On Sun, Sep 13, 2009 at 11:16 PM, Chris Anderson <[email protected]> wrote:
> On Sun, Sep 13, 2009 at 1:31 AM, Debasish Ghosh > <[email protected]> wrote: > > I think I am doing something wrong. Would appreciate any help on this ... > > In my local.ini, I have set up the following : > > > > [admins] > > [jchris = secretpass > > > > [httpd] > > authentication_handlers = {couch_httpd, default_authentication_handler} > > > > and I create a database using > > > > curl -vX PUT http://jchris:secretp...@localhost:5984/albums > > > > I get : {ok, true} > > > > How do I get the _session handler that you have mentioned ? Doing a .. > > > > $ curl http://jchris:mysecretpassw...@localhost:5984/_session > > > > this "just works" for me. I'm not sure about cookie etc... I just give > my creds on the curl line and _session gives me back the userCtx. > >> creds on the curl line means as u have mentioned .. >> $ curl http://jchris:mysecretpassw...@localhost:5984/_session ? >> hmm .. doesn't work for me :( .. It gives me something like "illegal database name" on _session .. >> I am using an April snapshot of 0.10. I will try switching to a more recent snapshot .. >> Will u mind sharing the local.ini & default.ini ? > I'm running from couchdb trunk but I think anything in the 0.10.x > branch should work for this. > > > obviously doesn't work, since I have not set anything in the session and > it > > gives me an error. You have mentioned in the mail "when you are > > properly logged in". Do I have to handle user login myself through some > > pluggable login module ? I think I am missing something here. Help! > > > > Thanks. > > - Debasish > > > > On Sun, Sep 13, 2009 at 10:46 AM, Chris Anderson <[email protected]> > wrote: > > > >> On Sat, Sep 12, 2009 at 7:47 AM, Debasish Ghosh > >> <[email protected]> wrote: > >> > Hi - > >> > > >> > The validation function validate_doc_update takes 3 parameters, > newdoc, > >> > olddoc and userContext. I am trying to get my head into how the > >> > authentication and authorization stuff is related to this. The CouchDB > >> book > >> > has the following code snippet in 7.2.4 Authorship section .. > >> > function(newDoc, oldDoc, userCtx) { > >> > if (newDoc.author) { > >> > enforce(newDoc.author == userCtx.author, > >> > "You may only update documents with author " + userCtx.author); > >> > } > >> > } > >> > > >> > In my linux environment, when I run CouchDB validation functions with > a > >> > user-id and password setup in local.ini under [admins], I get the > >> following > >> > as the contents of the third parameter of the validation function :- > >> > > >> > {"db" : "test", "name" : null, "roles" : []} > >> > > >> > In the above snippet from the book there appears to be a field > >> > userCtx.author. Just wondering how to get it here and why I am not > seeing > >> it > >> > in my output. > >> > > >> > >> heh, thanks for the catch.. It should read: > >> > >> enforce(newDoc.author == userCtx.name > >> > >> > Also any pointer on the security, authentication and authorization > part > >> will > >> > be appreciated. > >> > > >> > >> I'm not sure, but you should be getting more when you are properly > >> logged in -- this is worth investigating more. What do you get for > >> this?: > >> > >> $ curl http://jchris:mysecretpassw...@localhost:5984/_session > >> {"ok":true,"name":"jchris","roles":["_admin"]} > >> > >> > >> > Thanks in advance .. > >> > - Debasish > >> > > >> > >> > >> > >> -- > >> Chris Anderson > >> http://jchrisa.net > >> http://couch.io > >> > > > > > > -- > Chris Anderson > http://jchrisa.net > http://couch.io >
