth_session.erl ## @@ -0,0 +1,545 @@ +% Licensed under the Apache License, Version 2.0 (the "License"); you may not +% use this file except in compliance with the License. You may obtain a copy of +% the License at +% +% http://www.apache.org/licenses/LICENSE-2.0 +% +% Unless required by applicable law or agreed to in writing, software +% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +% License for the specific language governing permissions and limitations under +% the License. + + +% This is the replicator session auth plugin. It implements session based +% authentication for the replicator. The only public API are the functions from +% the couch_replicator_auth behaviour. Most of the logic and state is in the +% gen_server. An instance of a gen_server could be spawned for the source and +% target endpoints of each replication jobs. +% +% The workflow is roughly this: +% +% * On initialization, try to get a cookie in `refresh/1` If an error occurs, +%the crash. If `_session` endpoint fails with a 404 (not found), return +%`ignore` assuming session authentication is not support or we simply hit a +%non-CouchDb server. +% +% * Before each request, auth framework calls `update_headers` API function. +%Before updating the headers and returning, check if need to refresh again. +%The check looks `next_refresh` time. If that time is set (not `infinity`) +%and just expired, then obtain a new cookie, then update headers and +%return. +% +% * After each request, auth framework calls `handle_response` function. If +%request was successful check if a new cookie was sent by the server in the +%`Set-Cookie` header. If it was then then that becomes the current cookie. +% +% * If last request has an auth failure, check if request used a stale cookie +%In this case nothing is done, and the client is told to retry. Next time +%it updates its headers befor the request it should pick up the latest +%cookie. +% +% * If last request failed and cookie was the latest known cookie, schedule a +%refresh and tell client to retry. However, if the cookie was just updated, +%tell the client to continue such that it will handle the auth failure on +%its own via a set of retries with exponential backoffs. This is it to +%ensure if something goes wrong and one of the endpoints issues invalid +%cookies, replicator won't be stuck in a busy loop refreshing them. + + +-module(couch_replicator_auth_session). + + +-behaviour(couch_replicator_auth). +-behaviour(gen_server). + + +-export([ +initialize/1, +update_headers/2, +handle_response/4, +cleanup/1 +]). + +-export([ +init/1, +terminate/2, +handle_call/3, +handle_cast/2, +handle_info/2, +code_change/3, +format_status/2 +]). + + +-include_lib("ibrowse/include/ibrowse.hrl"). +-include_lib("couch_replicator/include/couch_replicator_api_wrap.hrl"). + + +-type headers() :: [{string(), string()}]. +-type code() :: non_neg_integer(). +-type creds() :: {string() | undefined, string() | undefined}. + + +% Behavior API callbacks + + +-spec initialize(#httpdb{}) -> {ok, #httpdb{}, term()} | ignore. +initialize(#httpdb{} = HttpDb) -> +case remove_creds(HttpDb) of +{ok, User, Pass, HttpDb1} -> +case gen_server:start_link(?MODULE, [User, Pass, HttpDb1], []) of Review comment: I moved initialization, where a lot of errors happen, out of the gen_server's `init/1` to the caller's process in `initialize/1. This way errors look a bit cleaner. This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] nickva commented on a change in pull request #1176: Implement pluggable authentication and session support for replicator
nickva commented on a change in pull request #1176: Implement pluggable authentication and session support for replicator URL: https://github.com/apache/couchdb/pull/1176#discussion_r170186070 ## File path: src/couch_replicator/src/couch_replicator_auth_basic.erl ## @@ -0,0 +1,52 @@ +% Licensed under the Apache License, Version 2.0 (the "License"); you may not +% use this file except in compliance with the License. You may obtain a copy of +% the License at +% +% http://www.apache.org/licenses/LICENSE-2.0 +% +% Unless required by applicable law or agreed to in writing, software +% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +% License for the specific language governing permissions and limitations under +% the License. + +-module(couch_replicator_auth_basic). Review comment: The idea is it preserves the current behavior better. For example, if credentials are put in the URL directly (`http://user:pass@host/db`) that's how they'd be passed to endpoints, as opposed to extracting them and applying them as basic auth headers. Most servers should handle basic auth headers but just in case there are some hand rolled ones that only know of one way to authenticate. Another incentive is to use this as a feature flag -- if this is the only plugin in the list, it effectively means "do the old behavior before the session auth commit". Is it worth doing it this way or would it be better to do the full extract and reapply? This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services