[jira] [Created] (COUCHDB-1837) Incorrect HTTP response on attempt to update other user doc with public fields enabled

Fri, 21 Jun 2013 15:57:14 -0700 

Alexander Shorin created COUCHDB-1837:
-----------------------------------------

             Summary: Incorrect HTTP response on attempt to update other user 
doc with public fields enabled
                 Key: COUCHDB-1837
                 URL: https://issues.apache.org/jira/browse/COUCHDB-1837
             Project: CouchDB
          Issue Type: Bug
          Components: HTTP Interface
            Reporter: Alexander Shorin


When `public_fields` are specified (see 
[8d7ab8b1|https://git-wip-us.apache.org/repos/asf?p=couchdb.git;a=commit;h=8d7ab8b18dd20f8785e69f4420c6f93a2edbfa60]
 commit) and regular user tries to update other user doc, CouchDB return HTTP 
404 Not Found request while HTTP 403 Forbidden is more expected.

Steps to reproduce:

1. Enable `public_fields`

{code}
curl -X PUT http://localhost:5984/_config/couch_httpd_auth/public_fields -d 
'"name,email,whatever"' -H "Content-Type: application/json" --user couch_admin  
{code}

2. Setup some users

{code}
curl -X PUT http://localhost:5984/_users/org.couchdb.user:abc -d 
'{"name":"abc", "roles":[], "type":"user", "password": "cba"}'  -H 
"Content-Type: application/json"  
curl -X PUT http://localhost:5984/_users/org.couchdb.user:def -d 
'{"name":"def", "roles":[], "type":"user", "password": "fed"}'  -H 
"Content-Type: application/json"  
{code}

3. Now user `abc` may browse `def` doc

{code}
> curl -v http://abc:cba@localhost:5984/_users/org.couchdb.user:def             
>                                           

HTTP/1.1 200 OK
Cache-Control: must-revalidate
Content-Length: 88
Content-Type: text/plain; charset=utf-8
Date: Fri, 21 Jun 2013 22:48:03 GMT
ETag: "1-fa20c151bb6946527d261e9ef4338923"
Server: CouchDB/1.4.0+build.8d7ab8b (Erlang OTP/R16B)

{"_id":"org.couchdb.user:def","_rev":"1-fa20c151bb6946527d261e9ef4338923","name":"def"}
{code}

4. Try to save `def`'s doc:

{code}
curl -v -X PUT http://abc:cba@localhost:5984/_users/org.couchdb.user:def -d 
'{}' -H "Content-Type: application/json"          

HTTP/1.1 404 Object Not Found
Server: CouchDB/1.4.0+build.8d7ab8b (Erlang OTP/R16B)
Date: Fri, 21 Jun 2013 22:49:44 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 41
Cache-Control: must-revalidate

{"error":"not_found","reason":"missing"}
{code}

Since `org.couchdb.user:def` doc is actually exists and available for direct 
GET request 404 response is incorrect and confuses while HTTP 403 Forbidden is 
expected.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to