documentation commit: updated refs/heads/master to a3101e9

2015-09-10 Thread rnewson 
Repository: couchdb-documentation
Updated Branches:
  refs/heads/master 924136725 -> a3101e9af


Remove new CSRF mechanism


Project: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/repo
Commit: 
http://git-wip-us.apache.org/repos/asf/couchdb-documentation/commit/a3101e9a
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/tree/a3101e9a
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/diff/a3101e9a

Branch: refs/heads/master
Commit: a3101e9af7588583dd554ccf2e7aa2d1c4eb6a6b
Parents: 9241367
Author: Robert Newson 
Authored: Thu Sep 10 12:32:32 2015 +0100
Committer: Robert Newson 
Committed: Thu Sep 10 12:32:32 2015 +0100

--
 src/config/http.rst | 86 
 1 file changed, 86 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/couchdb-documentation/blob/a3101e9a/src/config/http.rst
--
diff --git a/src/config/http.rst b/src/config/http.rst
index 9a93479..6a76a85 100644
--- a/src/config/http.rst
+++ b/src/config/http.rst
@@ -526,92 +526,6 @@ with the vhost name prefixed by ``cors:``. Example case 
for the vhost
 Cross-site Request Forgery protection
 =
 
-.. config:section:: csrf :: Cross-site Request Forgery
-
-.. versionadded:: 2.0 added CSRF protection, see JIRA :issue:`2762`
-
-`CSRF`, or "Cross-site Request Forgery" is a web-based exploit
-where an attacker can cause a user agent to make an authenticated
-form post against a foreign site without their consent. The attack
-works because a user agent will send any cookies it has along with
-the request. The attacker does not see the response, nor can they
-see the user agent's cookies. The attacker hopes to gain
-indirectly, e.g, by posting to a password reset form or cause
-damage by issuing a database delete request.
-
-To prevent this, CouchDB can require a matching request header
-before processing any write request (defined as any method other
-than `GET`, `HEAD` or `OPTIONS`). The correct value of this header
-is unknown to the attacker and so their attack fails.
-
-To enable CSRF protection, add the custom request header
-`X-CouchDB-CSRF` wih value `true` to any request. The response will
-return a cookie named `CouchDB-CSRF`.
-
-If CouchDB sees the `CouchDB-CSRF` cookie in a request it expects
-the same value to be sent in the `X-CouchDB-CSRF` header. If the
-header is missing or does not match the cookie, a `403 Forbidden`
-response is generated. Additionally, CouchDB logs a warning, to
-allow administrators to detect potential CSRF attacks in progress.
-
-Careful clients can verify whether their requests were protected
-from CSRF by examining the `X-CouchDB-CSRF-Valid` response
-header. It should be present and its value should be `true`.
-
-CSRF cookies expire after a configurable period of time but will
-automatically be refreshed by CouchDB on subsequent requests. An
-expired CSRF cookie is equivalent to not sending the cookie (and
-thus the request will not be protected from CSRF).
-
-The following pseudo-code shows how to use the CSRF protection in
-an opportunistic fashion, gracefully degrading when the mechanism
-is not available.
-
-.. code-block:: javascript
-
-if (hasCookie("CouchDB-CSRF")) {
-  setRequestHeader("X-CouchDB-CSRF", cookieValue("CouchDB-CSRF"));
-} else {
-  setRequestHeader("X-CouchDB-CSRF", "true");
-}
-
-.. config:option:: mandatory
-
-CouchDB can insist on CSRF Cookie/Header for all requests
-(except those to the welcome handler, /, so you can acquire a
-cookie) with this setting. The default is false::
-
-[csrf]
-mandatory = true
-
-.. config:option:: mime_types
-
-CouchDB will only enforce CSRF protection for the listed mime
-types. The default list is application/x-www-form-urlencoded,
-multipart/form-data, text/plain::
-
-[csrf]
-mime_types = text/plain
-
-.. config:option:: secret
-
-All CSRF cookies are signed by the server using this value. A
-random value will be chosen if you don't specify it, but we
-recommend setting it yourself, especially if you are running a
-cluster of more than one node. The secret must match on all
-nodes in a cluster to avoid sadness::
-
-[csrf]
-secret = b6fdf2e8213a36dbcca34e61e4000967
-
-.. config:option:: timeout
-
-All CSRF cookies expire after `timeout` seconds. The default
-is an hour::
-
-[csrf]
-timeout = 3600
-
 .. _config/vhosts:

[3/3] couch commit: updated refs/heads/master to b8b9968

2015-09-10 Thread rnewson 
Merge remote-tracking branch 'cloudant/remove-csrf'


Project: http://git-wip-us.apache.org/repos/asf/couchdb-couch/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-couch/commit/b8b99683
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-couch/tree/b8b99683
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-couch/diff/b8b99683

Branch: refs/heads/master
Commit: b8b99683272f3beee159824f7b28777674deaffa
Parents: 8c4e947 ba33257
Author: Robert Newson 
Authored: Thu Sep 10 13:59:08 2015 +0100
Committer: Robert Newson 
Committed: Thu Sep 10 13:59:08 2015 +0100

--

--

[2/3] couch commit: updated refs/heads/master to b8b9968

2015-09-10 Thread rnewson 
Remove new CSRF mechanism


Project: http://git-wip-us.apache.org/repos/asf/couchdb-couch/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-couch/commit/8c4e947e
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-couch/tree/8c4e947e
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-couch/diff/8c4e947e

