Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.0.0
    • Fix Version/s: 2.1.0
    • Component/s: None
    • Labels:
      None

      Description

      When the configuration "require_valid_user = true" is added to the local.ini, the server ignores it and the database is still kept public. This problem was replicated in klaemo's docker image 2.0-single and 2.0-rc3 .

        Activity

        Hide
        tfpereira Tiago Pereira added a comment - - edited

        Just noticed this might be the same as COUCHDB-3098

        Show
        tfpereira Tiago Pereira added a comment - - edited Just noticed this might be the same as COUCHDB-3098
        Hide
        tfpereira Tiago Pereira added a comment - - edited

        Actually, disregard this issue. In my configuration, I was using port 5984 which was the chttpd port. I was applying all my permissions on [couch_httpd_auth], which was running on port 5986.

        Changing my local.ini to

        ```
        [chttpd]
        bind_address = 127.0.0.1
        port = 5984

        [httpd]
        bind_address = 0.0.0.0
        port = 5986

        [couchdb]
        uuid = myuuid

        [admins]
        root = mypassword

        [couch_httpd_auth]
        require_valid_user = true
        secret = mysecret
        ```

        And pointing to port 5986 resolved the issue.

        Show
        tfpereira Tiago Pereira added a comment - - edited Actually, disregard this issue. In my configuration, I was using port 5984 which was the chttpd port. I was applying all my permissions on [couch_httpd_auth] , which was running on port 5986. Changing my local.ini to ``` [chttpd] bind_address = 127.0.0.1 port = 5984 [httpd] bind_address = 0.0.0.0 port = 5986 [couchdb] uuid = myuuid [admins] root = mypassword [couch_httpd_auth] require_valid_user = true secret = mysecret ``` And pointing to port 5986 resolved the issue.
        Hide
        kxepal Alexander Shorin added a comment -

        I think it's not not a bug, but still a bug either in user expectations or lack chttpd option to require valid user. 5986 is a backdoor port that should not be available for public.

        Show
        kxepal Alexander Shorin added a comment - I think it's not not a bug, but still a bug either in user expectations or lack chttpd option to require valid user. 5986 is a backdoor port that should not be available for public.
        Hide
        brlanier Brian added a comment -

        This looks to be a "bug" in expectation, lack of documentation, unexpected config name or some combination of any or all of those. Looking in the source code for chttpd, it looks like it is looking for the config option under chttpd. (https://github.com/apache/couchdb-chttpd/blob/master/src/chttpd_auth.erl#L51) To me this was unexpected as I would have expected a matching [couch_chttpd_auth] block to the [couch_httpd_auth] block

        So expectation is that the following would work based on other config options and lack of documentation:

        Not working but expected
        [couch_chttpd_auth]
        require_valid_user = true
        

        However, from source code and trial on my couchdb 2.0 setup, the following did work as expected to require a valid user on port 5984:

        Working but unexpected
        [chttpd]
        require_valid_user = true
        

        Not sure if best way to fix is to change config option name or simply add documentation in the configuration section in the online help and possibly in the default config files provided with the build. Just wanted to add my observations to anyone else coming across this issue.

        Show
        brlanier Brian added a comment - This looks to be a "bug" in expectation, lack of documentation, unexpected config name or some combination of any or all of those. Looking in the source code for chttpd, it looks like it is looking for the config option under chttpd. ( https://github.com/apache/couchdb-chttpd/blob/master/src/chttpd_auth.erl#L51 ) To me this was unexpected as I would have expected a matching [couch_chttpd_auth] block to the [couch_httpd_auth] block So expectation is that the following would work based on other config options and lack of documentation: Not working but expected [couch_chttpd_auth] require_valid_user = true However, from source code and trial on my couchdb 2.0 setup, the following did work as expected to require a valid user on port 5984: Working but unexpected [chttpd] require_valid_user = true Not sure if best way to fix is to change config option name or simply add documentation in the configuration section in the online help and possibly in the default config files provided with the build. Just wanted to add my observations to anyone else coming across this issue.
        Hide
        uschtwill Wilhelm Uschtrin added a comment -

