Creating Users via script

The official documentation has moved to http://docs.couchdb.org — The transition is not 100% complete, but http://docs.couchdb.org should be seen as having the latest info. In some cases, the wiki still has some more or older info on certain topics inside CouchDB.

You need to be added to the ContributorsGroup to edit the wiki. But don't worry! Just email any Mailing List or grab us on IRC and let us know your user name.

From CouchDB 1.2.0 onwards, it is very easy to script the creation of new users by PUTting a correctly formatted JSON document into /_users. Simply PUT a document of the following structure to $COUCHDB/_users/$ID

{
  "_id": "org.couchdb.user:$ID",
  "name": "$ID",
  "roles": [],
  "type": "user",
  "password": "$PASSWORD"
}

The provided password will be salted, and stored as a sha hash.

For example, to create a user wubble with password tubble:

COUCH=http://admin:passwd@localhost:5984
curl -HContent-Type:application/json -vXPUT $COUCH/_users/org.couchdb.user:wubble --data-binary '{"_id": "org.couchdb.user:wubble","name": "wubble","roles": [],"type": "user","password": "tubble"}'

 About to connect() to localhost port 5984 (#0)
*   Trying ::1... Connection refused
*   Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 5984 (#0)
* Server auth using Basic with user 'admin'
> PUT /_users/org.couchdb.user:wubble HTTP/1.1
> Authorization: Basic YWRtaW66cGFzc3dk
> User-Agent: curl/7.21.4 (universal-apple-darwin11.0) libcurl/7.21.4 OpenSSL/0.9.8r zlib/1.2.5
> Host: localhost:5984
> Accept: */*
> Content-Type:application/json
> Content-Length: 99
>
< HTTP/1.1 201 Created
< Server: CouchDB/1.2.0 (Erlang OTP/R15B01)
< Location: http://localhost:5984/_users/org.couchdb.user:wubble
< ETag: "1-2e5fe1cfee2ab231788f73be8043acb5"
< Date: Wed, 02 May 2012 11:45:29 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 86
< Cache-Control: must-revalidate
<
{"ok":true,"id":"org.couchdb.user:wubble","rev":"1-2e5fe1cfee2ab231788f73be8043acb5"}
* Connection #0 to host localhost left intact
* Closing connection #0

Notes:

$ curl -HContent-Type:application/json http://localhost:5984/_users/org.couchdb.user:wubble
{
   "reason" : "missing",
   "error" : "not_found"
}

$ curl -HContent-Type:application/json http://wubble:tubble@localhost:5984/_users/org.couchdb.user:wubble
{
  "_id": "org.couchdb.user:wubble",
  "_rev": "1-2e5fe1cfee2ab231788f73be8043acb5",
  "name": "wubble",
  "roles": [],
  "type": "user",
  "password_sha": "96ccc474390c8754ffe225b30740b42a2e01c46b",
  "salt": "03f9e0f7e36d3b4c6f83a31c4c51868e"
}

$ curl -HContent-Type:application/json -vXPUT $COUCH/_users/org.couchdb.user:wibble --data-binary '{"_id": "org.couchdb.user:wibble","name": "wibble","roles": ["admin"],"type": "user","password": "tubble"}'
* About to connect() to localhost port 5984 (#0)
*   Trying ::1... Connection refused
*   Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 5984 (#0)
> PUT /_users/org.couchdb.user:wibble HTTP/1.1
> User-Agent: curl/7.21.4 (universal-apple-darwin11.0) libcurl/7.21.4 OpenSSL/0.9.8r zlib/1.2.5
> Host: localhost:5984
> Accept: */*
> Content-Type:application/json
> Content-Length: 106
>
< HTTP/1.1 403 Forbidden
< Server: CouchDB/1.2.0 (Erlang OTP/R15B01)
< Date: Wed, 02 May 2012 11:49:49 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 59
< Cache-Control: must-revalidate
<
{
  "error": "forbidden",
  "reason": "Only _admin may set roles"
}
* Connection #0 to host localhost left intact
* Closing connection #0

Creating per-user Databases via script

A common pattern is to create a per-user database, that is only accessible by that user, for read & writing. You'll need to disable Admin Party by creating a server admin.

COUCH=http://admin:passwd@localhost:5984
curl -HContent-Type:application/json \
  -vXPUT $COUCH/_users/org.couchdb.user:me \
  --data-binary '{"_id": "org.couchdb.user:me","name": "me","roles": [],"type": "user","password": "pwd"}'

curl -vX PUT $COUCH/me

curl -vX PUT $COUCH/me/_security  \
   -Hcontent-type:application/json \
    --data-binary '{"admins":{"names":[],"roles":[]},"members":{"names":["me"],"roles":[]}}'

How_to_create_users_via_script (last edited 2012-11-16 13:45:45 by DaveCottlehuber)