On Aug 5, 2010, at 7:11 AM, Mahendra M wrote: > Hi, > > I was trying to setup and use couchdb http cookie auth. I could > not find any "official" documentation for the same. A bit of searching around > gave me these. > > 1. http://pierrel.posterous.com/securing-couchdb (seems new) > 2. http://www.mail-archive.com/[email protected]/msg02631.html (2009) > 3. > http://www.jasondavies.com/blog/2009/05/27/secure-cookie-authentication-couchdb > > My requirement is this. > * Have one db with user related docs. > * The key of the doc is the userid > * The sha1 hashed password for each user is stored in his doc. > * I want to issue cookies based on a userid and password posted to couchdb. >
This is pretty much how the built-in auth works. Jan is working on a document here: http://wiki.couchapp.org/page/authn-preview The other thing to do is just use the signup and login buttons on Futon to do the same thing. Look in the lower right corner of http://localhost:5984/_utils/ I have code here that also does signup and login (using the jquery plugin that ships with couch) http://github.com/couchapp/couchapp/blob/master/vendor/evently/account/doSignup.js > Originally, I was trying on writing my own show function to do an > auth. Then I saw > that couchdb itself has support for doing this. > > The methods discussed in the above thread(s) are really good and I wanted to > try it out. However, it is not working even after following both the examples. > > I keep getting an error > {"error":"unauthorized","reason":"Name or password is incorrect."} > > The debug logs also don't give out much information. > > Looks like I have not set up things properly and the above docs are a bit > confusing. Also, could not find anything on the couchdb wiki. > > So, I wanted to check if there is any other documentation on how to make > use of http cookie auth. > > Or has anyone tried and got it working ? > > In link(1), it explains how to setup a single auth scheme for a couchdb node > and > making use of /_session to get a cookie. > > In link(2), it looks like adding _login and _logout handlers to each > db. Does this > mean that each db can have it's own user/password sets ? Also, what parameters > must be passed to _login ? Also, this says that the "users" view > values must have > a member "password" whereas the previous link asks for a member > "password_sha". > > Which is the correct approach to follow ? or are both valid ? > I am a bit confused as of now :-) > > Regards, > Mahendra > > http://twitter.com/mahendra
