Reputation: 15770
My system is ubuntu 10.04 and I have CouchDB 1.0 installed. I can create admin, or more admins, log in as admin and everything works fine.
Since 0.11 in CouchDB there is notion of users which are not admins, and can have fine grained rights to databases. I want to create such user. I open Futon, I am not logged in, and I click "Signup" link (lower right corner). Then there is question about username and password. When I fill in the form and submit it, there is very long error message under "Username" field:
Signup error: {gen_server,call, [couch_query_servers, {get_proc,{doc,<<"_design/_auth">>, {1, [<<84,165,145,147,156,145,146,42,53,239,238,7, 235,44,58,114>>]}, {[{<<"language">>,<<"javascript">>}, {<<"validate_doc_update">>, <<"\n function(newDoc, oldDoc, userCtx) {\n if ((oldDoc && oldDoc.type !== 'user') || newDoc.type !== 'user') {\n throw({forbidden : 'doc.type must be user'});\n } // we only allow user docs for now\n\n if (newDoc._deleted === true) {\n // allow deletes by admins and matching users\n // without checking the other fields\n if ((userCtx.roles.indexOf('_admin') !== -1) ||\n (userCtx.name == oldDoc.name)) {\n return;\n } else {\n throw({forbidden: 'Only admins may delete other user docs.'});\n }\n }\n\n if (!newDoc.name) {\n throw({forbidden: 'doc.name is required'});\n }\n\n if (!(newDoc.roles && (typeof newDoc.roles.length !== 'undefined'))) {\n throw({forbidden: 'doc.roles must be an array'});\n }\n\n if (newDoc._id !== ('org.couchdb.user:' + newDoc.name)) {\n throw({\n forbidden: 'Doc ID must be of the form org.couchdb.user:name'\n });\n }\n\n if (oldDoc) { // validate all updates\n if (oldDoc.name !== newDoc.name) {\n throw({forbidden: 'Usernames can not be changed.'});\n }\n }\n\n if (newDoc.password_sha && !newDoc.salt) {\n throw({\n forbidden: 'Users with password_sha must have a salt.' +\n 'See /_utils/script/couch.js for example code.'\n });\n }\n\n if (userCtx.roles.indexOf('_admin') === -1) {\n if (oldDoc) { // validate non-admin updates\n if (userCtx.name !== newDoc.name) {\n throw({\n forbidden: 'You may only update your own user document.'\n });\n }\n // validate role updates\n var oldRoles = oldDoc.roles.sort();\n var newRoles = newDoc.roles.sort();\n\n if (oldRoles.length !== newRoles.length) {\n throw({forbidden: 'Only _admin may edit roles'});\n }\n\n for (var i = 0; i < oldRoles.length; i++) {\n if (oldRoles[i] !== newRoles[i]) {\n throw({forbidden: 'Only _admin may edit roles'});\n }\n }\n } else if (newDoc.roles.length > 0) {\n throw({forbidden: 'Only admin may set roles'});\n }\n }\n\n // no system roles in users db\n for (var i = 0; i < newDoc.roles.length; i++) {\n if (newDoc.roles[i][0] === '') {\n throw({\n forbidden:\n 'No system roles (starting with underscore) in users db.'\n });\n }\n }\n\n // no system names as names\n if (newDoc.name[0] === '_') {\n throw({forbidden: 'Username may not start with underscore.'});\n }\n }\n">>}]}, [],false,[]}, {<<"_design/_auth">>, <<"1-54a591939c91922a35efee07eb2c3a72">>}}]}
What is it? How can I create users in CouchDB?
Upvotes: 5
Views: 4824
Reputation: 9524
Ran into this issue myself and found that it was due to the fact that my name
and the name portion of the _id
string did not match:
curl -X PUT https://admin:password@server:6984/_users/org.couchdb.user:dan \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-d '{"name": "Dan", "password": "password", "roles": [], "type": "user"}'
this does not work because the name portion of the _id
dan from org.couchdb.user:dan does not match the name
supplied Dan.
The following works because the username matches (now both Dan)
curl -X PUT https://admin:password@server:6984/_users/org.couchdb.user:Dan \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-d '{"name": "Dan", "password": "password", "roles": [], "type": "user"}'
Upvotes: 3
Reputation: 463
I had a similar error on debian. I compiled CouchDB from the build-couchdb repo. I could create admin users but not regular users. I was also not able to run temporary views. Solved it by purging libmozjs1d and erlang-nox and recompiling. hope that helps.
Upvotes: 2
Reputation: 91
To create a user, PUT a JSON document to http://localhost:5984/_users/org.couchdb.user:<username>
For example create a file login.json
like this:
{
"_id": "org.couchdb.user:test",
"name": "test",
"password_sha": "24e8e07c23d8ae85108468ec4814b2f0fa84edde",
"salt": "78f67e252351a56d6e1e6df9ba005239",
"roles": [],
"type": "user"
}
Then PUT the data into couchdb:
curl -X PUT http://<admin>:<password>@localhost:5984/_users/org.couchdb.user%3Atest -S -s -H "Content-Type: application/json" -d @login.json
(Replace <admin>
and <password>
with your couchdb credentials.)
Now you should be able to log into couchdb with the user "test" and the password "test123".
Upvotes: 6
Reputation: 4441
It looks like you already have an admin account on the system, which CouchDB is detecting and expecting you to be logged in as to create accounts. Check your local.ini config file to see if you have any admins defined in the [admins] section - you will probably have some defined if you are upgrading from an old install.
Log in as one of those admins, or change their password if you don't remember it (just replace the has with your clear text password and it'll be hashed the next time CouchDB starts). Now restart CouchDB. If you had an admin account, then log in as that user, or if you removed all of the old accounts, then click sign up to create a new one.
Cheers.
Upvotes: 1