Uploaded image for project: 'CouchDB'
  1. CouchDB
  2. COUCHDB-2948

Internal server error returned instead of 403 Forbidden when cassim is disabled

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.0.0
    • Component/s: Database Core
    • Labels:
      None

      Description

      When cassim is disabled and an authenticated user attempts to access a database that they do not have permission to access, we should be returning an HTTP 403, e.g.:

      {"error":"forbidden","reason":"You are not allowed to access this db."}

      Currently we get the following:

      {"error":"internal_server_error","reason":"No DB shards could be opened.","ref":1865933553}

      What is happening is we're attempting to open all the shards with the user context then throwing an internal server error when we run out of shards:

      https://github.com/apache/couchdb-fabric/blob/master/src/fabric_util.erl#L179-L180

      There is a special case for unauthorized errors: https://github.com/apache/couchdb-fabric/blob/master/src/fabric_util.erl#L188-L189

      If we add something similar for forbidden errors then that would solve this issue.

      Note this is not an issue when using cassim because it stores the security metadata in the _metadata database.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              mikewallace Mike Wallace
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: