A /_whoami handler to provide client apps with access to the active userCtx for their session.

Thanks to the CouchDB University students and janl for helping to implement this.


git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@788971 13f79535-47bb-0310-9956-ffa450edef68

1 files changed, 13 insertions, 0 deletions

diff --git a/share/www/script/test/security_validation.js b/share/www/script/test/security_validation.js
index a41d8d70..1c185c01 100644
--- a/share/www/script/test/security_validation.js
+++ b/share/www/script/test/security_validation.js
@@ -60,6 +60,11 @@ couchTests.security_validation = function(debug) {
         T(wrongPasswordDb.last_req.status == 401);
       }
 
+      // test force_login=true. 
+      var resp = wrongPasswordDb.request("GET", "/_whoami?force_login=true");    
+      var err = JSON.parse(resp.responseText);
+      T(err.error == "unauthorized");
+      T(resp.status == 401);
 
       // Create the design doc that will run custom validation code
       var designDoc = {
@@ -99,6 +104,14 @@ couchTests.security_validation = function(debug) {
 
       T(userDb.save(designDoc).ok);
 
+      // test the _whoami endpoint
+      var resp = userDb.request("GET", "/_whoami");
+      var user = JSON.parse(resp.responseText)
+      T(user.name == "Damien Katz");
+      // test that the roles are listed properly
+      TEquals(user.roles, []);
+      
+
       // update the document
       var doc = userDb.open("testdoc");
       doc.foo=2;