This uses the full X-Auth-CouchDB mechanism, including the token (thanks to couch-proxy-auth node module)
This includes two new condifugration options : forwardedLoginSecret and forwardedLoginRoles (optional). This allows to configure the couchDB upstream server with couch_httpd_auth/proxy_use_secret and couch_httpd_auth/secret so that CouchDB protects itself from forgery.
forwardedLoginHeader is still valid, but doesn't work if the above CouchDB options are active.
First TEST 2eb9e26 commit fails the no forge assertions because couchdb is "open", the second one 75a3c61 passes them once couchdb is protected (still uthentiating external users)
This uses the full X-Auth-CouchDB mechanism, including the token (thanks to couch-proxy-auth node module)
This includes two new condifugration options :
forwardedLoginSecret
andforwardedLoginRoles
(optional). This allows to configure the couchDB upstream server withcouch_httpd_auth/proxy_use_secret
andcouch_httpd_auth/secret
so that CouchDB protects itself from forgery.forwardedLoginHeader
is still valid, but doesn't work if the above CouchDB options are active.First TEST 2eb9e26 commit fails the no forge assertions because couchdb is "open", the second one 75a3c61 passes them once couchdb is protected (still uthentiating external users)