summaryrefslogtreecommitdiff
path: root/share
diff options
context:
space:
mode:
authorJohn Christopher Anderson <jchris@apache.org>2010-01-09 19:05:31 +0000
committerJohn Christopher Anderson <jchris@apache.org>2010-01-09 19:05:31 +0000
commita4d7386889ac73a69592a9c4b4e26f6c44b8e46f (patch)
tree6f60b7bf2b418c6c94729f7c2dfd7c9dc92081c3 /share
parent9c3377b041f07be4bef472c0cd19cfe6e97f194d (diff)
better validations on users db
git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@897521 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'share')
-rw-r--r--share/www/script/test/cookie_auth.js17
-rw-r--r--share/www/script/test/users_db.js4
2 files changed, 12 insertions, 9 deletions
diff --git a/share/www/script/test/cookie_auth.js b/share/www/script/test/cookie_auth.js
index 9eadfee0..125a6dcb 100644
--- a/share/www/script/test/cookie_auth.js
+++ b/share/www/script/test/cookie_auth.js
@@ -99,14 +99,6 @@ couchTests.cookie_auth = function(debug) {
T(e.error == "forbidden");
T(usersDb.last_req.status == 403);
}
-
- try {
- usersDb.save(underscoreUserDoc)
- T(false && "Can't create underscore user names. Should have thrown an error.");
- } catch (e) {
- T(e.error == "forbidden");
- T(usersDb.last_req.status == 403);
- }
// login works
T(CouchDB.login('Jason Davies', password).ok);
@@ -115,6 +107,15 @@ couchTests.cookie_auth = function(debug) {
// update one's own credentials document
jasonUserDoc.foo=2;
T(usersDb.save(jasonUserDoc).ok);
+ T(CouchDB.session().roles.indexOf("_admin") == -1);
+ // can't delete another users doc unless you are admin
+ try {
+ usersDb.deleteDoc(jchrisUserDoc);
+ T(false && "Can't delete other users docs. Should have thrown an error.");
+ } catch (e) {
+ T(e.error == "forbidden");
+ T(usersDb.last_req.status == 403);
+ }
// TODO should login() throw an exception here?
T(!CouchDB.login('Jason Davies', "2.71828").ok);
diff --git a/share/www/script/test/users_db.js b/share/www/script/test/users_db.js
index 2cf63fcf..c287ce68 100644
--- a/share/www/script/test/users_db.js
+++ b/share/www/script/test/users_db.js
@@ -37,13 +37,15 @@ couchTests.users_db = function(debug) {
T(usersDb.save(jchrisUserDoc).ok);
T(CouchDB.session().name == null);
+
+ // test that you can use basic auth aginst the users db
var s = CouchDB.session({
headers : {
"Authorization" : "Basic amNocmlzQGFwYWNoZS5vcmc6ZnVubnlib25l"
}
});
T(s.name == "jchris@apache.org");
- T(s.user_doc._id == "org.couchdb.user:jchris@apache.org")
+ T(s.user_doc._id == "org.couchdb.user:jchris@apache.org");
T(s.info.authenticated == "{couch_httpd_auth, default_authentication_handler}");
T(s.info.user_db == "test_suite_users");
TEquals(["{couch_httpd_oauth, oauth_authentication_handler}",