Differences between revisions 1 and 2
Revision 1 as of 2012-05-02 11:55:37
Size: 3511
Comment: scripting user creation
Revision 2 as of 2012-11-16 13:45:45
Size: 4260
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
= Creating Users in CouchDB via script = = Creating Users via script =
Line 36: Line 36:
>  >
Line 45: Line 45:
<  <
Line 74: Line 74:
$ curl -HContent-Type:application/json -vXPUT $COUCH/_users/org.couchdb.user:wibble --data-binary '{"_id": "org.couchdb.user:wibble","name": "wibble","roles": ["admin"],"type": "user","password": "tubble"}'  $ curl -HContent-Type:application/json -vXPUT $COUCH/_users/org.couchdb.user:wibble --data-binary '{"_id": "org.couchdb.user:wibble","name": "wibble","roles": ["admin"],"type": "user","password": "tubble"}'
Line 85: Line 85:
>  >
Line 92: Line 92:
<  <
Line 100: Line 100:

= Creating per-user Databases via script =

A common pattern is to create a per-user database, that is only accessible by that user, for read & writing. You'll need to disable Admin Party by creating a server admin.

 * Create a user:

{{{
COUCH=http://admin:passwd@localhost:5984
curl -HContent-Type:application/json \
  -vXPUT $COUCH/_users/org.couchdb.user:me \
  --data-binary '{"_id": "org.couchdb.user:me","name": "me","roles": [],"type": "user","password": "pwd"}'
}}}

 * create the DB

{{{
curl -vX PUT $COUCH/me
}}}


 * update the DB security object

{{{
curl -vX PUT $COUCH/me/_security \
   -Hcontent-type:application/json \
    --data-binary '{"admins":{"names":[],"roles":[]},"members":{"names":["me"],"roles":[]}}'
}}}

Creating Users via script

The official documentation has moved to http://docs.couchdb.org — The transition is not 100% complete, but http://docs.couchdb.org should be seen as having the latest info. In some cases, the wiki still has some more or older info on certain topics inside CouchDB.

You need to be added to the ContributorsGroup to edit the wiki. But don't worry! Just email any Mailing List or grab us on IRC and let us know your user name.

From CouchDB 1.2.0 onwards, it is very easy to script the creation of new users by PUTting a correctly formatted JSON document into /_users. Simply PUT a document of the following structure to $COUCHDB/_users/$ID

{
  "_id": "org.couchdb.user:$ID",
  "name": "$ID",
  "roles": [],
  "type": "user",
  "password": "$PASSWORD"
}

The provided password will be salted, and stored as a sha hash.

For example, to create a user wubble with password tubble:

COUCH=http://admin:passwd@localhost:5984
curl -HContent-Type:application/json -vXPUT $COUCH/_users/org.couchdb.user:wubble --data-binary '{"_id": "org.couchdb.user:wubble","name": "wubble","roles": [],"type": "user","password": "tubble"}'

 About to connect() to localhost port 5984 (#0)
*   Trying ::1... Connection refused
*   Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 5984 (#0)
* Server auth using Basic with user 'admin'
> PUT /_users/org.couchdb.user:wubble HTTP/1.1
> Authorization: Basic YWRtaW66cGFzc3dk
> User-Agent: curl/7.21.4 (universal-apple-darwin11.0) libcurl/7.21.4 OpenSSL/0.9.8r zlib/1.2.5
> Host: localhost:5984
> Accept: */*
> Content-Type:application/json
> Content-Length: 99
>
< HTTP/1.1 201 Created
< Server: CouchDB/1.2.0 (Erlang OTP/R15B01)
< Location: http://localhost:5984/_users/org.couchdb.user:wubble
< ETag: "1-2e5fe1cfee2ab231788f73be8043acb5"
< Date: Wed, 02 May 2012 11:45:29 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 86
< Cache-Control: must-revalidate
<
{"ok":true,"id":"org.couchdb.user:wubble","rev":"1-2e5fe1cfee2ab231788f73be8043acb5"}
* Connection #0 to host localhost left intact
* Closing connection #0

Notes:

  • The user record is not accessible without authentication either as that user, or as a server admin
  • The user roles may only be set by a server admin

$ curl -HContent-Type:application/json http://localhost:5984/_users/org.couchdb.user:wubble
{
   "reason" : "missing",
   "error" : "not_found"
}

$ curl -HContent-Type:application/json http://wubble:tubble@localhost:5984/_users/org.couchdb.user:wubble
{
  "_id": "org.couchdb.user:wubble",
  "_rev": "1-2e5fe1cfee2ab231788f73be8043acb5",
  "name": "wubble",
  "roles": [],
  "type": "user",
  "password_sha": "96ccc474390c8754ffe225b30740b42a2e01c46b",
  "salt": "03f9e0f7e36d3b4c6f83a31c4c51868e"
}

$ curl -HContent-Type:application/json -vXPUT $COUCH/_users/org.couchdb.user:wibble --data-binary '{"_id": "org.couchdb.user:wibble","name": "wibble","roles": ["admin"],"type": "user","password": "tubble"}'
* About to connect() to localhost port 5984 (#0)
*   Trying ::1... Connection refused
*   Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 5984 (#0)
> PUT /_users/org.couchdb.user:wibble HTTP/1.1
> User-Agent: curl/7.21.4 (universal-apple-darwin11.0) libcurl/7.21.4 OpenSSL/0.9.8r zlib/1.2.5
> Host: localhost:5984
> Accept: */*
> Content-Type:application/json
> Content-Length: 106
>
< HTTP/1.1 403 Forbidden
< Server: CouchDB/1.2.0 (Erlang OTP/R15B01)
< Date: Wed, 02 May 2012 11:49:49 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 59
< Cache-Control: must-revalidate
<
{
  "error": "forbidden",
  "reason": "Only _admin may set roles"
}
* Connection #0 to host localhost left intact
* Closing connection #0

Creating per-user Databases via script

A common pattern is to create a per-user database, that is only accessible by that user, for read & writing. You'll need to disable Admin Party by creating a server admin.

  • Create a user:

COUCH=http://admin:passwd@localhost:5984
curl -HContent-Type:application/json \
  -vXPUT $COUCH/_users/org.couchdb.user:me \
  --data-binary '{"_id": "org.couchdb.user:me","name": "me","roles": [],"type": "user","password": "pwd"}'
  • create the DB

curl -vX PUT $COUCH/me
  • update the DB security object

curl -vX PUT $COUCH/me/_security  \
   -Hcontent-type:application/json \
    --data-binary '{"admins":{"names":[],"roles":[]},"members":{"names":["me"],"roles":[]}}'

How_to_create_users_via_script (last edited 2012-11-16 13:45:45 by DaveCottlehuber)