        This just cost me a couple of hours. There is absolutely no way to garner this from the documentation, not even when very specifically searching for either "chttpd" or "require_valid_user". The documentation seems to be shockingly out of date regarding this. I was quite happy with the documentation until now, but now I am wondering what else is missing. O_O

        Show
        uschtwill Wilhelm Uschtrin added a comment - This just cost me a couple of hours. There is absolutely no way to garner this from the documentation, not even when very specifically searching for either "chttpd" or "require_valid_user". The documentation seems to be shockingly out of date regarding this. I was quite happy with the documentation until now, but now I am wondering what else is missing. O_O
        Hide
        alxndrsn Alex Anderson added a comment -

        I've just run into this. Appears that the setting `couch_httpd_auth.require_valid_user` in couch 1.6.1 has changed to `chttpd.require_valid_user` in couch 2.

        Show
        alxndrsn Alex Anderson added a comment - I've just run into this. Appears that the setting `couch_httpd_auth.require_valid_user` in couch 1.6.1 has changed to `chttpd.require_valid_user` in couch 2.
        Hide
        wohali Joan Touzet added a comment -

        Our default.ini file is clearly out of date. I'll take this one.

        Show
        wohali Joan Touzet added a comment - Our default.ini file is clearly out of date. I'll take this one.
        Hide
        jira-bot ASF subversion and git services added a comment -

        Commit 96d10a9046f829802443fff799f9fff061b8c415 in couchdb's branch refs/heads/COUCHDB-3100 from Joan Touzet
        [ https://git-wip-us.apache.org/repos/asf?p=couchdb.git;h=96d10a9 ]

        Clarify & correct require_valid_user setting

        Fixes COUCHDB-3100

        Show
        jira-bot ASF subversion and git services added a comment - Commit 96d10a9046f829802443fff799f9fff061b8c415 in couchdb's branch refs/heads/ COUCHDB-3100 from Joan Touzet [ https://git-wip-us.apache.org/repos/asf?p=couchdb.git;h=96d10a9 ] Clarify & correct require_valid_user setting Fixes COUCHDB-3100
        Hide
        alxndrsn Alex Anderson added a comment -

        Joan Touzet thanks for the fix! The auto-generated git link (https://git-wip-us.apache.org/repos/asf?p=couchdb.git;h=96d10a9) seems to be broken though, so I can't see the change. Is this a known issue?

        I found the commit at https://github.com/apache/couchdb/commit/96d10a9046f829802443fff799f9fff061b8c415. Github says that this repo is a mirror of git://git.apache.org/couchdb.git, but that seems to be down. Is https://github.com/apache/couchdb the official repo now?

        Show
        alxndrsn Alex Anderson added a comment - Joan Touzet thanks for the fix! The auto-generated git link ( https://git-wip-us.apache.org/repos/asf?p=couchdb.git;h=96d10a9 ) seems to be broken though, so I can't see the change. Is this a known issue? I found the commit at https://github.com/apache/couchdb/commit/96d10a9046f829802443fff799f9fff061b8c415 . Github says that this repo is a mirror of git://git.apache.org/couchdb.git, but that seems to be down. Is https://github.com/apache/couchdb the official repo now?
        Hide
        jira-bot ASF subversion and git services added a comment -

        Commit 61dfa53951736aeb2dcb30605d4ac14ef797301b in couchdb-documentation's branch refs/heads/COUCHDB-3100 from Joan Touzet
        [ https://git-wip-us.apache.org/repos/asf?p=couchdb-documentation.git;h=61dfa53 ]

        Update documentation for require_valid_user

        Fixes COUCHDB-3100

        Show
        jira-bot ASF subversion and git services added a comment - Commit 61dfa53951736aeb2dcb30605d4ac14ef797301b in couchdb-documentation's branch refs/heads/ COUCHDB-3100 from Joan Touzet [ https://git-wip-us.apache.org/repos/asf?p=couchdb-documentation.git;h=61dfa53 ] Update documentation for require_valid_user Fixes COUCHDB-3100
        Hide
        wohali Joan Touzet added a comment -

        Alex Anderson The official repo is at https://gitbox.apache.org/repos/asf/couchdb.git - but integration with GitHub is now tighter. Unfortunately Apache Infrastructure tells me they can't easily change that reflection. They have filed a ticket to fix the emailed git links to JIRA, though - thank you for reporting it!

