summaryrefslogtreecommitdiff
path: root/share/www/script
diff options
context:
space:
mode:
authorJohn Christopher Anderson <jchris@apache.org>2010-01-05 18:11:58 +0000
committerJohn Christopher Anderson <jchris@apache.org>2010-01-05 18:11:58 +0000
commit3a1f041e07c75001cf52cbae1391dcd801c17396 (patch)
tree749cf6441f847bea450f007b46b01a506beb4a58 /share/www/script
parent47d4f324ec2fe0e4ab907b8a023bc689c8192fb1 (diff)
merge account branch to apache branch
git-svn-id: https://svn.apache.org/repos/asf/couchdb/branches/account@896158 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'share/www/script')
-rw-r--r--share/www/script/couch.js62
-rw-r--r--share/www/script/couch_test_runner.js64
-rw-r--r--share/www/script/couch_tests.js1
-rw-r--r--share/www/script/futon.browse.js7
-rw-r--r--share/www/script/futon.js128
-rw-r--r--share/www/script/jquery.couch.js68
-rw-r--r--share/www/script/test/cookie_auth.js253
-rw-r--r--share/www/script/test/oauth.js13
-rw-r--r--share/www/script/test/users_db.js66
9 files changed, 517 insertions, 145 deletions
diff --git a/share/www/script/couch.js b/share/www/script/couch.js
index 19b98edb..21ea39b3 100644
--- a/share/www/script/couch.js
+++ b/share/www/script/couch.js
@@ -340,60 +340,34 @@ CouchDB.logout = function() {
return JSON.parse(CouchDB.last_req.responseText);
}
-CouchDB.createUser = function(username, password, email, roles, basicAuth) {
- var roles_str = ""
- if (roles) {
- for (var i=0; i< roles.length; i++) {
- roles_str += "&roles=" + encodeURIComponent(roles[i]);
- }
- }
- var headers = {"Content-Type": "application/x-www-form-urlencoded"};
- if (basicAuth) {
- headers['Authorization'] = basicAuth
- } else {
- headers['X-CouchDB-WWW-Authenticate'] = 'Cookie';
- }
-
- CouchDB.last_req = CouchDB.request("POST", "/_user/", {
- headers: headers,
- body: "username=" + encodeURIComponent(username) + "&password="
- + encodeURIComponent(password) + "&email="
- + encodeURIComponent(email) + roles_str
- });
+CouchDB.session = function(options) {
+ options = options || {};
+ CouchDB.last_req = CouchDB.request("GET", "/_session", options);
+ CouchDB.maybeThrowError(CouchDB.last_req);
return JSON.parse(CouchDB.last_req.responseText);
-}
-
-CouchDB.updateUser = function(username, email, roles, password, old_password) {
- var roles_str = ""
- if (roles) {
- for (var i=0; i< roles.length; i++) {
- roles_str += "&roles=" + encodeURIComponent(roles[i]);
- }
- }
+};
- var body = "email="+ encodeURIComponent(email)+ roles_str;
+CouchDB.user_prefix = "org.couchdb.user:";
- if (typeof(password) != "undefined" && password) {
- body += "&password=" + password;
+CouchDB.prepareUserDoc = function(user_doc, new_password) {
+ user_doc._id = user_doc._id || CouchDB.user_prefix + user_doc.username;
+ if (new_password) {
+ // handle the password crypto
+ user_doc.salt = CouchDB.newUuids(1)[0];
+ user_doc.password_sha = hex_sha1(new_password + user_doc.salt);
}
-
- if (typeof(old_password) != "undefined" && old_password) {
- body += "&old_password=" + old_password;
+ user_doc.type = "user";
+ if (!user_doc.roles) {
+ user_doc.roles = []
}
-
- CouchDB.last_req = CouchDB.request("PUT", "/_user/"+encodeURIComponent(username), {
- headers: {"Content-Type": "application/x-www-form-urlencoded",
- "X-CouchDB-WWW-Authenticate": "Cookie"},
- body: body
- });
- return JSON.parse(CouchDB.last_req.responseText);
-}
+ return user_doc;
+};
CouchDB.allDbs = function() {
CouchDB.last_req = CouchDB.request("GET", "/_all_dbs");
CouchDB.maybeThrowError(CouchDB.last_req);
return JSON.parse(CouchDB.last_req.responseText);
-}
+};
CouchDB.allDesignDocs = function() {
var ddocs = {}, dbs = CouchDB.allDbs();
diff --git a/share/www/script/couch_test_runner.js b/share/www/script/couch_test_runner.js
index a5ece9cd..ed67d744 100644
--- a/share/www/script/couch_test_runner.js
+++ b/share/www/script/couch_test_runner.js
@@ -63,6 +63,8 @@ var numFailures = 0;
var currentRow = null;
function runTest(button, callback, debug, noSave) {
+
+ // offer to save admins
if (currentRow != null) {
alert("Can not run multiple tests simultaneously.");
return;
@@ -116,6 +118,62 @@ function showSource(cell) {
win.document.location = "script/test/" + name + ".js";
}
+var readyToRun;
+function setupAdminParty(fun) {
+ if (readyToRun) {
+ fun();
+ } else {
+ function removeAdmins(confs, doneFun) {
+ // iterate through the config and remove current user last
+ // current user is at front of list
+ var remove = confs.pop();
+ if (remove) {
+ $.couch.config({
+ success : function() {
+ removeAdmins(confs, doneFun);
+ }
+ }, "admins", remove[0], null);
+ } else {
+ doneFun();
+ }
+ };
+ $.couch.session({
+ success : function(userCtx) {
+ if (userCtx.name && userCtx.roles.indexOf("_admin") != -1) {
+ // admin but not admin party. dialog offering to make admin party
+ $.showDialog("dialog/_admin_party.html", {
+ submit: function(data, callback) {
+ $.couch.config({
+ success : function(conf) {
+ var meAdmin, adminConfs = [];
+ for (var name in conf) {
+ if (name == userCtx.name) {
+ meAdmin = [name, conf[name]];
+ } else {
+ adminConfs.push([name, conf[name]]);
+ }
+ }
+ adminConfs.unshift(meAdmin);
+ removeAdmins(adminConfs, function() {
+ callback();
+ $.futon.session.sidebar();
+ readyToRun = true;
+ setTimeout(fun, 500);
+ });
+ }
+ }, "admins");
+ }
+ });
+ } else {
+ // not a logged in admin.
+ readyToRun = true;
+ fun();
+ };
+ }
+ });
+ }
+};
+
function updateTestsListing() {
for (var name in couchTests) {
var testFunction = couchTests[name];
@@ -128,7 +186,11 @@ function updateTestsListing() {
.find("td:nth(2)").addClass("details").end();
$("<button type='button' class='run' title='Run test'></button>").click(function() {
this.blur();
- runTest(this);
+ var self = this;
+ // check for admin party
+ setupAdminParty(function() {
+ runTest(self);
+ });
return false;
}).prependTo(row.find("th"));
row.attr("id", name).appendTo("#tests tbody.content");
diff --git a/share/www/script/couch_tests.js b/share/www/script/couch_tests.js
index 817bfa5e..5ae4f1d9 100644
--- a/share/www/script/couch_tests.js
+++ b/share/www/script/couch_tests.js
@@ -73,6 +73,7 @@ loadTest("security_validation.js");
loadTest("show_documents.js");
loadTest("stats.js");
loadTest("update_documents.js");
+loadTest("users_db.js");
loadTest("utf8.js");
loadTest("uuids.js");
loadTest("view_collation.js");
diff --git a/share/www/script/futon.browse.js b/share/www/script/futon.browse.js
index 437c30c2..4d06d283 100644
--- a/share/www/script/futon.browse.js
+++ b/share/www/script/futon.browse.js
@@ -294,7 +294,8 @@
fill_language();
}
}, "native_query_servers");
- }
+ },
+ error : function() {}
}, "query_servers");
}
@@ -727,7 +728,7 @@
},
- // Page class for browse/database.html
+ // Page class for browse/document.html
CouchDocumentPage: function() {
var urlParts = location.search.substr(1).split("/");
var dbName = decodeURIComponent(urlParts.shift());
@@ -1169,7 +1170,7 @@
return false;
}).prependTo($("a", li));
}
- }
+ },
});
diff --git a/share/www/script/futon.js b/share/www/script/futon.js
index 1f51bdee..33c72318 100644
--- a/share/www/script/futon.js
+++ b/share/www/script/futon.js
@@ -12,6 +12,130 @@
(function($) {
+ function Session() {
+
+ function doLogin(username, password, callback) {
+ $.couch.login({
+ username : username,
+ password : password,
+ success : function() {
+ $.futon.session.sidebar();
+ callback();
+ },
+ error : function(code, error, reason) {
+ $.futon.session.sidebar();
+ callback({username : "Error logging in: "+reason});
+ }
+ });
+ };
+
+ function doSignup(username, password, callback, runLogin) {
+ $.couch.signup({
+ username : username
+ }, password, {
+ success : function() {
+ if (runLogin) {
+ doLogin(username, password, callback);
+ } else {
+ callback();
+ }
+ },
+ error : function(status, error, reason) {
+ $.futon.session.sidebar();
+ if (error = "conflict") {
+ callback({username : "Name '"+username+"' is taken"});
+ } else {
+ callback({username : "Signup error: "+reason});
+ }
+ }
+ });
+ };
+
+ function validateUsernameAndPassword(data, callback) {
+ if (!data.username || data.username.length == 0) {
+ callback({username: "Please enter a username."});
+ return false;
+ };
+ if (!data.password || data.password.length == 0) {
+ callback({password: "Please enter a password."});
+ return false;
+ };
+ return true;
+ };
+
+ function createAdmin() {
+ $.showDialog("dialog/_create_admin.html", {
+ submit: function(data, callback) {
+ if (!validateUsernameAndPassword(data, callback)) return;
+ $.couch.config({
+ success : function() {
+ callback();
+ doLogin(data.username, data.password, callback);
+ doSignup(data.username, null, callback, false);
+ }
+ }, "admins", data.username, data.password);
+ }
+ });
+ return false;
+ };
+
+ function login() {
+ $.showDialog("dialog/_login.html", {
+ submit: function(data, callback) {
+ if (!validateUsernameAndPassword(data, callback)) return;
+ doLogin(data.username, data.password, callback);
+ }
+ });
+ return false;
+ };
+
+ function logout() {
+ $.couch.logout({
+ success : function(resp) {
+ $.futon.session.sidebar();
+ }
+ })
+ };
+
+ function signup() {
+ $.showDialog("dialog/_signup.html", {
+ submit: function(data, callback) {
+ if (!validateUsernameAndPassword(data, callback)) return;
+ doSignup(data.username, data.password, callback, true);
+ }
+ });
+ return false;
+ };
+
+ this.setupSidebar = function() {
+ $("#userCtx .login").click(login);
+ $("#userCtx .logout").click(logout);
+ $("#userCtx .signup").click(signup);
+ $("#userCtx .createadmin").click(createAdmin);
+ };
+
+ this.sidebar = function() {
+ // get users db info?
+ $("#userCtx span").hide();
+ $.couch.session({
+ success : function(userCtx) {
+ if (userCtx.name) {
+ $("#userCtx .username").text(userCtx.name).attr({href : "/_utils/document.html?users/org.couchdb.user%3A"+userCtx.name});
+ if (userCtx.roles.indexOf("_admin") != -1) {
+ $("#userCtx .loggedinadmin").show();
+ } else {
+ $("#userCtx .loggedin").show();
+ }
+ } else if (userCtx.roles.indexOf("_admin") != -1) {
+ $("#userCtx .adminparty").show();
+ } else {
+ $("#userCtx .loggedout").show();
+ };
+ }
+ })
+ };
+ };
+
function Navigation() {
var nav = this;
this.loaded = false;
@@ -233,6 +357,7 @@
$.futon = $.futon || {};
$.extend($.futon, {
navigation: new Navigation(),
+ session : new Session(),
storage: new Storage()
});
@@ -309,12 +434,15 @@
$.futon.navigation.updateDatabases();
$.futon.navigation.updateSelection();
$.futon.navigation.ready();
+ $.futon.session.setupSidebar();
+ $.futon.session.sidebar();
$.couch.info({
success: function(info, status) {
$("#version").text(info.version);
}
});
+
});
});
diff --git a/share/www/script/jquery.couch.js b/share/www/script/jquery.couch.js
index 6812ed9a..8328af60 100644
--- a/share/www/script/jquery.couch.js
+++ b/share/www/script/jquery.couch.js
@@ -20,7 +20,26 @@
return "_design/" + encodeURIComponent(parts.join('/'));
}
return encodeURIComponent(docID);
- }
+ };
+
+ function prepareUserDoc(user_doc, new_password) {
+ if (typeof hex_sha1 == "undefined") {
+ alert("creating a user doc requires sha1.js to be loaded in the page");
+ return;
+ }
+ var user_prefix = "org.couchdb.user:";
+ user_doc._id = user_doc._id || user_prefix + user_doc.username;
+ if (new_password) {
+ // handle the password crypto
+ user_doc.salt = $.couch.newUUID();
+ user_doc.password_sha = hex_sha1(new_password + user_doc.salt);
+ }
+ user_doc.type = "user";
+ if (!user_doc.roles) {
+ user_doc.roles = []
+ }
+ return user_doc;
+ };
uuidCache = [];
@@ -49,7 +68,9 @@
req.url += encodeURIComponent(option);
}
}
- if (value !== undefined) {
+ if (value === null) {
+ req.type = "DELETE";
+ } else if (value !== undefined) {
req.type = "PUT";
req.data = toJSON(value);
req.contentType = "application/json";
@@ -60,12 +81,46 @@
"An error occurred retrieving/updating the server configuration"
);
},
+
+ session: function(options) {
+ options = options || {};
+ $.ajax({
+ type: "GET", url: "/_session",
+ complete: function(req) {
+ var resp = $.httpData(req, "json");
+ if (req.status == 200) {
+ if (options.success) options.success(resp);
+ } else if (options.error) {
+ options.error(req.status, resp.error, resp.reason);
+ } else {
+ alert("An error occurred getting session info: " + resp.reason);
+ }
+ }
+ });
+ },
- // TODO make login/logout and db.login/db.logout DRY
+ userDb : function(callback) {
+ $.couch.session({
+ success : function(resp) {
+ var userDb = $.couch.db(resp.info.user_db);
+ callback(userDb);
+ }
+ });
+ },
+
+ signup: function(user_doc, password, options) {
+ options = options || {};
+ // prepare user doc based on name and password
+ user_doc = prepareUserDoc(user_doc, password);
+ $.couch.userDb(function(db) {
+ db.saveDoc(user_doc, options);
+ })
+ },
+
login: function(options) {
options = options || {};
$.ajax({
- type: "POST", url: "/_login", dataType: "json",
+ type: "POST", url: "/_session", dataType: "json",
data: {username: options.username, password: options.password},
complete: function(req) {
var resp = $.httpData(req, "json");
@@ -81,8 +136,10 @@
},
logout: function(options) {
options = options || {};
+ // TODO this should also login as the logged-out guy using basic auth
$.ajax({
- type: "POST", url: "/_logout", dataType: "json",
+ type: "DELETE", url: "/_session", dataType: "json",
+ username : "_", password : "_",
complete: function(req) {
var resp = $.httpData(req, "json");
if (req.status == 200) {
@@ -304,7 +361,6 @@
var keys = options["keys"];
delete options["keys"];
data = toJSON({ "keys": keys });
- console.log(data);
}
ajax({
type: type,
diff --git a/share/www/script/test/cookie_auth.js b/share/www/script/test/cookie_auth.js
index 0a42b4a9..9eadfee0 100644
--- a/share/www/script/test/cookie_auth.js
+++ b/share/www/script/test/cookie_auth.js
@@ -36,117 +36,192 @@ couchTests.cookie_auth = function(debug) {
usersDb.deleteDb();
usersDb.createDb();
+ // test that the users db is born with the auth ddoc
+ var ddoc = usersDb.open("_design/_auth");
+ T(ddoc.validate_doc_update);
+
+ // TODO test that changing the config so an existing db becomes the users db installs the ddoc also
+
var password = "3.141592653589";
// Create a user
- T(usersDb.save({
- _id: "a1",
- salt: "123",
- password_sha: hex_sha1(password + "123"),
+ var jasonUserDoc = CouchDB.prepareUserDoc({
username: "Jason Davies",
- author: "Jason Davies",
- type: "user",
- roles: ["_admin"]
- }).ok);
-
- var validationDoc = {
- _id : "_design/validate",
- validate_doc_update: "(" + (function (newDoc, oldDoc, userCtx) {
- // docs should have an author field.
- if (!newDoc._deleted && !newDoc.author) {
- throw {forbidden:
- "Documents must have an author field"};
- }
- if (oldDoc && oldDoc.author != userCtx.name) {
- throw {unauthorized:
- "You are not the author of this document. You jerk."+userCtx.name};
- }
- }).toString() + ")"
- };
-
- T(db.save(validationDoc).ok);
+ roles: ["dev"]
+ }, password);
+ T(usersDb.save(jasonUserDoc).ok);
+
+ var checkDoc = usersDb.open(jasonUserDoc._id);
+ T(checkDoc.username == "Jason Davies");
+
+ var jchrisUserDoc = CouchDB.prepareUserDoc({
+ username: "jchris@apache.org"
+ }, "funnybone");
+ T(usersDb.save(jchrisUserDoc).ok);
+
+ // make sure we cant create duplicate users
+ var duplicateJchrisDoc = CouchDB.prepareUserDoc({
+ username: "jchris@apache.org"
+ }, "eh, Boo-Boo?");
+ try {
+ usersDb.save(duplicateJchrisDoc)
+ T(false && "Can't create duplicate user names. Should have thrown an error.");
+ } catch (e) {
+ T(e.error == "conflict");
+ T(usersDb.last_req.status == 409);
+ }
+ // we can't create _usernames
+ var underscoreUserDoc = CouchDB.prepareUserDoc({
+ username: "_why"
+ }, "copperfield");
- T(CouchDB.login('Jason Davies', password).ok);
- // update the credentials document
- var doc = usersDb.open("a1");
- doc.foo=2;
- T(usersDb.save(doc).ok);
+ try {
+ usersDb.save(underscoreUserDoc)
+ T(false && "Can't create underscore user names. Should have thrown an error.");
+ } catch (e) {
+ T(e.error == "forbidden");
+ T(usersDb.last_req.status == 403);
+ }
+
+ // we can't create docs with malformed ids
+ var badIdDoc = CouchDB.prepareUserDoc({
+ username: "foo"
+ }, "bar");
+
+ badIdDoc._id = "org.apache.couchdb:w00x";
- // Save a document that's missing an author field.
try {
- // db has a validation function
- db.save({foo:1});
- T(false && "Can't get here. Should have thrown an error 2");
+ usersDb.save(badIdDoc)
+ T(false && "Can't create malformed docids. Should have thrown an error.");
} catch (e) {
T(e.error == "forbidden");
- T(db.last_req.status == 403);
+ T(usersDb.last_req.status == 403);
}
- // TODO should login() throw an exception here?
- T(!CouchDB.login('Jason Davies', "2.71828").ok);
- T(!CouchDB.login('Robert Allen Zimmerman', 'd00d').ok);
-
- // test redirect
- xhr = CouchDB.request("POST", "/_session?next=/", {
- headers: {"Content-Type": "application/x-www-form-urlencoded"},
- body: "username=Jason%20Davies&password="+encodeURIComponent(password)
- });
- // should this be a redirect code instead of 200?
- // The cURL adapter is returning the expected 302 here.