Branch: refs/heads/master
Commit: 8c4e947ea9445545e7dc5a9d871f03fa0b32ed8c
Parents: 9aff2f6
Author: Robert Newson 
Authored: Thu Sep 10 12:27:17 2015 +0100
Committer: Robert Newson 
Committed: Thu Sep 10 13:59:06 2015 +0100

--
 src/couch_httpd.erl  |  16 +--
 src/couch_httpd_csrf.erl | 223 --
 2 files changed, 5 insertions(+), 234 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/couchdb-couch/blob/8c4e947e/src/couch_httpd.erl
--
diff --git a/src/couch_httpd.erl b/src/couch_httpd.erl
index 720ea0a..eee1001 100644
--- a/src/couch_httpd.erl
+++ b/src/couch_httpd.erl
@@ -306,7 +306,6 @@ handle_request_int(MochiReq, DefaultFun,
 {ok, Resp} =
 try
 validate_host(HttpReq),
-couch_httpd_csrf:validate(HttpReq),
 check_request_uri_length(RawUri),
 case couch_httpd_cors:is_preflight_request(HttpReq) of
 #httpd{} ->
@@ -483,8 +482,7 @@ serve_file(#httpd{mochi_req=MochiReq}=Req, RelativePath, 
DocumentRoot,
 ++ couch_httpd_auth:cookie_auth_header(Req, [])
 ++ ExtraHeaders,
 ResponseHeaders1 = couch_httpd_cors:cors_headers(Req, ResponseHeaders),
-ResponseHeaders2 = couch_httpd_csrf:headers(Req, ResponseHeaders1),
-{ok, MochiReq:serve_file(RelativePath, DocumentRoot, ResponseHeaders2)}.
+{ok, MochiReq:serve_file(RelativePath, DocumentRoot, ResponseHeaders1)}.
 
 qs_value(Req, Key) ->
 qs_value(Req, Key, undefined).
@@ -656,8 +654,7 @@ start_response_length(#httpd{mochi_req=MochiReq}=Req, Code, 
Headers, Length) ->
 Headers1 = Headers ++ server_header() ++
couch_httpd_auth:cookie_auth_header(Req, Headers),
 Headers2 = couch_httpd_cors:cors_headers(Req, Headers1),
-Headers3 = couch_httpd_csrf:headers(Req, Headers2),
-Resp = MochiReq:start_response_length({Code, Headers3, Length}),
+Resp = MochiReq:start_response_length({Code, Headers2, Length}),
 case MochiReq:get(method) of
 'HEAD' -> throw({http_head_abort, Resp});
 _ -> ok
@@ -670,8 +667,7 @@ start_response(#httpd{mochi_req=MochiReq}=Req, Code, 
Headers) ->
 CookieHeader = couch_httpd_auth:cookie_auth_header(Req, Headers),
 Headers1 = Headers ++ server_header() ++ CookieHeader,
 Headers2 = couch_httpd_cors:cors_headers(Req, Headers1),
-Headers3 = couch_httpd_csrf:headers(Req, Headers2),
-Resp = MochiReq:start_response({Code, Headers3}),
+Resp = MochiReq:start_response({Code, Headers2}),
 case MochiReq:get(method) of
 'HEAD' -> throw({http_head_abort, Resp});
 _ -> ok
@@ -706,8 +702,7 @@ start_chunked_response(#httpd{mochi_req=MochiReq}=Req, 
Code, Headers) ->
 Headers2 = Headers1 ++ server_header() ++
couch_httpd_auth:cookie_auth_header(Req, Headers1),
 Headers3 = couch_httpd_cors:cors_headers(Req, Headers2),
-Headers4 = couch_httpd_csrf:headers(Req, Headers3),
-Resp = MochiReq:respond({Code, Headers4, chunked}),
+Resp = MochiReq:respond({Code, Headers3, chunked}),
 case MochiReq:get(method) of
 'HEAD' -> throw({http_head_abort, Resp});
 _ -> ok
@@ -738,9 +733,8 @@ send_response(#httpd{mochi_req=MochiReq}=Req, Code, 
Headers, Body) ->
 Headers2 = Headers1 ++ server_header() ++
couch_httpd_auth:cookie_auth_header(Req, Headers1),
 Headers3 = couch_httpd_cors:cors_headers(Req, Headers2),
-Headers4 = couch_httpd_csrf:headers(Req, Headers3),
 
-{ok, MochiReq:respond({Code, Headers4, Body})}.
+{ok, MochiReq:respond({Code, Headers3, Body})}.
 
 send_method_not_allowed(Req, Methods) ->
 send_error(Req, 405, [{"Allow", Methods}], <<"method_not_allowed">>, 
?l2b("Only " ++ Methods ++ " allowed")).

http://git-wip-us.apache.org/repos/asf/couchdb-couch/blob/8c4e947e/src/couch_httpd_csrf.erl
--
diff --git a/src/couch_httpd_csrf.erl b/src/couch_httpd_csrf.erl
deleted file mode 100644
index 10bb175..000
--- a/src/couch_httpd_csrf.erl
+++ /dev/null
@@ -1,223 +0,0 @@
-% Licensed under the Apache License, Version 2.0 (the "License"); you may not
-% use this file except in compliance with the License.  You may obtain a copy 
of
-% the License at
-%
-%   http://www.apache.org/licenses/LICENSE-2.0
-%
-% Unless required by applicable law or agreed to in writing, software
-% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-%

[1/3] couch commit: updated refs/heads/master to b8b9968

2015-09-10 Thread rnewson 
Repository: couchdb-couch
Updated Branches:
  refs/heads/master 9aff2f663 -> b8b996832


Remove new CSRF mechanism


Project: http://git-wip-us.apache.org/repos/asf/couchdb-couch/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-couch/commit/ba33257c
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-couch/tree/ba33257c
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-couch/diff/ba33257c

Branch: refs/heads/master
Commit: ba33257c6c88140bc11ddda81980af9035030850
Parents: 9d4b0fe
Author: Robert Newson 
Authored: Thu Sep 10 12:27:17 2015 +0100
Committer: Robert Newson 
Committed: Thu Sep 10 12:27:17 2015 +0100

--
 src/couch_httpd.erl  |  16 +--
 src/couch_httpd_csrf.erl | 223 --
 2 files changed, 5 insertions(+), 234 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/couchdb-couch/blob/ba33257c/src/couch_httpd.erl
--
diff --git a/src/couch_httpd.erl b/src/couch_httpd.erl
index 720ea0a..eee1001 100644
--- a/src/couch_httpd.erl
+++ b/src/couch_httpd.erl
@@ -306,7 +306,6 @@ handle_request_int(MochiReq, DefaultFun,
 {ok, Resp} =
 try
 validate_host(HttpReq),
-couch_httpd_csrf:validate(HttpReq),
 check_request_uri_length(RawUri),
 case couch_httpd_cors:is_preflight_request(HttpReq) of
 #httpd{} ->
@@ -483,8 +482,7 @@ serve_file(#httpd{mochi_req=MochiReq}=Req, RelativePath, 
DocumentRoot,
 ++ couch_httpd_auth:cookie_auth_header(Req, [])
 ++ ExtraHeaders,
 ResponseHeaders1 = couch_httpd_cors:cors_headers(Req, ResponseHeaders),
-ResponseHeaders2 = couch_httpd_csrf:headers(Req, ResponseHeaders1),
-{ok, MochiReq:serve_file(RelativePath, DocumentRoot, ResponseHeaders2)}.
+{ok, MochiReq:serve_file(RelativePath, DocumentRoot, ResponseHeaders1)}.
 
 qs_value(Req, Key) ->
 qs_value(Req, Key, undefined).
@@ -656,8 +654,7 @@ start_response_length(#httpd{mochi_req=MochiReq}=Req, Code, 
Headers, Length) ->
 Headers1 = Headers ++ server_header() ++
couch_httpd_auth:cookie_auth_header(Req, Headers),
 Headers2 = couch_httpd_cors:cors_headers(Req, Headers1),
-Headers3 = couch_httpd_csrf:headers(Req, Headers2),
-Resp = MochiReq:start_response_length({Code, Headers3, Length}),
+Resp = MochiReq:start_response_length({Code, Headers2, Length}),
 case MochiReq:get(method) of
 'HEAD' -> throw({http_head_abort, Resp});
 _ -> ok
@@ -670,8 +667,7 @@ start_response(#httpd{mochi_req=MochiReq}=Req, Code, 
Headers) ->
 CookieHeader = couch_httpd_auth:cookie_auth_header(Req, Headers),
 Headers1 = Headers ++ server_header() ++ CookieHeader,
 Headers2 = couch_httpd_cors:cors_headers(Req, Headers1),
-Headers3 = couch_httpd_csrf:headers(Req, Headers2),
-Resp = MochiReq:start_response({Code, Headers3}),
+Resp = MochiReq:start_response({Code, Headers2}),
 case MochiReq:get(method) of
 'HEAD' -> throw({http_head_abort, Resp});
 _ -> ok
@@ -706,8 +702,7 @@ start_chunked_response(#httpd{mochi_req=MochiReq}=Req, 
Code, Headers) ->
 Headers2 = Headers1 ++ server_header() ++
couch_httpd_auth:cookie_auth_header(Req, Headers1),
 Headers3 = couch_httpd_cors:cors_headers(Req, Headers2),
-Headers4 = couch_httpd_csrf:headers(Req, Headers3),
-Resp = MochiReq:respond({Code, Headers4, chunked}),
+Resp = MochiReq:respond({Code, Headers3, chunked}),
 case MochiReq:get(method) of
 'HEAD' -> throw({http_head_abort, Resp});
 _ -> ok
@@ -738,9 +733,8 @@ send_response(#httpd{mochi_req=MochiReq}=Req, Code, 
Headers, Body) ->
 Headers2 = Headers1 ++ server_header() ++
couch_httpd_auth:cookie_auth_header(Req, Headers1),
 Headers3 = couch_httpd_cors:cors_headers(Req, Headers2),
-Headers4 = couch_httpd_csrf:headers(Req, Headers3),
 
-{ok, MochiReq:respond({Code, Headers4, Body})}.
+{ok, MochiReq:respond({Code, Headers3, Body})}.
 
 send_method_not_allowed(Req, Methods) ->
 send_error(Req, 405, [{"Allow", Methods}], <<"method_not_allowed">>, 
?l2b("Only " ++ Methods ++ " allowed")).

http://git-wip-us.apache.org/repos/asf/couchdb-couch/blob/ba33257c/src/couch_httpd_csrf.erl
--
diff --git a/src/couch_httpd_csrf.erl b/src/couch_httpd_csrf.erl
deleted file mode 100644
index 10bb175..000
--- a/src/couch_httpd_csrf.erl
+++ /dev/null
@@ -1,223 +0,0 @@
-% Licensed under the Apache License, Version 2.0 (the "License"); you may not
-% use this file except in compliance with the License.  You may obtain a copy 
of
-% the License at
-%
-%   http://www.apache.org/licenses/LICENSE-2.0
-%
-% Unless required by applicable law or agreed to in writing,

couchdb commit: updated refs/heads/master to dda4a5f

2015-09-10 Thread rnewson 
Repository: couchdb
Updated Branches:
  refs/heads/master a84fcb2d9 -> dda4a5f22


Remove new CSRF mechanism


Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/dda4a5f2
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/dda4a5f2
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/dda4a5f2

Branch: refs/heads/master
Commit: dda4a5f220fa5d3c705b784c9bb1f1dbe776d724
Parents: a84fcb2
Author: Robert Newson 
Authored: Thu Sep 10 12:26:29 2015 +0100
Committer: Robert Newson 
Committed: Thu Sep 10 14:00:46 2015 +0100

--
 dev/run   |  7 +---
 test/javascript/tests/csrf.js | 84 --
 2 files changed, 2 insertions(+), 89 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/couchdb/blob/dda4a5f2/dev/run
--
diff --git a/dev/run b/dev/run
index e519fa6..06c96be 100755
--- a/dev/run
+++ b/dev/run
@@ -30,7 +30,6 @@ import uuid
 from pbkdf2 import pbkdf2_hex
 
 COMMON_SALT = uuid.uuid4().hex
-COMMON_CSRF_SECRET = uuid.uuid4().hex
 
 try:
 from urllib import urlopen
@@ -259,11 +258,9 @@ def hack_local_ini(ctx, contents):
 previous_line = "; require_valid_user = false\n"
 contents = contents.replace(previous_line, previous_line + secret_line)
 
-csrf_secret = '\n\n[csrf]\nsecret = %s\n' % COMMON_CSRF_SECRET
-
 if ctx['with_admin_party']:
 ctx['admin'] = ('Admin Party!', 'You do not need any password.')
-return contents + csrf_secret
+return contents
 
 # handle admin credentials passed from cli or generate own one
 if ctx['admin'] is None:
@@ -271,7 +268,7 @@ def hack_local_ini(ctx, contents):
 else:
 user, pswd = ctx['admin']
 
-return contents + "\n%s = %s" % (user, hashify(pswd)) + csrf_secret
+return contents + "\n%s = %s" % (user, hashify(pswd))
 
 
 def gen_password():

http://git-wip-us.apache.org/repos/asf/couchdb/blob/dda4a5f2/test/javascript/tests/csrf.js
--
diff --git a/test/javascript/tests/csrf.js b/test/javascript/tests/csrf.js
deleted file mode 100644
index e16e78b..000
--- a/test/javascript/tests/csrf.js
+++ /dev/null
@@ -1,84 +0,0 @@
-// Licensed under the Apache License, Version 2.0 (the "License"); you may not
-// use this file except in compliance with the License. You may obtain a copy 
of
-// the License at
-//
-//   http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-// License for the specific language governing permissions and limitations 
under
-// the License.
-
-couchTests.csrf = function(debug) {
-  var db = new CouchDB("test_suite_db", {"X-Couch-Full-Commit":"false"});
-  db.deleteDb();
-  db.createDb();
-
-  if (debug) debugger;
-
-  // Handy function to cause CouchDB to delete the CSRF cookie
-  var deleteCsrf = function() {
-var xhr = CouchDB.request("POST", "/_session", {
-  body: 'name=foo=bar',
-  headers: {'X-CouchDB-CSRF': 'foo',
-'Content-Type': 
'application/x-www-form-urlencoded',
-'Cookie': 'CouchDB-CSRF=foo'}});
-TEquals(403, xhr.status);
-  };
-
-  var testFun = function () {
-  // Shouldn't receive header if we didn't ask for it
-  var xhr = CouchDB.request("GET", "/");
-  TEquals(null, xhr.getResponseHeader("X-CouchDB-CSRF-Valid"), "Didn't ask for 
CSRF");
-  TEquals(200, xhr.status);
-
-  // Matching but invalid cookie/header should 403
-  xhr = CouchDB.request("POST", "/_session", {
-body: 'name=foo=bar',
-headers: {'X-CouchDB-CSRF': 'foo',
-  'Content-Type': 
'application/x-www-form-urlencoded',
-  'Cookie': 'CouchDB-CSRF=foo'}});
-  TEquals(403, xhr.status);
-  TEquals(null, xhr.getResponseHeader("X-CouchDB-CSRF-Valid"), "We sent 
invalid cookie and header");
-
-  // Can I acquire a CouchDB-CSRF cookie?
-  xhr = CouchDB.request("GET", "/", {headers: {'X-CouchDB-CSRF': 'true'}});
-  var cookie = 
xhr.getResponseHeader("Set-Cookie").match('^CouchDB-CSRF=([^;]+)');
-  T(cookie, "Should receive cookie");
-
-  // If I have a cookie, do I get a 403 if I don't send the header?
-  xhr = CouchDB.request("POST", "/_session", {body: 'name=foo=bar',
-  headers: {'Content-Type':
-

fauxton commit: updated refs/heads/master to 227e68b

2015-09-10 Thread robertkowalski 
Repository: couchdb-fauxton
Updated Branches:
  refs/heads/master 8cd744acb -> 227e68bc4


increase timeout for notifications

We might redefine the way notifications work in the future, but it
might be also vaporware, so I'm fixing the timeout for the near
future.

This closes COUCHDB-2692

PR: #516
PR-URL: https://github.com/apache/couchdb-fauxton/pull/516
Reviewed-By: garren smith 


Project: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/commit/227e68bc
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/tree/227e68bc
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/diff/227e68bc

Branch: refs/heads/master
Commit: 227e68bc49d65fc7f5ef210bb98e774ee9694006
Parents: 8cd744a
Author: Robert Kowalski 
Authored: Tue Sep 8 11:22:11 2015 +0200
Committer: Robert Kowalski 
Committed: Thu Sep 10 16:09:56 2015 +0200

--
 app/addons/fauxton/base.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/blob/227e68bc/app/addons/fauxton/base.js
--
diff --git a/app/addons/fauxton/base.js b/app/addons/fauxton/base.js
index db82062..88b5e53 100644
--- a/app/addons/fauxton/base.js
+++ b/app/addons/fauxton/base.js
@@ -104,7 +104,7 @@ function (app, FauxtonAPI, Components, 
NavbarReactComponents, NavigationActions,
   });
 
   Fauxton.Notification = FauxtonAPI.View.extend({
-animationTimer: 5000,
+animationTimer: 8000,
 id: 'global-notification-id',
 events: {
   'click .js-dismiss': 'onClickRemoveWithAnimation'

fauxton commit: updated refs/heads/master to 24953b2

2015-09-10 Thread robertkowalski 
Repository: couchdb-fauxton
Updated Branches:
  refs/heads/master 227e68bc4 -> 24953b293


use FauxtonAPI.url helper

covered by the attachment selenium test

PR: #520
PR-URL: https://github.com/apache/couchdb-fauxton/pull/520
Reviewed-By: Michelle Phung 


Project: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/commit/24953b29
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/tree/24953b29
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/diff/24953b29

Branch: refs/heads/master
Commit: 24953b29308682a9832870a9f33a1ad983ff5ca1
Parents: 227e68b
Author: Robert Kowalski 
Authored: Thu Sep 10 17:51:23 2015 +0200
Committer: Robert Kowalski 
Committed: Thu Sep 10 19:10:26 2015 +0200

--
 app/addons/documents/base.js   | 6 +-
 app/addons/documents/doc-editor/actions.js | 6 +-
 2 files changed, 10 insertions(+), 2 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/blob/24953b29/app/addons/documents/base.js
--
diff --git a/app/addons/documents/base.js b/app/addons/documents/base.js
index ba4a892..6a76eb1 100644
--- a/app/addons/documents/base.js
+++ b/app/addons/documents/base.js
@@ -69,11 +69,15 @@ function (app, FauxtonAPI, Documents) {
 }
   });
 
-  FauxtonAPI.registerUrls( 'document', {
+  FauxtonAPI.registerUrls('document', {
 server: function (database, doc) {
   return app.host + '/' + database + '/' + doc;
 },
 
+attachment: function (database, doc, filename, query) {
+  return app.host + '/' + database + '/' + doc + '/' + filename + query;
+},
+
 app: function (database, doc) {
   return '/database/' + database + '/' + doc;
 },

http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/blob/24953b29/app/addons/documents/doc-editor/actions.js
--
diff --git a/app/addons/documents/doc-editor/actions.js 
b/app/addons/documents/doc-editor/actions.js
index 04fc4a9..3d41d0d 100644
--- a/app/addons/documents/doc-editor/actions.js
+++ b/app/addons/documents/doc-editor/actions.js
@@ -141,9 +141,13 @@ function (app, FauxtonAPI, ActionTypes) {
 // store the xhr in parent scope to allow us to cancel any uploads if the 
user closes the modal
 xhr = $.ajaxSettings.xhr();
 
+var query = '?rev=' + params.rev;
+var db = params.doc.getDatabase().safeID();
+var docId = params.doc.safeID();
 var file = params.files[0];
+
 $.ajax({
-  url: params.doc.url() + '/' + file.name + '?rev=' + params.rev,
+  url: FauxtonAPI.urls('document', 'attachment', db, docId, file.name, 
query),
   type: 'PUT',
   data: file,
   contentType: file.type,

couchdb-mango git commit: Shorten tests

2015-09-10 Thread tonysun83 
Repository: couchdb-mango
Updated Branches:
  refs/heads/2787-modify-testcases 2793b9f50 -> 87bde010f


Shorten tests

COUCHDB-2787


Project: http://git-wip-us.apache.org/repos/asf/couchdb-mango/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-mango/commit/87bde010
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-mango/tree/87bde010
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-mango/diff/87bde010

Branch: refs/heads/2787-modify-testcases
Commit: 87bde010f80719c91ff8ae3fbbe2ec984acb77be
Parents: 2793b9f
Author: Tony Sun 
Authored: Thu Sep 10 11:34:45 2015 -0700
Committer: Tony Sun 
Committed: Thu Sep 10 11:34:45 2015 -0700

--
 test/06-basic-text-test.py | 50 -
 1 file changed, 14 insertions(+), 36 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/couchdb-mango/blob/87bde010/test/06-basic-text-test.py
--
diff --git a/test/06-basic-text-test.py b/test/06-basic-text-test.py
index 53e9159..8ed09f9 100644
--- a/test/06-basic-text-test.py
+++ b/test/06-basic-text-test.py
@@ -14,9 +14,9 @@ import json
 import mango
 import unittest
 import user_docs
-import copy
+import math
 import num_string_docs
-from hypothesis import given, assume
+from hypothesis import given, assume, example
 import hypothesis.strategies as st
 
 @unittest.skipIf(mango.has_text_service(), "text service exists")
@@ -567,43 +567,21 @@ class NumStringTests(mango.DbPerClass):
 klass.db.recreate()
 klass.db.create_text_index()
 
-def test_nan_val(self):
-doc = {"number_NaN": "NaN"}
-self.db.save_doc(doc)
-q = {"$text": "NaN"}
-docs = self.db.find(q)
-print docs
-assert docs[0]["number_NaN"] == "NaN"
-
-def test_infinity_val(self):
-doc = {"number_Infinity": "Infinity"}
-self.db.save_doc(doc)
-q = {"$text": "Infinity"}
-docs = self.db.find(q)
-assert docs[0]["number_Infinity"] == "Infinity"
-
-@given(float_point_string=st.floats().map(str))
-def test_floating_point_val(self,float_point_string):
-assume(float_point_string!="nan")
-doc = {"number_string": float_point_string}
-self.db.save_doc(doc)
-q = {"$text": float_point_string}
-docs = self.db.find(q)
-if len(docs) == 1:
-assert docs[0]["number_string"] == float_point_string
-if len(docs) == 2:
-if docs[0]["number_string"] != float_point_string:
-assert docs[1]["number_string"] == float_point_string
+# not available for python 2.7.x
+def isFinite(num):
+not (math.isinf(num) or math.isnan(num))
 
-@given(f=st.floats())
+@given(f=st.floats().filter(isFinite).map(str)
+| st.floats().map(lambda f: f.hex()))
+@example('NaN')
+@example('Infinity')
 def test_floating_point_val(self,f):
-hex_float_point_string = f.hex()
-doc = {"number_string": hex_float_point_string}
+doc = {"number_string": f}
 self.db.save_doc(doc)
-q = {"$text": hex_float_point_string}
+q = {"$text": f}
 docs = self.db.find(q)
 if len(docs) == 1:
-assert docs[0]["number_string"] == hex_float_point_string
+assert docs[0]["number_string"] == f
 if len(docs) == 2:
-if docs[0]["number_string"] != hex_float_point_string:
-assert docs[1]["number_string"] == hex_float_point_string
+if docs[0]["number_string"] != f:
+assert docs[1]["number_string"] == f

couchdb-mango git commit: Remove num_string_docs references

2015-09-10 Thread tonysun83 
Repository: couchdb-mango
Updated Branches:
  refs/heads/2787-modify-testcases 87bde010f -> 6b0ab626c


Remove num_string_docs references

COUCHDB-2787


Project: http://git-wip-us.apache.org/repos/asf/couchdb-mango/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-mango/commit/6b0ab626
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-mango/tree/6b0ab626
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-mango/diff/6b0ab626

Branch: refs/heads/2787-modify-testcases
Commit: 6b0ab626cbe0a6f6bbef200579caafb6b7554f59
Parents: 87bde01
Author: Tony Sun 
Authored: Thu Sep 10 14:33:15 2015 -0700
Committer: Tony Sun 
Committed: Thu Sep 10 14:33:15 2015 -0700

--
 test/06-basic-text-test.py | 1 -
 test/mango.py  | 9 -
 2 files changed, 10 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/couchdb-mango/blob/6b0ab626/test/06-basic-text-test.py
--
diff --git a/test/06-basic-text-test.py b/test/06-basic-text-test.py
index 8ed09f9..493befc 100644
--- a/test/06-basic-text-test.py
+++ b/test/06-basic-text-test.py
@@ -15,7 +15,6 @@ import mango
 import unittest
 import user_docs
 import math
-import num_string_docs
 from hypothesis import given, assume, example
 import hypothesis.strategies as st
 

http://git-wip-us.apache.org/repos/asf/couchdb-mango/blob/6b0ab626/test/mango.py
--
diff --git a/test/mango.py b/test/mango.py
index 0487557..5ca8367 100644
--- a/test/mango.py
+++ b/test/mango.py
@@ -21,7 +21,6 @@ import requests
 import friend_docs
 import user_docs
 import limit_docs
-import num_string_docs
 
 
 def random_db_name():
@@ -242,11 +241,3 @@ class LimitDocsTextTests(DbPerClass):
 super(LimitDocsTextTests, klass).setUpClass()
 if has_text_service():
 limit_docs.setup(klass.db, index_type="text")
-
-class NumStringDocsTextTests(DbPerClass):
-
-@classmethod
-def setUpClass(klass):
-super(NumStringDocsTextTests, klass).setUpClass()
-if has_text_service():
-num_string_docs.setup(klass.db, index_type="text")

couchdb-mango git commit: Start couchdb with testuser

2015-09-10 Thread tonysun83 
Repository: couchdb-mango
Updated Branches:
  refs/heads/2787-modify-testcases 6b0ab626c -> 97670f3d7


Start couchdb with testuser

COUCHDB-2787


Project: http://git-wip-us.apache.org/repos/asf/couchdb-mango/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-mango/commit/97670f3d
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-mango/tree/97670f3d
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-mango/diff/97670f3d

Branch: refs/heads/2787-modify-testcases
Commit: 97670f3d79b67efb4fac252e6139ce161099ab45
Parents: 6b0ab62
Author: Tony Sun 
Authored: Thu Sep 10 23:01:04 2015 -0700
Committer: Tony Sun 
Committed: Thu Sep 10 23:01:04 2015 -0700

--
 .travis.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/couchdb-mango/blob/97670f3d/.travis.yml
--
diff --git a/.travis.yml b/.travis.yml
index 04fdb33..2c6b2f0 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -9,7 +9,7 @@ before_install:
   - cp -R ../src ./src/mango
   - make
   - cd ..
-  - couchdb/dev/run -n 1 --with-admin-party-please &
+  - couchdb/dev/run -n 1 --admin=testuser:testpass &
   - sleep 10
 
 before_script:

[2/2] couchdb-setup git commit: fix badarg error

2015-09-10 Thread robertkowalski 
fix badarg error


Project: http://git-wip-us.apache.org/repos/asf/couchdb-setup/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-setup/commit/20ac682c
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-setup/tree/20ac682c
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-setup/diff/20ac682c

Branch: refs/heads/wizard-admin.party
Commit: 20ac682c00d9ef5039c31370b2784067f19da070
Parents: 2d3da67
Author: Robert Kowalski 
Authored: Thu Sep 10 21:08:39 2015 +0200
Committer: Robert Kowalski 
Committed: Thu Sep 10 21:08:39 2015 +0200

--
 src/setup.erl | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/couchdb-setup/blob/20ac682c/src/setup.erl
--
diff --git a/src/setup.erl b/src/setup.erl
index aa2da56..91c7ed3 100644
--- a/src/setup.erl
+++ b/src/setup.erl
@@ -147,8 +147,10 @@ enable_cluster_int(Options, no) ->
 case Port of
 undefined ->
 ok;
-Port ->
-config:set("httpd", "port", integer_to_list(Port))
+Port when is_binary(Port) ->
+config:set("httpd", "port", binary_to_list(Port));
+Port when is_integer(Port) ->
+config:set_integer("httpd", "port", Port)
 end,
 couch_log:notice("Enable Cluster: ~p~n", [Options]).
 %cluster_state:set(enabled).

[1/2] couchdb-setup git commit: fix enable_cluster_http for admin-party clusters

2015-09-10 Thread robertkowalski 
Repository: couchdb-setup
Updated Branches:
  refs/heads/wizard-admin.party [created] 20ac682c0


fix enable_cluster_http for admin-party clusters


Project: http://git-wip-us.apache.org/repos/asf/couchdb-setup/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-setup/commit/2d3da674
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-setup/tree/2d3da674
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-setup/diff/2d3da674

Branch: refs/heads/wizard-admin.party
Commit: 2d3da67489212ee9fdfc1f512a5f7e4b71114cca
Parents: ff19be1
Author: Robert Kowalski 
Authored: Fri Jul 31 17:04:23 2015 +0200
Committer: Robert Kowalski 
Committed: Thu Sep 10 20:36:00 2015 +0200

--
 src/setup.erl | 21 +++-
 test/t-admin-party.sh | 60 ++
 2 files changed, 75 insertions(+), 6 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/couchdb-setup/blob/2d3da674/src/setup.erl
--
diff --git a/src/setup.erl b/src/setup.erl
index 2118349..aa2da56 100644
--- a/src/setup.erl
+++ b/src/setup.erl
@@ -69,14 +69,23 @@ enable_cluster(Options) ->
 enable_cluster_http(Options)
 end.
 
+get_remote_request_options(Options) ->
+case couch_util:get_value(remote_current_user, Options, undefined) of
+undefined ->
+[];
+_ ->
+[
+{basic_auth, {
+binary_to_list(couch_util:get_value(remote_current_user, 
Options)),
+
binary_to_list(couch_util:get_value(remote_current_password, Options))
+}}
+]
+end.
+
 enable_cluster_http(Options) ->
 % POST to nodeB/_setup
-RequestOptions = [
-{basic_auth, {
-binary_to_list(couch_util:get_value(remote_current_user, Options)),
-binary_to_list(couch_util:get_value(remote_current_password, 
Options))
-}}
-],
+
+RequestOptions = get_remote_request_options(Options),
 
 Body = ?JSON_ENCODE({[
 {<<"action">>, <<"enable_cluster">>},

http://git-wip-us.apache.org/repos/asf/couchdb-setup/blob/2d3da674/test/t-admin-party.sh
--
diff --git a/test/t-admin-party.sh b/test/t-admin-party.sh
new file mode 100755
index 000..3c94917
--- /dev/null
+++ b/test/t-admin-party.sh
@@ -0,0 +1,60 @@
+#!/bin/sh -ex
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy of
+# the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations under
+# the License.
+
+HEADERS="-HContent-Type:application/json"
+# show cluster state:
+curl 127.0.0.1:15986/_nodes/_all_docs
+
+# Enable Cluster on node A
+curl 127.0.0.1:15984/_cluster_setup -d 
'{"action":"enable_cluster","username":"a","password":"b","bind_address":"0.0.0.0"}'
 $HEADERS
+
+# Add node B on node A
+curl a:b@127.0.0.1:15984/_cluster_setup -d 
'{"action":"add_node","username":"a","password":"b","host":"127.0.0.1","port":25984}'
 $HEADERS
+
+# Enable Cluster on node B
+curl a:b@127.0.0.1:15984/_cluster_setup -d 
'{"action":"enable_cluster","remote_node":"127.0.0.1","port":"25984","username":"a","password":"b","bind_address":"0.0.0.0"}'
 $HEADERS
+
+# Show cluster state:
+curl a:b@127.0.0.1:15986/_nodes/_all_docs
+
+# Show db doesn’t exist on node A
+curl a:b@127.0.0.1:15984/foo
+
+# Show db doesn’t exist on node B
+curl a:b@127.0.0.1:25984/foo
+
+# Create database (on node A)
+curl -X PUT a:b@127.0.0.1:15984/foo
+
+# Show db does exist on node A
+curl a:b@127.0.0.1:15984/foo
+
+# Show db does exist on node B
+curl a:b@127.0.0.1:25984/foo
+
+# Finish cluster
+curl a:b@127.0.0.1:15984/_cluster_setup -d '{"action":"finish_cluster"}' 
$HEADERS
+
+# Show system dbs exist on node A
+curl a:b@127.0.0.1:15984/_users
+curl a:b@127.0.0.1:15984/_replicator
+curl a:b@127.0.0.1:15984/_metadata
+curl a:b@127.0.0.1:15984/_global_changes
+
+# Show system dbs exist on node B
+curl a:b@127.0.0.1:25984/_users
+curl a:b@127.0.0.1:25984/_replicator
+curl a:b@127.0.0.1:25984/_metadata
+curl a:b@127.0.0.1:25984/_global_changes
+
+echo "YAY ALL GOOD"

fauxton commit: updated refs/heads/master to ae91c75

2015-09-10 Thread benkeen 
Repository: couchdb-fauxton
Updated Branches:
  refs/heads/master 24953b293 -> ae91c75e6


Remove unused template; flexbox CSS tweaks; mixins added

Just a few small clean-up tasks. This removes an unused
template, improves the flex CSS to make it more usable
elsewhere including moving the key rules to mixins.


Project: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/commit/ae91c75e
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/tree/ae91c75e
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/diff/ae91c75e

Branch: refs/heads/master
Commit: ae91c75e6672c214a4f2a98377791d13fa714f83
Parents: 24953b2
Author: Ben Keen 
Authored: Tue Sep 8 16:31:34 2015 -0700
Committer: Ben Keen 
Committed: Thu Sep 10 13:56:43 2015 -0700

--
 .../compaction/assets/less/compaction.less  |  2 +-
 app/templates/layouts/with_tabs.html| 25 --
 app/templates/layouts/with_tabs_sidebar.html|  4 +--
 assets/less/layouts.less| 36 
 assets/less/mixins.less | 20 +++
 5 files changed, 37 insertions(+), 50 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/blob/ae91c75e/app/addons/compaction/assets/less/compaction.less
--
diff --git a/app/addons/compaction/assets/less/compaction.less 
b/app/addons/compaction/assets/less/compaction.less
index 5344989..4083c6a 100644
--- a/app/addons/compaction/assets/less/compaction.less
+++ b/app/addons/compaction/assets/less/compaction.less
@@ -19,6 +19,6 @@
   padding: 10px;
 }
 
-#dashboard.flexbox-layout #dashboard-content .compaction-page {
+#dashboard-content.flex-layout .compaction-page {
   padding: @panelPadding;
 }

http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/blob/ae91c75e/app/templates/layouts/with_tabs.html
--
diff --git a/app/templates/layouts/with_tabs.html 
b/app/templates/layouts/with_tabs.html
deleted file mode 100644
index 94cf801..000
--- a/app/templates/layouts/with_tabs.html
+++ /dev/null
@@ -1,25 +0,0 @@
-
-
-
-  
-
-
-  
-
-  
-   
-
-  
-

http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/blob/ae91c75e/app/templates/layouts/with_tabs_sidebar.html
--
diff --git a/app/templates/layouts/with_tabs_sidebar.html 
b/app/templates/layouts/with_tabs_sidebar.html
index e0cff3e..4e16359 100644
--- a/app/templates/layouts/with_tabs_sidebar.html
+++ b/app/templates/layouts/with_tabs_sidebar.html
@@ -12,7 +12,7 @@ License for the specific language governing permissions and 
limitations under
 the License.
 */%>
 
-
+
 
   
 
@@ -26,7 +26,7 @@ the License.
 
 
 
-
+
   
   
   

http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/blob/ae91c75e/assets/less/layouts.less
--
diff --git a/assets/less/layouts.less b/assets/less/layouts.less
index 33b2af9..2321f16 100644
--- a/assets/less/layouts.less
+++ b/assets/less/layouts.less
@@ -1,16 +1,17 @@
 @import "variables.less";
+@import "mixins.less";
 
 
-/* new flex layout for templates */
+/* new flex layout for templates. "body #dashboard" needed for specificity: 
will remove at end */
+body #dashboard .flex-layout {
+  .display-flex();
 
-#dashboard.flexbox-layout #dashboard-content {
-  display: -webkit-flex;
-  display: -ms-flexbox;
-  display: flex;
-
-  -webkit-flex-direction: column;
-  -ms-flex-direction: column;
-  flex-direction: column;
+  &.flex-cols {
+.flex-direction(column);
+  }
+  &.flex-rows {
+.flex-direction(row);
+  }
 
   /* overrides */
   padding: 0;
@@ -21,35 +22,26 @@
 
   /* always default all child elements as flex items */
   &>* {
--webkit-flex: 1;
--ms-flex: 1;
-flex: 1;
+.flex(1);
   }
 
   /* notice we don't set heights. Flex will expand to fill the content but no 
more */
   #dashboard-upper-content {
--webkit-flex: 0 0 auto;
--ms-flex: 0 0 auto;
-flex: 0 0 auto;
+.flex(0 0 auto);
   }
-
   #dashboard-lower-content {
 padding: @panelPadding;
   }
 
   #footer {
--webkit-flex: 0 0 auto;
--ms-flex: 0 0 auto;
-flex: 0 0 auto;
+.flex(0 0 auto);
   }
 }
 
 /* can be added to any element in a display:flex element that you want to act 
as the main body. It expands to the
available space and shows a scrollbar */
 .flex-body {
-  -webkit-flex: 1;
-  -ms-flex: 1;
-  flex: 1;
+  .flex(1);
   overflow: auto;
 }
 

http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/blob/ae91c75e/assets/less/mixins.less