Ubuntu
couchdb package

OAuth access to design documents is broken

Bug #427860 reported by Eric Casteleijn
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
couchdb (Ubuntu)
Fix Released
Undecided
Chad Miller

Bug Description

Binary package hint: couchdb

When making OAuth authenticated requests to design documents, CouchDB returns 401s. The problem turns out to be that the slash in _design/viewname is/can be encoded to %2F but CouchDB checks the credentials against the unencoded url always.

The problem was found and fixed by Jason Davies and the bugfix has been committed to trunk and the 0.10 branch:
r813803 /trunk/src/couchdb/couch_httpd_oauth.erl: fix oauth access to design documents, patch by Jason Davies
r813806 /branches/0.10.x/ (. etc/default/couchdb src/couchdb/couch_httpd_oauth.erl): merge r813803: fix oauth access to design documents, patch by Jason Davies

Tags: desktopcouch

Related branches

lp:ubuntu/karmic/couchdb
Eric Casteleijn (thisfred)
Changed in couchdb (Ubuntu):
assignee: nobody → Elliot Murphy (statik)
status: New → In Progress
status: In Progress → Confirmed
Revision history for this message
Chad Miller (cmiller) wrote :

0.10 couchdb will fix this. The current SVN already does.

Changed in couchdb (Ubuntu):
status: Confirmed → In Progress
assignee: Elliot Murphy (statik) → Chad Miller (cmiller)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package couchdb - 0.10.0~svn818859-0ubuntu1

---------------
couchdb (0.10.0~svn818859-0ubuntu1) karmic; urgency=low

  * Import code from pre-release branch. (LP: #427860, #408909)
    + Build and System Integration:
      * Changed `couchdb` script configuration options.
     * Added default.d and local.d configuration directories to load
        sequence.
    + HTTP Interface:
      * Added optional cookie-based authentication handler.
      * Added optional two-legged OAuth authentication handler.
  * Packaging of couchdb-bin must replace pre-split couchdb.
    (LP: #432219)
  * Move all of /etc and /var out of the couchdb-bin package, to the
    couchdb package.
  * /etc/couchdb must be in couchdb-bin, as config files are needed
    by all servers.
    + So the couchdb user must be managed by couchdb-bin.
    + Split postinst/postrm files to manage different files.
    + Set Replaces of couchdb-bin by couchdb so that config files
      migrate.
  * Update the version number in postrm. (!)
  * Use the new "Breaks" field in control file to help split pkg.

  [Ken VanDine]
  * debian/couchdb.install:
    - removed /var
  * debian/rules:
    - removed bootstrap
  * debian/couchdb.postinst:
    - Added the debhelper tag

 -- Chad Miller <email address hidden> Fri, 25 Sep 2009 19:18:26 -0400

Changed in couchdb (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.