search

pouchdb-community / pouchdb-authentication

User authentication plugin for PouchDB and CouchDB.
Apache License 2.0
777 stars 117 forks source link

_users object couchdb 3.x information - not a bug #263

Open SinanGabel opened 4 years ago

SinanGabel commented 4 years ago

Expected behaviour

Authenticated user can fetch own _users object.

Current behavior with Couchdb 3.x

Authenticated user cannot fetch own _users object.

Possible solution

Change local.ini configuration

[couchdb] users_db_security_editable = true

Modifying the _security object [Permissions in Fauxton] of the _users database.

couchdb issue 2734

couchdb issue 2730

travbus commented 4 years ago

Nevermind this post there is a bigger issue at play here. I'm getting pouch online to offline syncing on _users doc error 'You are not authorized to access this db.' even when I give admin and member permissions in the _users _security obj. This sucks. Apparently it was just chrome blocking the auth session cookie. Everything is working again. Leave this info or delete it, but I'm stoked my project is working again.

For me after user was logged in successfully with cookie auth I couldn't get the users data using Pouchdb authentication getUser. I set users_db_security_editable = true and made sure no permissions where set for _users db. Pouchdb authentication still would not get user. using the curl I could get the data if I passed authentication for the user http://userName:pass@127.0.0.1:5984/_users/org.couchdb.user:userName my current work around was to make a api call to couchdb with axios

this way works in node but not from chrome

  let response = await axios.get(
          "http://userName:pass@127.0.0.1:5984/_users/org.couchdb.user:userName"
        );

this way works from chrome 

` var user = "userName";
        var pass = "pass";
        var url =
          "http://localhost:5984/_users/org.couchdb.user:userName;

        var authorizationBasic = window.btoa(user + ":" + pass);
        var config = {
          headers: {
            Authorization: "Basic " + authorizationBasic
          }
        };
        let response = await axios.get(url, config);
        console.log("response", response.data);`

I have tested and user only has access to there info not to all users. Hope this helps someone cause it was a big waste of my time figuring it out for me coming back to a year old project. I'm probably going to do away with this plugin and do direct api calls as it seems nobody is updating this package anymore

DrMarkEy commented 4 years ago

I think this issue is related to #264. I was facing the same problem and changing the chrome-flags as described there fixed it for me.

HZSamir commented 3 years ago

Any progress on this? I am experiencing this issue both in Node and Chrome (Electron renderer process).