        Once the 2 Pull Requests are approved (couchdb, couchdb-documentation) you'll be able to see the updated documentation at https://docs.couchdb.org/en/latest/ . They will be rolled into the next official release.

        Thank you for the bug report!

        Show
        wohali Joan Touzet added a comment - Alex Anderson The official repo is at https://gitbox.apache.org/repos/asf/couchdb.git - but integration with GitHub is now tighter. Unfortunately Apache Infrastructure tells me they can't easily change that reflection. They have filed a ticket to fix the emailed git links to JIRA, though - thank you for reporting it! Once the 2 Pull Requests are approved (couchdb, couchdb-documentation) you'll be able to see the updated documentation at https://docs.couchdb.org/en/latest/ . They will be rolled into the next official release. Thank you for the bug report!
        Hide
        jira-bot ASF subversion and git services added a comment -

        Commit 61dfa53951736aeb2dcb30605d4ac14ef797301b in couchdb-documentation's branch refs/heads/master from Joan Touzet
        [ https://gitbox.apache.org/repos/asf?p=couchdb-documentation.git;h=61dfa53 ]

        Update documentation for require_valid_user

        Fixes COUCHDB-3100

        Show
        jira-bot ASF subversion and git services added a comment - Commit 61dfa53951736aeb2dcb30605d4ac14ef797301b in couchdb-documentation's branch refs/heads/master from Joan Touzet [ https://gitbox.apache.org/repos/asf?p=couchdb-documentation.git;h=61dfa53 ] Update documentation for require_valid_user Fixes COUCHDB-3100
        Hide
        jira-bot ASF subversion and git services added a comment -

        Commit 66633faa717a6dee4848889e5a4023a95c22e24b in couchdb-documentation's branch refs/heads/master from Joan Touzet
        [ https://gitbox.apache.org/repos/asf?p=couchdb-documentation.git;h=66633fa ]

        Merge pull request #127 from apache/COUCHDB-3100

        Update documentation for require_valid_user

        Show
        jira-bot ASF subversion and git services added a comment - Commit 66633faa717a6dee4848889e5a4023a95c22e24b in couchdb-documentation's branch refs/heads/master from Joan Touzet [ https://gitbox.apache.org/repos/asf?p=couchdb-documentation.git;h=66633fa ] Merge pull request #127 from apache/ COUCHDB-3100 Update documentation for require_valid_user
        Hide
        jira-bot ASF subversion and git services added a comment -

        Commit 96d10a9046f829802443fff799f9fff061b8c415 in couchdb's branch refs/heads/master from Joan Touzet
        [ https://gitbox.apache.org/repos/asf?p=couchdb.git;h=96d10a9 ]

        Clarify & correct require_valid_user setting

        Fixes COUCHDB-3100

        Show
        jira-bot ASF subversion and git services added a comment - Commit 96d10a9046f829802443fff799f9fff061b8c415 in couchdb's branch refs/heads/master from Joan Touzet [ https://gitbox.apache.org/repos/asf?p=couchdb.git;h=96d10a9 ] Clarify & correct require_valid_user setting Fixes COUCHDB-3100
        Hide
        jira-bot ASF subversion and git services added a comment -

        Commit a9dd4c4cc86634e4bd9c0ec7d947c12e467d1c7f in couchdb's branch refs/heads/master from Joan Touzet
        [ https://gitbox.apache.org/repos/asf?p=couchdb.git;h=a9dd4c4 ]

        Merge pull request #478 from apache/COUCHDB-3100

        Clarify & correct require_valid_user setting

        Show
        jira-bot ASF subversion and git services added a comment - Commit a9dd4c4cc86634e4bd9c0ec7d947c12e467d1c7f in couchdb's branch refs/heads/master from Joan Touzet [ https://gitbox.apache.org/repos/asf?p=couchdb.git;h=a9dd4c4 ] Merge pull request #478 from apache/ COUCHDB-3100 Clarify & correct require_valid_user setting
        Hide
        wohali Joan Touzet added a comment -

        Documentation updated to reflect reality.

        Show
        wohali Joan Touzet added a comment - Documentation updated to reflect reality.
        Hide
        jira-bot ASF subversion and git services added a comment -

        Commit a9dd4c4cc86634e4bd9c0ec7d947c12e467d1c7f in couchdb's branch refs/heads/63012-scheduler from Joan Touzet
        [ https://gitbox.apache.org/repos/asf?p=couchdb.git;h=a9dd4c4 ]

        Merge pull request #478 from apache/COUCHDB-3100

        Clarify & correct require_valid_user setting

        Show
        jira-bot ASF subversion and git services added a comment - Commit a9dd4c4cc86634e4bd9c0ec7d947c12e467d1c7f in couchdb's branch refs/heads/63012-scheduler from Joan Touzet [ https://gitbox.apache.org/repos/asf?p=couchdb.git;h=a9dd4c4 ] Merge pull request #478 from apache/ COUCHDB-3100 Clarify & correct require_valid_user setting
        Hide
        jira-bot ASF subversion and git services added a comment -

        Commit 61dfa53951736aeb2dcb30605d4ac14ef797301b in couchdb-documentation's branch refs/heads/63012-scheduler from Joan Touzet
        [ https://gitbox.apache.org/repos/asf?p=couchdb-documentation.git;h=61dfa53 ]

        Update documentation for require_valid_user

        Fixes COUCHDB-3100

        Show
        jira-bot ASF subversion and git services added a comment - Commit 61dfa53951736aeb2dcb30605d4ac14ef797301b in couchdb-documentation's branch refs/heads/63012-scheduler from Joan Touzet [ https://gitbox.apache.org/repos/asf?p=couchdb-documentation.git;h=61dfa53 ] Update documentation for require_valid_user Fixes COUCHDB-3100
        Hide
        jira-bot ASF subversion and git services added a comment -

        Commit 66633faa717a6dee4848889e5a4023a95c22e24b in couchdb-documentation's branch refs/heads/63012-scheduler from Joan Touzet
        [ https://gitbox.apache.org/repos/asf?p=couchdb-documentation.git;h=66633fa ]

        Merge pull request #127 from apache/COUCHDB-3100

        Update documentation for require_valid_user

        Show
        jira-bot ASF subversion and git services added a comment - Commit 66633faa717a6dee4848889e5a4023a95c22e24b in couchdb-documentation's branch refs/heads/63012-scheduler from Joan Touzet [ https://gitbox.apache.org/repos/asf?p=couchdb-documentation.git;h=66633fa ] Merge pull request #127 from apache/ COUCHDB-3100 Update documentation for require_valid_user
        Hide
        jira-bot ASF subversion and git services added a comment -

        Commit a9dd4c4cc86634e4bd9c0ec7d947c12e467d1c7f in couchdb's branch refs/heads/COUCHDB-3376-fix-mem3-shards from Joan Touzet
        [ https://gitbox.apache.org/repos/asf?p=couchdb.git;h=a9dd4c4 ]

        Merge pull request #478 from apache/COUCHDB-3100

        Clarify & correct require_valid_user setting

        Show
        jira-bot ASF subversion and git services added a comment - Commit a9dd4c4cc86634e4bd9c0ec7d947c12e467d1c7f in couchdb's branch refs/heads/ COUCHDB-3376 -fix-mem3-shards from Joan Touzet [ https://gitbox.apache.org/repos/asf?p=couchdb.git;h=a9dd4c4 ] Merge pull request #478 from apache/ COUCHDB-3100 Clarify & correct require_valid_user setting

          People

          • Assignee:
            wohali Joan Touzet
            Reporter:
            tfpereira Tiago Pereira
          • Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development