CouchDB Fauxton Web Interface: how to not require login to create/edit documents
I am trying to set up a CouchDB instance to:
- Not require login at web user interface when to create/edit/delete documents for random people who go to
http://my_couchdb:5984 - Prevent random people from making admin level changes
- Ex: modify design docs, add users or remove pre-existing users
Basically, I would like random people to be something like the members described here: https://docs.couchdb.org/en/2.3.1/api/database/security.html#api-db-security
What settings are necessary to make this happen? Do they live in etc/local.ini?
I would not like to use cookies or individual user databases.
How I Set It Up
I configured CouchDB to have an admin user, boss.
I also made a database bananas: http://my_couchdb:5984/_utils/#database/bananas/_all_docs
What I've Tried So Far
Manipulating require_valid_user in both httpd and chttpd inside etc/local.ini (source) did not work for me, maybe I didn't quite do it right
Per this answer, I tried adding the admin user boss to Permissions --> Admins --> Users of both _users db and bananas db, and it failed to achieve my desired result.
I then removed both of these, and the response of curl $HOST/bananas/_security is now {}.
This answer talks about creating a low-permissions user, but doesn't talk about how to bypass log in.
The below authentication_handler works, but I don't want an Admin Party, so I need a better method.
[chttpd]
authentication_handlers = {couch_httpd_auth, null_authentication_handler}
**Update**
As pointed out by @uminder, out of the box it seems to be possible to make documents without credentials. I ran the following command from a second machine:
curl -X PUT http://my_couchdb:5984/bananas/test -d '{ "name": "test document" }'
And can then view (but not edit) the document by going here:
http://my_couchdb:5984/bananas/test
(Please ignore that the hostname is not actually my_couchdb)
What I need is to use a web UI, without login, to edit that document. Currently, the UI is Fauxton. Here is what I do:
- Go here: http://my_couchdb:5984/_utils/#database/bananas/test
- It redirects to login page here: http://my_couchdb:5984/_utils/#login
How can I not get redirected to login, and just be able to edit the document using the Web UI?
Setup Information
- CouchDB Version:
2.3.1 - OS:
Ubuntu 16.04.3 LTS
Please let me know what other information is needed to arrive at a solution! I am new to configuring CouchDB.
I just locally installed CouchDB (Single Node Setup) on Windows 10. Then I created an admin user and a bananas database in Fauxton.
Using curl, I was able to create, update and delete documents in bananas database without providing any credencials.
curl -X PUT http://127.0.0.1:5984/bananas/1 -d '{ "name": "doc 1" }'
curl -X PUT http://127.0.0.1:5984/bananas/1 -d '{ "name": "doc 2", "_rev": "1-5cd56a944d3d59a44613269396365431" }'
curl -X DELETE http://127.0.0.1:5984/bananas/1?rev=3-2b34329467970cc792cee5931a68ca2e
When trying to create a design document (an index) in bananas however, I got an "unauthorized" error with reason "You are not a db or server admin."
curl -X PUT http://127.0.0.1:5984/bananas/_design/name_idx -d '{ "index": { "fields": ["name"] } }
The result was exactly the same when I installing CouchDB on another computer within the same subnet. It seems that in these cases, a newly installed CouchDB with default settings just behaves the way you wish, at least when referring to the tile of your answer.
If I had to make my CouchDB accessible through a public URL, I would try to change the default security object and enable CORS in the local.ini file.
[couchdb]
default_security = everyone
[httpd]
enable_cors = true
[cors]
origins = *
methods = GET,POST,PUT,DELETE
credentials = false
Bypassing Web-Interface Login
I don't think Fauxton can be configured to bypass the login page in order to allow anonymous users to directly create, update or delete documents. You would have to create a fork of the couchdb-fauxton project and change the code to fit your needs.
Alternatively you could write you own web-interface (Angular, React, Vue.js ...) that internally uses an existing user for authentication but hides this to the end user.
- How/why is login page redirect required?
- How can I sync JWT blacklists in PHP microservices without a bottleneck or SPOF?
- "MultipleObjectsReturned or ObjectDoesNotExist error when accessing 'google' provider in Django-allauth"
- login page asp.net sql
- Need help understanding keycloak, reverse proxies, and middleware in a cluster
- Classic ASP Request.ServerVariables("LOGON_USER") returning wrong username
- .Net 8: Cannot authenticate user with "Individual Accounts Auth" template
- Issue: All users access the same google drive account
- Get username from Azure Identity
- How do I persist the the user with supabase using nextjs?
- Retrieve .htaccess login name from PHP
- ways of authentication with Nginx
- How do I access a dev tunnel from a service/authenticate between apps?
- Issue with Logout in Nuxt 3 using Sidebase NuxtAuth: Error Page Flash and Redirect Loop to /dashboard
- robin_stocks Robinhood Authentication Stopped Working
- split .pfx file into .crt and .key with openssl
- login/logout issue for multiple IIS applications under the same site
- How to secure MongoDB with username and password
- Modify Cas overlay 7.1.3 to add custom RestController
- Clone A Private Repository (Github)
- Laravel What is a guard?
- Feach data from node.js backend - 401 (Unauthorized)
- Laravel Fortify vue 419 error when logging in after logout
- Auth.js v5 useSession(): Session data is only displayed after manually reloading the page (NextJS 14)
- Docker set user password non-interactively
- AADSTS50011: The redirect URI http does not match the redirect URIs
- AuthenticationStateSerialization does not reflect server changes back to the client
- JWT token authentication fails with message "PII is hidden"
- Auth0 Logout Not Fully Logging Out – Auto Login Without Password Prompt
- How to prevent download of files to unauthenticated users