Uploaded image for project: 'CouchDB'
  1. CouchDB
  2. COUCHDB-2948

Internal server error returned instead of 403 Forbidden when cassim is disabled

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 2.0.0
    • Database Core
    • None

    Description

      When cassim is disabled and an authenticated user attempts to access a database that they do not have permission to access, we should be returning an HTTP 403, e.g.:

      {"error":"forbidden","reason":"You are not allowed to access this db."}

      Currently we get the following:

      {"error":"internal_server_error","reason":"No DB shards could be opened.","ref":1865933553}

      What is happening is we're attempting to open all the shards with the user context then throwing an internal server error when we run out of shards:

      https://github.com/apache/couchdb-fabric/blob/master/src/fabric_util.erl#L179-L180

      There is a special case for unauthorized errors: https://github.com/apache/couchdb-fabric/blob/master/src/fabric_util.erl#L188-L189

      If we add something similar for forbidden errors then that would solve this issue.

      Note this is not an issue when using cassim because it stores the security metadata in the _metadata database.

      Attachments

        Activity

          People

            Unassigned Unassigned
            mikewallace Mike Wallace
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: