Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authorization header missing when using HTTP Basic authentication #109

Closed
ozexpert opened this issue Jul 10, 2016 · 7 comments
Closed

Authorization header missing when using HTTP Basic authentication #109

ozexpert opened this issue Jul 10, 2016 · 7 comments
Assignees
@ptitjes
Labels
bug help wanted

Comments

@ozexpert
Copy link

Your document says if calling changePassword function, only server admin and the user itself can use, otherwise 400.

let say i have

var pouchDB = new PouchDB('http://adminuser:[email protected]:5984/_users')

when I call pouchDB.allDocs() I can see Authorization header Basic XXXXXX
but when calling pouchDB.changePassword() I don't see the Authorization header, thus server admin cannot update the password as well. Am i doing something wrong?
@nolanlawson
Copy link
Member

This may be a bug. Can you provide a snippet of code to reproduce?

BTW it's generally unadvised to insert the username and password in the URL; CouchDB authentication works best with cookie-based authorization rather than HTTP Basic Authorization.

@ozexpert
Copy link
Author

ozexpert commented Jul 10, 2016
edited
Loading

Yeah. I coded this from console..
very simple to test. So instead I just used PouchDB's put command to update password and worked.

Look at the header when changePassword() is triggered, no authorization

var pouchDB = new PouchDB('http://adminuser:[email protected]:5984/_users')
pouchDB.changePassword('yourusername', 'password').then((data) => { console.log(data); });

@nolanlawson
Copy link
Member

Thanks, I can reproduce this bug. The problem is that we're getting a 404 due to the headers not being sent in. Same thing happens using options.auth. This is probably a bug I introduced recently when fixing things for PouchDB 5.4.x.

@nolanlawson
Copy link
Member

BTW I'll note that the workaround for this issue is to use cookie-based authentication rather than regular HTTP authentication. Also if you tested from console, I assume you mean Node.js, which isn't officially supported by this library...?

nolanlawson added a commit that referenced this issue Jul 11, 2016
@nolanlawson
(#109) - start trying to test #109
d777314
@nolanlawson
Copy link
Member

I don't have time to work on this right now, but anybody with the motivation and desire would just need to make sure that the ajax opts extend from the ajax opts applied to the original database, i.e. the username and password, and then add a test to capture this case.

@nolanlawson
Copy link
Member

Took a crack at this, but it's annoying impossible to test because CouchDB doesn't have a programmatic way to enable and disable Admin Party. So to run the tests you'd need to permanently disable Admin party.

@nolanlawson nolanlawson changed the title Authorization header missing Authorization header missing when using HTTP Basic authentication Jul 12, 2016
@ozexpert
Copy link
Author

this is also happening on getSession() call. authentication header is dropped. FYI.

@ptitjes ptitjes self-assigned this Nov 21, 2017
ptitjes added a commit to ptitjes/pouchdb-authentication that referenced this issue Nov 22, 2017
@ptitjes
fix(ajax): correctly handle Basic authentication
31983c2 
Fixes pouchdb-community#109.

When username and password are present in db url, generate Basic
authentication token and put it in ajax request headers.
ptitjes added a commit to ptitjes/pouchdb-authentication that referenced this issue Nov 22, 2017
@ptitjes
fix(ajax): correctly handle Basic authentication
4c1b6bc 
Fixes pouchdb-community#109.

When username and password are present in db url, generate Basic
authentication token and put it in ajax request headers.
@ptitjes ptitjes mentioned this issue Nov 22, 2017
Merged
ptitjes added a commit to ptitjes/pouchdb-authentication that referenced this issue Nov 22, 2017
@ptitjes
fix(ajax): correctly handle Basic authentication
378969f 
Fixes pouchdb-community#109.

When username and password are present in db url, generate Basic
authentication token and put it in ajax request headers.
ptitjes added a commit to ptitjes/pouchdb-authentication that referenced this issue Nov 22, 2017
@ptitjes
fix(ajax): correctly handle Basic authentication
b5f3a71 
Fixes pouchdb-community#109.

When username and password are present in db url, generate Basic
authentication token and put it in ajax request headers.
ptitjes added a commit to ptitjes/pouchdb-authentication that referenced this issue Nov 23, 2017
@ptitjes
fix(ajax): correctly handle Basic authentication
242231e 
Fixes pouchdb-community#109.

When username and password are present in db url, generate Basic
authentication token and put it in ajax request headers.
ptitjes added a commit to ptitjes/pouchdb-authentication that referenced this issue Nov 23, 2017
@ptitjes
fix(ajax): correctly handle Basic authentication
42ec114 
Fixes pouchdb-community#109.

When username and password are present in db url, generate Basic
authentication token and put it in ajax request headers.
ptitjes added a commit to ptitjes/pouchdb-authentication that referenced this issue Nov 23, 2017
@ptitjes
fix(ajax): correctly handle Basic authentication
19f547b 
Fixes pouchdb-community#109.

When username and password are present in db url, generate Basic
authentication token and put it in ajax request headers.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ptitjes ptitjes

Labels
bug help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ptitjes @nolanlawson @ozexpert