summaryrefslogtreecommitdiff
path: root/share/www/script
diff options
context:
space:
mode:
authorJohn Christopher Anderson <jchris@apache.org>2009-06-27 13:36:29 +0000
committerJohn Christopher Anderson <jchris@apache.org>2009-06-27 13:36:29 +0000
commit11e6db89380142ada9638d02614beea2952d9b86 (patch)
tree6deb7390e4f00f26d9f283fe871df91282699ecd /share/www/script
parentf3683b4e5ff7416d3354c237933ff6cb65b8b74e (diff)
A /_whoami handler to provide client apps with access to the active userCtx for their session.
Thanks to the CouchDB University students and janl for helping to implement this. git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@788971 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'share/www/script')
-rw-r--r--share/www/script/test/security_validation.js13
1 files changed, 13 insertions, 0 deletions
diff --git a/share/www/script/test/security_validation.js b/share/www/script/test/security_validation.js
index a41d8d70..1c185c01 100644
--- a/share/www/script/test/security_validation.js
+++ b/share/www/script/test/security_validation.js
@@ -60,6 +60,11 @@ couchTests.security_validation = function(debug) {
T(wrongPasswordDb.last_req.status == 401);
}
+ // test force_login=true.
+ var resp = wrongPasswordDb.request("GET", "/_whoami?force_login=true");
+ var err = JSON.parse(resp.responseText);
+ T(err.error == "unauthorized");
+ T(resp.status == 401);
// Create the design doc that will run custom validation code
var designDoc = {
@@ -99,6 +104,14 @@ couchTests.security_validation = function(debug) {
T(userDb.save(designDoc).ok);
+ // test the _whoami endpoint
+ var resp = userDb.request("GET", "/_whoami");
+ var user = JSON.parse(resp.responseText)
+ T(user.name == "Damien Katz");
+ // test that the roles are listed properly
+ TEquals(user.roles, []);
+
+
// update the document
var doc = userDb.open("testdoc");
doc.foo=2;