Error creating user in CouchDB 1.0

Question

My system is ubuntu 10.04 and I have CouchDB 1.0 installed. I can create admin, or more admins, log in as admin and everything works fine.

Since 0.11 in CouchDB there is notion of users which are not admins, and can have fine grained rights to databases. I want to create such user. I open Futon, I am not logged in, and I click "Signup" link (lower right corner). Then there is question about username and password. When I fill in the form and submit it, there is very long error message under "Username" field:

Signup error: {gen_server,call, [couch_query_servers, {get_proc,{doc,<<"_design/_auth">>, {1, [<<84,165,145,147,156,145,146,42,53,239,238,7, 235,44,58,114>>]}, {[{<<"language">>,<<"javascript">>}, {<<"validate_doc_update">>, <<"\n function(newDoc, oldDoc, userCtx) {\n if ((oldDoc && oldDoc.type !== 'user') || newDoc.type !== 'user') {\n throw({forbidden : 'doc.type must be user'});\n } // we only allow user docs for now\n\n if (newDoc._deleted === true) {\n // allow deletes by admins and matching users\n // without checking the other fields\n if ((userCtx.roles.indexOf('_admin') !== -1) ||\n (userCtx.name == oldDoc.name)) {\n return;\n } else {\n throw({forbidden: 'Only admins may delete other user docs.'});\n }\n }\n\n if (!newDoc.name) {\n throw({forbidden: 'doc.name is required'});\n }\n\n if (!(newDoc.roles && (typeof newDoc.roles.length !== 'undefined'))) {\n throw({forbidden: 'doc.roles must be an array'});\n }\n\n if (newDoc._id !== ('org.couchdb.user:' + newDoc.name)) {\n throw({\n forbidden: 'Doc ID must be of the form org.couchdb.user:name'\n });\n }\n\n if (oldDoc) { // validate all updates\n if (oldDoc.name !== newDoc.name) {\n throw({forbidden: 'Usernames can not be changed.'});\n }\n }\n\n if (newDoc.password_sha && !newDoc.salt) {\n throw({\n forbidden: 'Users with password_sha must have a salt.' +\n 'See /_utils/script/couch.js for example code.'\n });\n }\n\n if (userCtx.roles.indexOf('_admin') === -1) {\n if (oldDoc) { // validate non-admin updates\n if (userCtx.name !== newDoc.name) {\n throw({\n forbidden: 'You may only update your own user document.'\n });\n }\n // validate role updates\n var oldRoles = oldDoc.roles.sort();\n var newRoles = newDoc.roles.sort();\n\n if (oldRoles.length !== newRoles.length) {\n throw({forbidden: 'Only _admin may edit roles'});\n }\n\n for (var i = 0; i < oldRoles.length; i++) {\n if (oldRoles[i] !== newRoles[i]) {\n throw({forbidden: 'Only _admin may edit roles'});\n }\n }\n } else if (newDoc.roles.length > 0) {\n throw({forbidden: 'Only admin may set roles'});\n }\n }\n\n // no system roles in users db\n for (var i = 0; i < newDoc.roles.length; i++) {\n if (newDoc.roles[i][0] === '') {\n throw({\n forbidden:\n 'No system roles (starting with underscore) in users db.'\n });\n }\n }\n\n // no system names as names\n if (newDoc.name[0] === '_') {\n throw({forbidden: 'Username may not start with underscore.'});\n }\n }\n">>}]}, [],false,[]}, {<<"_design/_auth">>, <<"1-54a591939c91922a35efee07eb2c3a72">>}}]}

What is it? How can I create users in CouchDB?

Answer 1

To create a user, PUT a JSON document to http://localhost:5984/_users/org.couchdb.user:<username>

For example create a file login.json like this:

{
    "_id": "org.couchdb.user:test",
    "name": "test",
    "password_sha": "24e8e07c23d8ae85108468ec4814b2f0fa84edde",
    "salt": "78f67e252351a56d6e1e6df9ba005239",
    "roles": [],
    "type": "user"
}

Then PUT the data into couchdb:

curl -X PUT http://<admin>:<password>@localhost:5984/_users/org.couchdb.user%3Atest -S -s -H "Content-Type: application/json" -d @login.json

(Replace <admin> and <password> with your couchdb credentials.)

Now you should be able to log into couchdb with the user "test" and the password "test123".

Answer 2

Ran into this issue myself and found that it was due to the fact that my name and the name portion of the _id string did not match:

curl -X PUT https://admin:password@server:6984/_users/org.couchdb.user:dan \
    -H "Accept: application/json" \
    -H "Content-Type: application/json" \
    -d '{"name": "Dan", "password": "password", "roles": [], "type": "user"}'

this does not work because the name portion of the _id dan from org.couchdb.user:dan does not match the name supplied Dan.

The following works because the username matches (now both Dan)

curl -X PUT https://admin:password@server:6984/_users/org.couchdb.user:Dan \
    -H "Accept: application/json" \
    -H "Content-Type: application/json" \
    -d '{"name": "Dan", "password": "password", "roles": [], "type": "user"}'

Answer 3

I had a similar error on debian. I compiled CouchDB from the build-couchdb repo. I could create admin users but not regular users. I was also not able to run temporary views. Solved it by purging libmozjs1d and erlang-nox and recompiling. hope that helps.