Uploaded image for project: 'CouchDB'
  1. CouchDB
  2. COUCHDB-2299

admin users are unable to login after upgrading to 1.6.0 when older password hashes are used

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 1.6.0
    • Fix Version/s: 1.6.1
    • Component/s: Database Core
    • Labels:
      None

      Description

      1. issue

      When a couch is upgraded to 1.6.0, and the config files contain an [admins] section with non-PBKDF2 hashed passwords (old-style < 1.3.1) then couchdb will not let those admin users login.

      1. reproduce
      • install 1.2.1 through 1.5.1 (tested those + 1.3.1 + 1.6.1-rc.3)
      • create a new admin user via futon
      • remove old binaries etc `rm -rf bin share lib`
      • only dbs and .ini files remain (apart from log uri etc)
      • install 1.6.0 (or 1-rc.3 with the fix for the raw/unhashed password fix)
      • try to log in using admin via futon
      2> [debug] [<0.146.0>] 'POST' /_session {1,1} from "94.136.7.161"
      Headers: [{'Accept',"application/json"},
                {'Accept-Encoding',"gzip,deflate"},
                {'Accept-Language',"en-US,en;q=0.8,de;q=0.6"},
                {'Connection',"keep-alive"},
                {'Content-Length',"25"},
                {'Content-Type',"application/x-www-form-urlencoded; charset=UTF-8"},
                {'Cookie',"AuthSession="},
                {"Dnt","1"},
                {'Host',"130.211.98.121:5984"},
                {"Origin","http://130.211.98.121:5984"},
                {'Referer',"http://130.211.98.121:5984/_utils/"},
                {'User-Agent',"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2129.0 Safari/537.36"},
                {"X-Requested-With","XMLHttpRequest"}]
      [debug] [<0.146.0>] OAuth Params: []
      [debug] [<0.146.0>] Attempt Login: admin
      [debug] [<0.117.0>] DDocProc found for DDocKey: {<<"_design/_auth">>,
                                                       <<"2-7837bd4a550c1a65ac96c258e83d8b8c">>}
      [debug] [<0.171.0>] OS Process #Port<0.3041> Input  :: ["reset",{"reduce_limit":true,"timeout":5000}]
      [debug] [<0.171.0>] OS Process #Port<0.3041> Output :: true
      [debug] [<0.171.0>] OS Process #Port<0.3041> Input  :: ["ddoc","_design/_auth",
          ["validate_doc_update"],
          [{"_id":"",
              "password_scheme":"pbkdf2",
              "iterations":10,"roles":["_admin"],
              "salt":"a755d787383cdc147808a3ce2326479e",
              "password_scheme":"simple",
              "derived_key":"77bc076166db06fd940540ea7dc9d181e7e44741",
              "_revisions":{"start":0,"ids":[]}},
          null,
          {"db":"_users","name":null,"roles":["_admin"]},{}]]
      [debug] [<0.171.0>] OS Process #Port<0.3041> Output :: {"forbidden":"doc.type must be user"}
      [debug] [<0.146.0>] Minor error in HTTP request: {forbidden,
                                                        <<"doc.type must be user">>}
      [debug] [<0.146.0>] Stacktrace: [{couch_db,update_doc,4,
                                           [{file,"couch_db.erl"},{line,432}]},
                                       {couch_httpd_auth,
                                           '-maybe_upgrade_password_hash/3-fun-0-',
                                           4,
                                           [{file,"couch_httpd_auth.erl"},
                                            {line,355}]},
                                       {couch_util,with_db,2,
                                           [{file,"couch_util.erl"},{line,443}]},
                                       {couch_httpd_auth,handle_session_req,1,
                                           [{file,"couch_httpd_auth.erl"},
                                            {line,275}]},
                                       {couch_httpd,handle_request_int,5,
                                           [{file,"couch_httpd.erl"},{line,318}]},
                                       {mochiweb_http,headers,5,
                                           [{file,"mochiweb_http.erl"},{line,94}]},
                                       {proc_lib,init_p_do_apply,3,
                                           [{file,"proc_lib.erl"},{line,227}]}]
      [info] [<0.146.0>] 94.136.7.161 - - POST /_session 403
      

        Attachments

          Activity

            People

            • Assignee:
              dch Dave Cottlehuber
              Reporter:
              dch Dave Cottlehuber
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: