search

pouchdb / express-pouchdb

⚠️⚠️⚠️ THIS REPO HAS MOVED ⚠️⚠️⚠️
143 stars 52 forks source link

Can't create admin user #113

Closed nolanlawson closed 10 years ago

nolanlawson commented 10 years ago

In the latest version of pouchdb-server (I just released express-pouchdb 0.7.0).

Steps to reproduce: go to create an admin, enter a username and password, press the button.

screenshot 2014-09-24 10 52 47

Result: get an error:

GET /fonts/fontawesome-webfont.woff?v=3.2.1 200 0.570 ms - 43572
GET /_utils/fauxton/js/zeroclipboard/ZeroClipboard.swf?noCache=1411570284040 404 2.407 ms - 44
GET /fonts/fauxtonicon.woff 200 0.531 ms - 10000
PUT /_config/admins/nolan 200 5.790 ms - 3
Possibly unhandled Error: {"status":401,"name":"unauthorized","message":"Name or password is incorrect."}
    at Promise$_rejectUncheckedCheckError [as _rejectUncheckedCheckError] (/usr/local/lib/node_modules/pouchdb-server/node_modules/express-pouchdb/node_modules/bluebird/js/main/promise.js:930:63)
    at Promise$_settlePromiseFromHandler [as _settlePromiseFromHandler] (/usr/local/lib/node_modules/pouchdb-server/node_modules/pouchdb/node_modules/bluebird/js/main/promise.js:706:17)
    at Promise$_settlePromiseAt [as _settlePromiseAt] (/usr/local/lib/node_modules/pouchdb-server/node_modules/pouchdb/node_modules/bluebird/js/main/promise.js:868:14)
    at Promise$_settlePromises [as _settlePromises] (/usr/local/lib/node_modules/pouchdb-server/node_modules/pouchdb/node_modules/bluebird/js/main/promise.js:1006:14)
    at Promise$_rejectPromises [as _rejectPromises] (/usr/local/lib/node_modules/pouchdb-server/node_modules/pouchdb/node_modules/bluebird/js/main/promise.js:999:10)
    at Async$_consumeFunctionBuffer [as _consumeFunctionBuffer] (/usr/local/lib/node_modules/pouchdb-server/node_modules/pouchdb/node_modules/bluebird/js/main/async.js:74:12)
    at Async$consumeFunctionBuffer (/usr/local/lib/node_modules/pouchdb-server/node_modules/pouchdb/node_modules/bluebird/js/main/async.js:37:14)
    at process._tickCallback (node.js:419:13)
GET /_all_dbs 304 2.846 ms - -
GET /_replicator 304 4.077 ms - -
GET /_users 304 3.711 ms - -
PUT /_config/admins/admin 200 2.275 ms - 3
nolanlawson commented 10 years ago

This is from within an empty directory

nolanlawson commented 10 years ago

weird, it created a user in config.json. but there also seems to be no way to log in in the UI

marten-de-vries commented 10 years ago

Can reproduce, started working on this.

marten-de-vries commented 10 years ago

We need an updated version of couchdb-harness, it's very likely this would've been caught by that.

The old version we use now still uses non-pbkdf2 hashing of passwords, which newer versions of CouchDB only support for backwards compatibility. For pouchdb-auth (and pouchdb-server) implementing that isn't worth the effort (and source code size: you can use pouchdb-auth in the browser as a pouchdb-authentication alternative.)

nolanlawson commented 10 years ago

For the password hashing, I would prefer if we used the pbkdf2 solution, but I can understand that in a browser it's not really feasible. Worth revisiting later.

In any case, this issue is fixed! I'll release a new version

marten-de-vries commented 10 years ago

@nolanlawson pouchdb-auth does support pbkdf2. It just doesn't support legacy hashing, which the current couchdb-harness requires.