Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Duplicate
-
1.0.2
-
None
Description
List functions should send a different Etag when requested by different users.
The following curl session shows identical Etags for different users. CouchDB must not be in admin party mode.
PROTOCOL=http
DOMAIN="127.0.0.1:5984"
DB=testdb
- admin credentials for db creation
ADMIN=admin:secure - this user must have an empty roles array
USER=user:secure
curl -XDELETE $PROTOCOL://$ADMIN@$DOMAIN/$DB
curl -XPUT $PROTOCOL://$ADMIN@$DOMAIN/$DB
curl -XPUT $PROTOCOL://$ADMIN@$DOMAIN/$DB/foo -d '
'
curl -XPUT $PROTOCOL://$ADMIN@$DOMAIN/$DB/_design/foo -d '{ "views": { "bar": { "map": "function(doc)
" } }, "lists": { "bar": "function(head, req)
{ return req.userCtx.name || \"anonymous\" }" }}'
curl -s $PROTOCOL://$DOMAIN/$DB/_design/foo/_list/bar/bar --head | grep Etag
curl -s $PROTOCOL://$USER@$DOMAIN/$DB/_design/foo/_list/bar/bar --head | grep Etag
#=> Etag: "A1NKHA0935KMCSHFSK94EHZNL"
#=> Etag: "A1NKHA0935KMCSHFSK94EHZNL"
This issue is important for standalone CouchDB applications which use list functions depending on the user context, eg. showing a login button or username.
regards
Johannes
PS: I tried to write a javascript test case but this issue can only be reproduced if the server is not in admin party mode, which the test suite requires. I am not so familar with those tests to temporarily change the admin party.