- // I imagine this has to do with whether the client is willing
- // to follow the redirect, ie, the browser follows and does a
- // GET on the returned Location
- T(xhr.status == 200 || xhr.status == 302);
-
- usersDb.deleteDb();
- // test user creation
- T(CouchDB.createUser("test", "testpassword", "test@somemail.com", ['read', 'write']).ok);
+ try {
+ usersDb.save(underscoreUserDoc)
+ T(false && "Can't create underscore user names. Should have thrown an error.");
+ } catch (e) {
+ T(e.error == "forbidden");
+ T(usersDb.last_req.status == 403);
+ }
- // make sure we create a unique user
- T(!CouchDB.createUser("test", "testpassword2", "test2@somemail.com", ['read', 'write']).ok);
+ // login works
+ T(CouchDB.login('Jason Davies', password).ok);
+ T(CouchDB.session().name == 'Jason Davies');
- // test login
- T(CouchDB.login("test", "testpassword").ok);
- T(!CouchDB.login('test', "testpassword2").ok);
+ // update one's own credentials document
+ jasonUserDoc.foo=2;
+ T(usersDb.save(jasonUserDoc).ok);
+
+ // TODO should login() throw an exception here?
+ T(!CouchDB.login('Jason Davies', "2.71828").ok);
+ T(!CouchDB.login('Robert Allen Zimmerman', 'd00d').ok);
+
+ // a failed login attempt should log you out
+ T(CouchDB.session().name != 'Jason Davies');
+
+ // test redirect
+ xhr = CouchDB.request("POST", "/_session?next=/", {
+ headers: {"Content-Type": "application/x-www-form-urlencoded"},
+ body: "username=Jason%20Davies&password="+encodeURIComponent(password)
+ });
+ // should this be a redirect code instead of 200?
+ // The cURL adapter is returning the expected 302 here.
+ // I imagine this has to do with whether the client is willing
+ // to follow the redirect, ie, the browser follows and does a
+ // GET on the returned Location
+ if (xhr.status == 200) {
+ T(/Welcome/.test(xhr.responseText))
+ } else {
+ T(xhr.status == 302)
+ T(xhr.getResponseHeader("Location"))
+ }
+
+ // test users db validations
+ //
+ // test that you can't update docs unless you are logged in as the user (or are admin)
+ T(CouchDB.login("jchris@apache.org", "funnybone").ok);
+ T(CouchDB.session().name == "jchris@apache.org");
+ T(CouchDB.session().roles.length == 0);
- // test update user without changing password
- T(CouchDB.updateUser("test", "test2@somemail.com").ok);
- result = usersDb.view("_auth/users", {key: "test"});
- T(result.rows[0].value['email'] == "test2@somemail.com");
-
-
- // test changing password
- result = usersDb.view("_auth/users", {key: "test"});
- T(CouchDB.updateUser("test", "test2@somemail.com", [], "testpassword2", "testpassword").ok);
- result1 = usersDb.view("_auth/users", {key: "test"});
- T(result.rows[0].value['password_sha'] != result1.rows[0].value['password_sha']);
+ jasonUserDoc.foo=3;
+
+ try {
+ usersDb.save(jasonUserDoc)
+ T(false && "Can't update someone else's user doc. Should have thrown an error.");
+ } catch (e) {
+ T(e.error == "forbidden");
+ T(usersDb.last_req.status == 403);
+ }
+
+ // test that you can't edit roles unless you are admin
+ jchrisUserDoc.roles = ["foo"];
+ try {
+ usersDb.save(jchrisUserDoc)
+ T(false && "Can't set roles unless you are admin. Should have thrown an error.");
+ } catch (e) {
+ T(e.error == "forbidden");
+ T(usersDb.last_req.status == 403);
+ }
- // test changing password with passing old password
- T(!CouchDB.updateUser("test", "test2@somemail.com", [], "testpassword2").ok);
+ T(CouchDB.logout().ok);
+ T(CouchDB.session().roles[0] == "_admin");
+
+ jchrisUserDoc.foo = ["foo"];
+ T(usersDb.save(jchrisUserDoc).ok);
+
+ // test that you can't save system (underscore) roles even if you are admin
+ jchrisUserDoc.roles = ["_bar"];
- // test changing password whith bad old password
- T(!CouchDB.updateUser("test", "test2@somemail.com", [], "testpassword2", "badpasswword").ok);
+ try {
+ usersDb.save(jchrisUserDoc)
+ T(false && "Can't add system roles to user's db. Should have thrown an error.");
+ } catch (e) {
+ T(e.error == "forbidden");
+ T(usersDb.last_req.status == 403);
+ }
- // Only admins can change roles
- T(!CouchDB.updateUser("test", "test2@somemail.com", ['read', 'write']).ok);
+ // make sure the foo role has been applied
+ T(CouchDB.login("jchris@apache.org", "funnybone").ok);
+ T(CouchDB.session().name == "jchris@apache.org");
+ T(CouchDB.session().roles.indexOf("_admin") == -1);
+ T(CouchDB.session().roles.indexOf("foo") != -1);
+ // now let's make jchris a server admin
T(CouchDB.logout().ok);
+ T(CouchDB.session().roles[0] == "_admin");
+ T(CouchDB.session().name == null);
- T(CouchDB.updateUser("test", "test2@somemail.com").ok);
- result = usersDb.view("_auth/users", {key: "test"});
- T(result.rows[0].value['email'] == "test2@somemail.com");
-
- // test changing password, we don't need to set old password when we are admin
- result = usersDb.view("_auth/users", {key: "test"});
- T(CouchDB.updateUser("test", "test2@somemail.com", [], "testpassword3").ok);
- result1 = usersDb.view("_auth/users", {key: "test"});
- T(result.rows[0].value['password_sha'] != result1.rows[0].value['password_sha']);
-
- // Only admins can change roles
- T(CouchDB.updateUser("test", "test2@somemail.com", ['read']).ok);
+ // set the -hashed- password so the salt matches
+ // todo ask on the ML about this
+ run_on_modified_server([{section: "admins",
+ key: "jchris@apache.org", value: "funnybone"}], function() {
+ T(CouchDB.login("jchris@apache.org", "funnybone").ok);
+ T(CouchDB.session().name == "jchris@apache.org");
+ T(CouchDB.session().roles.indexOf("_admin") != -1);
+ // test that jchris still has the foo role
+ T(CouchDB.session().roles.indexOf("foo") != -1);
+
+ // should work even when user doc has no password
+ jchrisUserDoc = usersDb.open(jchrisUserDoc._id);
+ delete jchrisUserDoc.salt;
+ delete jchrisUserDoc.password_sha;
+ T(usersDb.save(jchrisUserDoc).ok);
+ T(CouchDB.logout().ok);
+ T(CouchDB.login("jchris@apache.org", "funnybone").ok);
+ var s = CouchDB.session();
+ T(s.name == "jchris@apache.org");
+ T(s.roles.indexOf("_admin") != -1);
+ // test session info
+ T(s.info.authenticated == "{couch_httpd_auth, cookie_authentication_handler}");
+ T(s.info.user_db == "test_suite_users");
+ // test that jchris still has the foo role
+ T(CouchDB.session().roles.indexOf("foo") != -1);
+ });
} finally {
// Make sure we erase any auth cookies so we don't affect other tests
@@ -157,7 +232,7 @@ couchTests.cookie_auth = function(debug) {
run_on_modified_server(
[{section: "httpd",
key: "authentication_handlers",
- value: "{couch_httpd_auth, cookie_authentication_handler}"},
+ value: "{couch_httpd_auth, cookie_authentication_handler}, {couch_httpd_auth, default_authentication_handler}"},
{section: "couch_httpd_auth",
key: "secret", value: generateSecret(64)},
{section: "couch_httpd_auth",
diff --git a/share/www/script/test/oauth.js b/share/www/script/test/oauth.js
index 5c6c0083..89e0aaf8 100644
--- a/share/www/script/test/oauth.js
+++ b/share/www/script/test/oauth.js
@@ -97,6 +97,8 @@ couchTests.oauth = function(debug) {
CouchDB.request("GET", "/_sleep?time=50");
+ CouchDB.newUuids(2); // so we have one to make the salt
+
CouchDB.request("PUT", "http://" + host + "/_config/couch_httpd_auth/require_valid_user", {
headers: {
"X-Couch-Persist": "false",
@@ -113,7 +115,14 @@ couchTests.oauth = function(debug) {
usersDb.createDb();
// Create a user
- T(CouchDB.createUser("jason", "testpassword", "test@somemail.com", ['test'], adminBasicAuthHeaderValue()).ok);
+ // T(CouchDB.createUser("jason", "testpassword", "test@somemail.com", ['test'], adminBasicAuthHeaderValue()).ok);
+ // Create a user
+ var jasonUserDoc = CouchDB.prepareUserDoc({
+ username: "jason",
+ roles: ["test"]
+ }, "testpassword");
+ T(usersDb.save(jasonUserDoc).ok);
+
var accessor = {
consumerSecret: consumerSecret,
@@ -227,7 +236,7 @@ couchTests.oauth = function(debug) {
run_on_modified_server(
[
{section: "httpd",
- key: "WWW-Authenticate", value: 'Basic realm="administrator",OAuth'},
+ key: "WWW-Authenticate", value: 'OAuth'},
{section: "couch_httpd_auth",
key: "secret", value: generateSecret(64)},
{section: "couch_httpd_auth",
diff --git a/share/www/script/test/users_db.js b/share/www/script/test/users_db.js
new file mode 100644
index 00000000..9e8024f6
--- /dev/null
+++ b/share/www/script/test/users_db.js
@@ -0,0 +1,66 @@
+// Licensed under the Apache License, Version 2.0 (the "License"); you may not
+// use this file except in compliance with the License. You may obtain a copy
+// of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+// License for the specific language governing permissions and limitations under
+// the License.
+
+couchTests.users_db = function(debug) {
+ // This tests the users db, especially validations
+ // this should also test that you can log into the couch
+
+ var usersDb = new CouchDB("test_suite_users", {"X-Couch-Full-Commit":"false"});
+
+ // test that you can treat "_user" as a db-name
+ // this can complicate people who try to secure the users db with
+ // an http proxy and fail to get both the actual db and the _user path
+ // maybe it's not the right approach...
+ // hard to know what else to do, as we don't let non-admins inspect the config
+ // to determine the actual users db name.
+
+ function testFun() {
+ usersDb.deleteDb();
+
+ // test that the validation function is installed
+ var ddoc = usersDb.open("_design/_auth");
+ T(ddoc.validate_doc_update);
+
+ // test that you can login as a user using basic auth
+ var jchrisUserDoc = CouchDB.prepareUserDoc({
+ username: "jchris@apache.org"
+ }, "funnybone");
+ T(usersDb.save(jchrisUserDoc).ok);
+
+ T(CouchDB.session().name == null);
+ var s = CouchDB.session({
+ headers : {
+ "Authorization" : "Basic amNocmlzQGFwYWNoZS5vcmc6ZnVubnlib25l"
+ }
+ });
+ T(s.name == "jchris@apache.org");
+ T(s.info.authenticated == "{couch_httpd_auth, default_authentication_handler}");
+ T(s.info.user_db == "test_suite_users");
+ TEquals(["{couch_httpd_oauth, oauth_authentication_handler}",
+ "{couch_httpd_auth, cookie_authentication_handler}",
+ "{couch_httpd_auth, default_authentication_handler}"], s.info.handlers);
+ var s = CouchDB.session({
+ headers : {
+ "Authorization" : "Basic Xzpf" // username and pass of _:_
+ }
+ });
+ T(s.name == null);
+ T(s.info.authenticated == "{couch_httpd_auth, default_authentication_handler}");
+ };
+
+ run_on_modified_server(
+ [{section: "couch_httpd_auth",
+ key: "authentication_db", value: "test_suite_users"}],
+ testFun
+ );
+
+} \ No newline at end of file