Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

CouchDB cookie authentication with HTTPS

I configured my CouchDB with HTTPS using exactly the instruction given in the documentation (only that I changed the ssl port to 6161). And I created two admins. Then when I tried to log in using cookie authentication like the following:

curl -kX POST https://localhost:6161/_session \
   -H 'Content-Type:application/x-www-form-urlencoded' \
   -d 'name=admin&password=admin'

The username and password are correct, as I can login using the -u option of curl. But I always got unauthorized error. I am not sure what is wrong here.

like image 877
Weixiang Guan Avatar asked Jun 06 '14 20:06

Weixiang Guan


1 Answers

I finally figured out what I should do in this case. I need to combine basic authentication and cookie authentication to be able to log in.

curl -kX POST -u admin:admin https://localhost:6161/_session \
     -H 'Content-Type:application/x-www-form-urlencoded' \
     -d 'name=admin&password=admin'

Maybe it is because I set require_valid_user = true, and cookie authentication is one of the REST API, while basic authentication is part of the HTTP protocol, and the flag above affects in the HTTP level.

But now there is still the problem: do I need to provide twice the login information each time to do cookie authentication? How about I provide one login for basic authentication and another login for cookie authentication? Could this be a threat for the system?

like image 94
Weixiang Guan Avatar answered Nov 15 '22 08:11

Weixiang Guan