documentation commit: updated refs/heads/master to a3101e9
Repository: couchdb-documentation Updated Branches: refs/heads/master 924136725 -> a3101e9af Remove new CSRF mechanism Project: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/repo Commit: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/commit/a3101e9a Tree: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/tree/a3101e9a Diff: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/diff/a3101e9a Branch: refs/heads/master Commit: a3101e9af7588583dd554ccf2e7aa2d1c4eb6a6b Parents: 9241367 Author: Robert NewsonAuthored: Thu Sep 10 12:32:32 2015 +0100 Committer: Robert Newson Committed: Thu Sep 10 12:32:32 2015 +0100 -- src/config/http.rst | 86 1 file changed, 86 deletions(-) -- http://git-wip-us.apache.org/repos/asf/couchdb-documentation/blob/a3101e9a/src/config/http.rst -- diff --git a/src/config/http.rst b/src/config/http.rst index 9a93479..6a76a85 100644 --- a/src/config/http.rst +++ b/src/config/http.rst @@ -526,92 +526,6 @@ with the vhost name prefixed by ``cors:``. Example case for the vhost Cross-site Request Forgery protection = -.. config:section:: csrf :: Cross-site Request Forgery - -.. versionadded:: 2.0 added CSRF protection, see JIRA :issue:`2762` - -`CSRF`, or "Cross-site Request Forgery" is a web-based exploit -where an attacker can cause a user agent to make an authenticated -form post against a foreign site without their consent. The attack -works because a user agent will send any cookies it has along with -the request. The attacker does not see the response, nor can they -see the user agent's cookies. The attacker hopes to gain -indirectly, e.g, by posting to a password reset form or cause -damage by issuing a database delete request. - -To prevent this, CouchDB can require a matching request header -before processing any write request (defined as any method other -than `GET`, `HEAD` or `OPTIONS`). The correct value of this header -is unknown to the attacker and so their attack fails. - -To enable CSRF protection, add the custom request header -`X-CouchDB-CSRF` wih value `true` to any request. The response will -return a cookie named `CouchDB-CSRF`. - -If CouchDB sees the `CouchDB-CSRF` cookie in a request it expects -the same value to be sent in the `X-CouchDB-CSRF` header. If the -header is missing or does not match the cookie, a `403 Forbidden` -response is generated. Additionally, CouchDB logs a warning, to -allow administrators to detect potential CSRF attacks in progress. - -Careful clients can verify whether their requests were protected -from CSRF by examining the `X-CouchDB-CSRF-Valid` response -header. It should be present and its value should be `true`. - -CSRF cookies expire after a configurable period of time but will -automatically be refreshed by CouchDB on subsequent requests. An -expired CSRF cookie is equivalent to not sending the cookie (and -thus the request will not be protected from CSRF). - -The following pseudo-code shows how to use the CSRF protection in -an opportunistic fashion, gracefully degrading when the mechanism -is not available. - -.. code-block:: javascript - -if (hasCookie("CouchDB-CSRF")) { - setRequestHeader("X-CouchDB-CSRF", cookieValue("CouchDB-CSRF")); -} else { - setRequestHeader("X-CouchDB-CSRF", "true"); -} - -.. config:option:: mandatory - -CouchDB can insist on CSRF Cookie/Header for all requests -(except those to the welcome handler, /, so you can acquire a -cookie) with this setting. The default is false:: - -[csrf] -mandatory = true - -.. config:option:: mime_types - -CouchDB will only enforce CSRF protection for the listed mime -types. The default list is application/x-www-form-urlencoded, -multipart/form-data, text/plain:: - -[csrf] -mime_types = text/plain - -.. config:option:: secret - -All CSRF cookies are signed by the server using this value. A -random value will be chosen if you don't specify it, but we -recommend setting it yourself, especially if you are running a -cluster of more than one node. The secret must match on all -nodes in a cluster to avoid sadness:: - -[csrf] -secret = b6fdf2e8213a36dbcca34e61e4000967 - -.. config:option:: timeout - -All CSRF cookies expire after `timeout` seconds. The default -is an hour:: - -[csrf] -timeout = 3600 - .. _config/vhosts:
[3/3] couch commit: updated refs/heads/master to b8b9968
Merge remote-tracking branch 'cloudant/remove-csrf' Project: http://git-wip-us.apache.org/repos/asf/couchdb-couch/repo Commit: http://git-wip-us.apache.org/repos/asf/couchdb-couch/commit/b8b99683 Tree: http://git-wip-us.apache.org/repos/asf/couchdb-couch/tree/b8b99683 Diff: http://git-wip-us.apache.org/repos/asf/couchdb-couch/diff/b8b99683 Branch: refs/heads/master Commit: b8b99683272f3beee159824f7b28777674deaffa Parents: 8c4e947 ba33257 Author: Robert NewsonAuthored: Thu Sep 10 13:59:08 2015 +0100 Committer: Robert Newson Committed: Thu Sep 10 13:59:08 2015 +0100 -- --
[2/3] couch commit: updated refs/heads/master to b8b9968
Remove new CSRF mechanism Project: http://git-wip-us.apache.org/repos/asf/couchdb-couch/repo Commit: http://git-wip-us.apache.org/repos/asf/couchdb-couch/commit/8c4e947e Tree: http://git-wip-us.apache.org/repos/asf/couchdb-couch/tree/8c4e947e Diff: http://git-wip-us.apache.org/repos/asf/couchdb-couch/diff/8c4e947e Branch: refs/heads/master Commit: 8c4e947ea9445545e7dc5a9d871f03fa0b32ed8c Parents: 9aff2f6 Author: Robert NewsonAuthored: Thu Sep 10 12:27:17 2015 +0100 Committer: Robert Newson Committed: Thu Sep 10 13:59:06 2015 +0100 -- src/couch_httpd.erl | 16 +-- src/couch_httpd_csrf.erl | 223 -- 2 files changed, 5 insertions(+), 234 deletions(-) -- http://git-wip-us.apache.org/repos/asf/couchdb-couch/blob/8c4e947e/src/couch_httpd.erl -- diff --git a/src/couch_httpd.erl b/src/couch_httpd.erl index 720ea0a..eee1001 100644 --- a/src/couch_httpd.erl +++ b/src/couch_httpd.erl @@ -306,7 +306,6 @@ handle_request_int(MochiReq, DefaultFun, {ok, Resp} = try validate_host(HttpReq), -couch_httpd_csrf:validate(HttpReq), check_request_uri_length(RawUri), case couch_httpd_cors:is_preflight_request(HttpReq) of #httpd{} -> @@ -483,8 +482,7 @@ serve_file(#httpd{mochi_req=MochiReq}=Req, RelativePath, DocumentRoot, ++ couch_httpd_auth:cookie_auth_header(Req, []) ++ ExtraHeaders, ResponseHeaders1 = couch_httpd_cors:cors_headers(Req, ResponseHeaders), -ResponseHeaders2 = couch_httpd_csrf:headers(Req, ResponseHeaders1), -{ok, MochiReq:serve_file(RelativePath, DocumentRoot, ResponseHeaders2)}. +{ok, MochiReq:serve_file(RelativePath, DocumentRoot, ResponseHeaders1)}. qs_value(Req, Key) -> qs_value(Req, Key, undefined). @@ -656,8 +654,7 @@ start_response_length(#httpd{mochi_req=MochiReq}=Req, Code, Headers, Length) -> Headers1 = Headers ++ server_header() ++ couch_httpd_auth:cookie_auth_header(Req, Headers), Headers2 = couch_httpd_cors:cors_headers(Req, Headers1), -Headers3 = couch_httpd_csrf:headers(Req, Headers2), -Resp = MochiReq:start_response_length({Code, Headers3, Length}), +Resp = MochiReq:start_response_length({Code, Headers2, Length}), case MochiReq:get(method) of 'HEAD' -> throw({http_head_abort, Resp}); _ -> ok @@ -670,8 +667,7 @@ start_response(#httpd{mochi_req=MochiReq}=Req, Code, Headers) -> CookieHeader = couch_httpd_auth:cookie_auth_header(Req, Headers), Headers1 = Headers ++ server_header() ++ CookieHeader, Headers2 = couch_httpd_cors:cors_headers(Req, Headers1), -Headers3 = couch_httpd_csrf:headers(Req, Headers2), -Resp = MochiReq:start_response({Code, Headers3}), +Resp = MochiReq:start_response({Code, Headers2}), case MochiReq:get(method) of 'HEAD' -> throw({http_head_abort, Resp}); _ -> ok @@ -706,8 +702,7 @@ start_chunked_response(#httpd{mochi_req=MochiReq}=Req, Code, Headers) -> Headers2 = Headers1 ++ server_header() ++ couch_httpd_auth:cookie_auth_header(Req, Headers1), Headers3 = couch_httpd_cors:cors_headers(Req, Headers2), -Headers4 = couch_httpd_csrf:headers(Req, Headers3), -Resp = MochiReq:respond({Code, Headers4, chunked}), +Resp = MochiReq:respond({Code, Headers3, chunked}), case MochiReq:get(method) of 'HEAD' -> throw({http_head_abort, Resp}); _ -> ok @@ -738,9 +733,8 @@ send_response(#httpd{mochi_req=MochiReq}=Req, Code, Headers, Body) -> Headers2 = Headers1 ++ server_header() ++ couch_httpd_auth:cookie_auth_header(Req, Headers1), Headers3 = couch_httpd_cors:cors_headers(Req, Headers2), -Headers4 = couch_httpd_csrf:headers(Req, Headers3), -{ok, MochiReq:respond({Code, Headers4, Body})}. +{ok, MochiReq:respond({Code, Headers3, Body})}. send_method_not_allowed(Req, Methods) -> send_error(Req, 405, [{"Allow", Methods}], <<"method_not_allowed">>, ?l2b("Only " ++ Methods ++ " allowed")). http://git-wip-us.apache.org/repos/asf/couchdb-couch/blob/8c4e947e/src/couch_httpd_csrf.erl -- diff --git a/src/couch_httpd_csrf.erl b/src/couch_httpd_csrf.erl deleted file mode 100644 index 10bb175..000 --- a/src/couch_httpd_csrf.erl +++ /dev/null @@ -1,223 +0,0 @@ -% Licensed under the Apache License, Version 2.0 (the "License"); you may not -% use this file except in compliance with the License. You may obtain a copy of -% the License at -% -% http://www.apache.org/licenses/LICENSE-2.0 -% -% Unless required by applicable law or agreed to in writing, software -% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -%
[1/3] couch commit: updated refs/heads/master to b8b9968
Repository: couchdb-couch Updated Branches: refs/heads/master 9aff2f663 -> b8b996832 Remove new CSRF mechanism Project: http://git-wip-us.apache.org/repos/asf/couchdb-couch/repo Commit: http://git-wip-us.apache.org/repos/asf/couchdb-couch/commit/ba33257c Tree: http://git-wip-us.apache.org/repos/asf/couchdb-couch/tree/ba33257c Diff: http://git-wip-us.apache.org/repos/asf/couchdb-couch/diff/ba33257c Branch: refs/heads/master Commit: ba33257c6c88140bc11ddda81980af9035030850 Parents: 9d4b0fe Author: Robert NewsonAuthored: Thu Sep 10 12:27:17 2015 +0100 Committer: Robert Newson Committed: Thu Sep 10 12:27:17 2015 +0100 -- src/couch_httpd.erl | 16 +-- src/couch_httpd_csrf.erl | 223 -- 2 files changed, 5 insertions(+), 234 deletions(-) -- http://git-wip-us.apache.org/repos/asf/couchdb-couch/blob/ba33257c/src/couch_httpd.erl -- diff --git a/src/couch_httpd.erl b/src/couch_httpd.erl index 720ea0a..eee1001 100644 --- a/src/couch_httpd.erl +++ b/src/couch_httpd.erl @@ -306,7 +306,6 @@ handle_request_int(MochiReq, DefaultFun, {ok, Resp} = try validate_host(HttpReq), -couch_httpd_csrf:validate(HttpReq), check_request_uri_length(RawUri), case couch_httpd_cors:is_preflight_request(HttpReq) of #httpd{} -> @@ -483,8 +482,7 @@ serve_file(#httpd{mochi_req=MochiReq}=Req, RelativePath, DocumentRoot, ++ couch_httpd_auth:cookie_auth_header(Req, []) ++ ExtraHeaders, ResponseHeaders1 = couch_httpd_cors:cors_headers(Req, ResponseHeaders), -ResponseHeaders2 = couch_httpd_csrf:headers(Req, ResponseHeaders1), -{ok, MochiReq:serve_file(RelativePath, DocumentRoot, ResponseHeaders2)}. +{ok, MochiReq:serve_file(RelativePath, DocumentRoot, ResponseHeaders1)}. qs_value(Req, Key) -> qs_value(Req, Key, undefined). @@ -656,8 +654,7 @@ start_response_length(#httpd{mochi_req=MochiReq}=Req, Code, Headers, Length) -> Headers1 = Headers ++ server_header() ++ couch_httpd_auth:cookie_auth_header(Req, Headers), Headers2 = couch_httpd_cors:cors_headers(Req, Headers1), -Headers3 = couch_httpd_csrf:headers(Req, Headers2), -Resp = MochiReq:start_response_length({Code, Headers3, Length}), +Resp = MochiReq:start_response_length({Code, Headers2, Length}), case MochiReq:get(method) of 'HEAD' -> throw({http_head_abort, Resp}); _ -> ok @@ -670,8 +667,7 @@ start_response(#httpd{mochi_req=MochiReq}=Req, Code, Headers) -> CookieHeader = couch_httpd_auth:cookie_auth_header(Req, Headers), Headers1 = Headers ++ server_header() ++ CookieHeader, Headers2 = couch_httpd_cors:cors_headers(Req, Headers1), -Headers3 = couch_httpd_csrf:headers(Req, Headers2), -Resp = MochiReq:start_response({Code, Headers3}), +Resp = MochiReq:start_response({Code, Headers2}), case MochiReq:get(method) of 'HEAD' -> throw({http_head_abort, Resp}); _ -> ok @@ -706,8 +702,7 @@ start_chunked_response(#httpd{mochi_req=MochiReq}=Req, Code, Headers) -> Headers2 = Headers1 ++ server_header() ++ couch_httpd_auth:cookie_auth_header(Req, Headers1), Headers3 = couch_httpd_cors:cors_headers(Req, Headers2), -Headers4 = couch_httpd_csrf:headers(Req, Headers3), -Resp = MochiReq:respond({Code, Headers4, chunked}), +Resp = MochiReq:respond({Code, Headers3, chunked}), case MochiReq:get(method) of 'HEAD' -> throw({http_head_abort, Resp}); _ -> ok @@ -738,9 +733,8 @@ send_response(#httpd{mochi_req=MochiReq}=Req, Code, Headers, Body) -> Headers2 = Headers1 ++ server_header() ++ couch_httpd_auth:cookie_auth_header(Req, Headers1), Headers3 = couch_httpd_cors:cors_headers(Req, Headers2), -Headers4 = couch_httpd_csrf:headers(Req, Headers3), -{ok, MochiReq:respond({Code, Headers4, Body})}. +{ok, MochiReq:respond({Code, Headers3, Body})}. send_method_not_allowed(Req, Methods) -> send_error(Req, 405, [{"Allow", Methods}], <<"method_not_allowed">>, ?l2b("Only " ++ Methods ++ " allowed")). http://git-wip-us.apache.org/repos/asf/couchdb-couch/blob/ba33257c/src/couch_httpd_csrf.erl -- diff --git a/src/couch_httpd_csrf.erl b/src/couch_httpd_csrf.erl deleted file mode 100644 index 10bb175..000 --- a/src/couch_httpd_csrf.erl +++ /dev/null @@ -1,223 +0,0 @@ -% Licensed under the Apache License, Version 2.0 (the "License"); you may not -% use this file except in compliance with the License. You may obtain a copy of -% the License at -% -% http://www.apache.org/licenses/LICENSE-2.0 -% -% Unless required by applicable law or agreed to in writing,
couchdb commit: updated refs/heads/master to dda4a5f
Repository: couchdb Updated Branches: refs/heads/master a84fcb2d9 -> dda4a5f22 Remove new CSRF mechanism Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/dda4a5f2 Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/dda4a5f2 Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/dda4a5f2 Branch: refs/heads/master Commit: dda4a5f220fa5d3c705b784c9bb1f1dbe776d724 Parents: a84fcb2 Author: Robert NewsonAuthored: Thu Sep 10 12:26:29 2015 +0100 Committer: Robert Newson Committed: Thu Sep 10 14:00:46 2015 +0100 -- dev/run | 7 +--- test/javascript/tests/csrf.js | 84 -- 2 files changed, 2 insertions(+), 89 deletions(-) -- http://git-wip-us.apache.org/repos/asf/couchdb/blob/dda4a5f2/dev/run -- diff --git a/dev/run b/dev/run index e519fa6..06c96be 100755 --- a/dev/run +++ b/dev/run @@ -30,7 +30,6 @@ import uuid from pbkdf2 import pbkdf2_hex COMMON_SALT = uuid.uuid4().hex -COMMON_CSRF_SECRET = uuid.uuid4().hex try: from urllib import urlopen @@ -259,11 +258,9 @@ def hack_local_ini(ctx, contents): previous_line = "; require_valid_user = false\n" contents = contents.replace(previous_line, previous_line + secret_line) -csrf_secret = '\n\n[csrf]\nsecret = %s\n' % COMMON_CSRF_SECRET - if ctx['with_admin_party']: ctx['admin'] = ('Admin Party!', 'You do not need any password.') -return contents + csrf_secret +return contents # handle admin credentials passed from cli or generate own one if ctx['admin'] is None: @@ -271,7 +268,7 @@ def hack_local_ini(ctx, contents): else: user, pswd = ctx['admin'] -return contents + "\n%s = %s" % (user, hashify(pswd)) + csrf_secret +return contents + "\n%s = %s" % (user, hashify(pswd)) def gen_password(): http://git-wip-us.apache.org/repos/asf/couchdb/blob/dda4a5f2/test/javascript/tests/csrf.js -- diff --git a/test/javascript/tests/csrf.js b/test/javascript/tests/csrf.js deleted file mode 100644 index e16e78b..000 --- a/test/javascript/tests/csrf.js +++ /dev/null @@ -1,84 +0,0 @@ -// Licensed under the Apache License, Version 2.0 (the "License"); you may not -// use this file except in compliance with the License. You may obtain a copy of -// the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -// License for the specific language governing permissions and limitations under -// the License. - -couchTests.csrf = function(debug) { - var db = new CouchDB("test_suite_db", {"X-Couch-Full-Commit":"false"}); - db.deleteDb(); - db.createDb(); - - if (debug) debugger; - - // Handy function to cause CouchDB to delete the CSRF cookie - var deleteCsrf = function() { -var xhr = CouchDB.request("POST", "/_session", { - body: 'name=foo=bar', - headers: {'X-CouchDB-CSRF': 'foo', -'Content-Type': 'application/x-www-form-urlencoded', -'Cookie': 'CouchDB-CSRF=foo'}}); -TEquals(403, xhr.status); - }; - - var testFun = function () { - // Shouldn't receive header if we didn't ask for it - var xhr = CouchDB.request("GET", "/"); - TEquals(null, xhr.getResponseHeader("X-CouchDB-CSRF-Valid"), "Didn't ask for CSRF"); - TEquals(200, xhr.status); - - // Matching but invalid cookie/header should 403 - xhr = CouchDB.request("POST", "/_session", { -body: 'name=foo=bar', -headers: {'X-CouchDB-CSRF': 'foo', - 'Content-Type': 'application/x-www-form-urlencoded', - 'Cookie': 'CouchDB-CSRF=foo'}}); - TEquals(403, xhr.status); - TEquals(null, xhr.getResponseHeader("X-CouchDB-CSRF-Valid"), "We sent invalid cookie and header"); - - // Can I acquire a CouchDB-CSRF cookie? - xhr = CouchDB.request("GET", "/", {headers: {'X-CouchDB-CSRF': 'true'}}); - var cookie = xhr.getResponseHeader("Set-Cookie").match('^CouchDB-CSRF=([^;]+)'); - T(cookie, "Should receive cookie"); - - // If I have a cookie, do I get a 403 if I don't send the header? - xhr = CouchDB.request("POST", "/_session", {body: 'name=foo=bar', - headers: {'Content-Type': -
fauxton commit: updated refs/heads/master to 227e68b
Repository: couchdb-fauxton Updated Branches: refs/heads/master 8cd744acb -> 227e68bc4 increase timeout for notifications We might redefine the way notifications work in the future, but it might be also vaporware, so I'm fixing the timeout for the near future. This closes COUCHDB-2692 PR: #516 PR-URL: https://github.com/apache/couchdb-fauxton/pull/516 Reviewed-By: garren smithProject: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/repo Commit: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/commit/227e68bc Tree: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/tree/227e68bc Diff: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/diff/227e68bc Branch: refs/heads/master Commit: 227e68bc49d65fc7f5ef210bb98e774ee9694006 Parents: 8cd744a Author: Robert Kowalski Authored: Tue Sep 8 11:22:11 2015 +0200 Committer: Robert Kowalski Committed: Thu Sep 10 16:09:56 2015 +0200 -- app/addons/fauxton/base.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/blob/227e68bc/app/addons/fauxton/base.js -- diff --git a/app/addons/fauxton/base.js b/app/addons/fauxton/base.js index db82062..88b5e53 100644 --- a/app/addons/fauxton/base.js +++ b/app/addons/fauxton/base.js @@ -104,7 +104,7 @@ function (app, FauxtonAPI, Components, NavbarReactComponents, NavigationActions, }); Fauxton.Notification = FauxtonAPI.View.extend({ -animationTimer: 5000, +animationTimer: 8000, id: 'global-notification-id', events: { 'click .js-dismiss': 'onClickRemoveWithAnimation'
fauxton commit: updated refs/heads/master to 24953b2
Repository: couchdb-fauxton Updated Branches: refs/heads/master 227e68bc4 -> 24953b293 use FauxtonAPI.url helper covered by the attachment selenium test PR: #520 PR-URL: https://github.com/apache/couchdb-fauxton/pull/520 Reviewed-By: Michelle PhungProject: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/repo Commit: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/commit/24953b29 Tree: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/tree/24953b29 Diff: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/diff/24953b29 Branch: refs/heads/master Commit: 24953b29308682a9832870a9f33a1ad983ff5ca1 Parents: 227e68b Author: Robert Kowalski Authored: Thu Sep 10 17:51:23 2015 +0200 Committer: Robert Kowalski Committed: Thu Sep 10 19:10:26 2015 +0200 -- app/addons/documents/base.js | 6 +- app/addons/documents/doc-editor/actions.js | 6 +- 2 files changed, 10 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/blob/24953b29/app/addons/documents/base.js -- diff --git a/app/addons/documents/base.js b/app/addons/documents/base.js index ba4a892..6a76eb1 100644 --- a/app/addons/documents/base.js +++ b/app/addons/documents/base.js @@ -69,11 +69,15 @@ function (app, FauxtonAPI, Documents) { } }); - FauxtonAPI.registerUrls( 'document', { + FauxtonAPI.registerUrls('document', { server: function (database, doc) { return app.host + '/' + database + '/' + doc; }, +attachment: function (database, doc, filename, query) { + return app.host + '/' + database + '/' + doc + '/' + filename + query; +}, + app: function (database, doc) { return '/database/' + database + '/' + doc; }, http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/blob/24953b29/app/addons/documents/doc-editor/actions.js -- diff --git a/app/addons/documents/doc-editor/actions.js b/app/addons/documents/doc-editor/actions.js index 04fc4a9..3d41d0d 100644 --- a/app/addons/documents/doc-editor/actions.js +++ b/app/addons/documents/doc-editor/actions.js @@ -141,9 +141,13 @@ function (app, FauxtonAPI, ActionTypes) { // store the xhr in parent scope to allow us to cancel any uploads if the user closes the modal xhr = $.ajaxSettings.xhr(); +var query = '?rev=' + params.rev; +var db = params.doc.getDatabase().safeID(); +var docId = params.doc.safeID(); var file = params.files[0]; + $.ajax({ - url: params.doc.url() + '/' + file.name + '?rev=' + params.rev, + url: FauxtonAPI.urls('document', 'attachment', db, docId, file.name, query), type: 'PUT', data: file, contentType: file.type,
couchdb-mango git commit: Shorten tests
Repository: couchdb-mango Updated Branches: refs/heads/2787-modify-testcases 2793b9f50 -> 87bde010f Shorten tests COUCHDB-2787 Project: http://git-wip-us.apache.org/repos/asf/couchdb-mango/repo Commit: http://git-wip-us.apache.org/repos/asf/couchdb-mango/commit/87bde010 Tree: http://git-wip-us.apache.org/repos/asf/couchdb-mango/tree/87bde010 Diff: http://git-wip-us.apache.org/repos/asf/couchdb-mango/diff/87bde010 Branch: refs/heads/2787-modify-testcases Commit: 87bde010f80719c91ff8ae3fbbe2ec984acb77be Parents: 2793b9f Author: Tony SunAuthored: Thu Sep 10 11:34:45 2015 -0700 Committer: Tony Sun Committed: Thu Sep 10 11:34:45 2015 -0700 -- test/06-basic-text-test.py | 50 - 1 file changed, 14 insertions(+), 36 deletions(-) -- http://git-wip-us.apache.org/repos/asf/couchdb-mango/blob/87bde010/test/06-basic-text-test.py -- diff --git a/test/06-basic-text-test.py b/test/06-basic-text-test.py index 53e9159..8ed09f9 100644 --- a/test/06-basic-text-test.py +++ b/test/06-basic-text-test.py @@ -14,9 +14,9 @@ import json import mango import unittest import user_docs -import copy +import math import num_string_docs -from hypothesis import given, assume +from hypothesis import given, assume, example import hypothesis.strategies as st @unittest.skipIf(mango.has_text_service(), "text service exists") @@ -567,43 +567,21 @@ class NumStringTests(mango.DbPerClass): klass.db.recreate() klass.db.create_text_index() -def test_nan_val(self): -doc = {"number_NaN": "NaN"} -self.db.save_doc(doc) -q = {"$text": "NaN"} -docs = self.db.find(q) -print docs -assert docs[0]["number_NaN"] == "NaN" - -def test_infinity_val(self): -doc = {"number_Infinity": "Infinity"} -self.db.save_doc(doc) -q = {"$text": "Infinity"} -docs = self.db.find(q) -assert docs[0]["number_Infinity"] == "Infinity" - -@given(float_point_string=st.floats().map(str)) -def test_floating_point_val(self,float_point_string): -assume(float_point_string!="nan") -doc = {"number_string": float_point_string} -self.db.save_doc(doc) -q = {"$text": float_point_string} -docs = self.db.find(q) -if len(docs) == 1: -assert docs[0]["number_string"] == float_point_string -if len(docs) == 2: -if docs[0]["number_string"] != float_point_string: -assert docs[1]["number_string"] == float_point_string +# not available for python 2.7.x +def isFinite(num): +not (math.isinf(num) or math.isnan(num)) -@given(f=st.floats()) +@given(f=st.floats().filter(isFinite).map(str) +| st.floats().map(lambda f: f.hex())) +@example('NaN') +@example('Infinity') def test_floating_point_val(self,f): -hex_float_point_string = f.hex() -doc = {"number_string": hex_float_point_string} +doc = {"number_string": f} self.db.save_doc(doc) -q = {"$text": hex_float_point_string} +q = {"$text": f} docs = self.db.find(q) if len(docs) == 1: -assert docs[0]["number_string"] == hex_float_point_string +assert docs[0]["number_string"] == f if len(docs) == 2: -if docs[0]["number_string"] != hex_float_point_string: -assert docs[1]["number_string"] == hex_float_point_string +if docs[0]["number_string"] != f: +assert docs[1]["number_string"] == f
couchdb-mango git commit: Remove num_string_docs references
Repository: couchdb-mango Updated Branches: refs/heads/2787-modify-testcases 87bde010f -> 6b0ab626c Remove num_string_docs references COUCHDB-2787 Project: http://git-wip-us.apache.org/repos/asf/couchdb-mango/repo Commit: http://git-wip-us.apache.org/repos/asf/couchdb-mango/commit/6b0ab626 Tree: http://git-wip-us.apache.org/repos/asf/couchdb-mango/tree/6b0ab626 Diff: http://git-wip-us.apache.org/repos/asf/couchdb-mango/diff/6b0ab626 Branch: refs/heads/2787-modify-testcases Commit: 6b0ab626cbe0a6f6bbef200579caafb6b7554f59 Parents: 87bde01 Author: Tony SunAuthored: Thu Sep 10 14:33:15 2015 -0700 Committer: Tony Sun Committed: Thu Sep 10 14:33:15 2015 -0700 -- test/06-basic-text-test.py | 1 - test/mango.py | 9 - 2 files changed, 10 deletions(-) -- http://git-wip-us.apache.org/repos/asf/couchdb-mango/blob/6b0ab626/test/06-basic-text-test.py -- diff --git a/test/06-basic-text-test.py b/test/06-basic-text-test.py index 8ed09f9..493befc 100644 --- a/test/06-basic-text-test.py +++ b/test/06-basic-text-test.py @@ -15,7 +15,6 @@ import mango import unittest import user_docs import math -import num_string_docs from hypothesis import given, assume, example import hypothesis.strategies as st http://git-wip-us.apache.org/repos/asf/couchdb-mango/blob/6b0ab626/test/mango.py -- diff --git a/test/mango.py b/test/mango.py index 0487557..5ca8367 100644 --- a/test/mango.py +++ b/test/mango.py @@ -21,7 +21,6 @@ import requests import friend_docs import user_docs import limit_docs -import num_string_docs def random_db_name(): @@ -242,11 +241,3 @@ class LimitDocsTextTests(DbPerClass): super(LimitDocsTextTests, klass).setUpClass() if has_text_service(): limit_docs.setup(klass.db, index_type="text") - -class NumStringDocsTextTests(DbPerClass): - -@classmethod -def setUpClass(klass): -super(NumStringDocsTextTests, klass).setUpClass() -if has_text_service(): -num_string_docs.setup(klass.db, index_type="text")
couchdb-mango git commit: Start couchdb with testuser
Repository: couchdb-mango Updated Branches: refs/heads/2787-modify-testcases 6b0ab626c -> 97670f3d7 Start couchdb with testuser COUCHDB-2787 Project: http://git-wip-us.apache.org/repos/asf/couchdb-mango/repo Commit: http://git-wip-us.apache.org/repos/asf/couchdb-mango/commit/97670f3d Tree: http://git-wip-us.apache.org/repos/asf/couchdb-mango/tree/97670f3d Diff: http://git-wip-us.apache.org/repos/asf/couchdb-mango/diff/97670f3d Branch: refs/heads/2787-modify-testcases Commit: 97670f3d79b67efb4fac252e6139ce161099ab45 Parents: 6b0ab62 Author: Tony SunAuthored: Thu Sep 10 23:01:04 2015 -0700 Committer: Tony Sun Committed: Thu Sep 10 23:01:04 2015 -0700 -- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/couchdb-mango/blob/97670f3d/.travis.yml -- diff --git a/.travis.yml b/.travis.yml index 04fdb33..2c6b2f0 100644 --- a/.travis.yml +++ b/.travis.yml @@ -9,7 +9,7 @@ before_install: - cp -R ../src ./src/mango - make - cd .. - - couchdb/dev/run -n 1 --with-admin-party-please & + - couchdb/dev/run -n 1 --admin=testuser:testpass & - sleep 10 before_script:
[2/2] couchdb-setup git commit: fix badarg error
fix badarg error Project: http://git-wip-us.apache.org/repos/asf/couchdb-setup/repo Commit: http://git-wip-us.apache.org/repos/asf/couchdb-setup/commit/20ac682c Tree: http://git-wip-us.apache.org/repos/asf/couchdb-setup/tree/20ac682c Diff: http://git-wip-us.apache.org/repos/asf/couchdb-setup/diff/20ac682c Branch: refs/heads/wizard-admin.party Commit: 20ac682c00d9ef5039c31370b2784067f19da070 Parents: 2d3da67 Author: Robert KowalskiAuthored: Thu Sep 10 21:08:39 2015 +0200 Committer: Robert Kowalski Committed: Thu Sep 10 21:08:39 2015 +0200 -- src/setup.erl | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/couchdb-setup/blob/20ac682c/src/setup.erl -- diff --git a/src/setup.erl b/src/setup.erl index aa2da56..91c7ed3 100644 --- a/src/setup.erl +++ b/src/setup.erl @@ -147,8 +147,10 @@ enable_cluster_int(Options, no) -> case Port of undefined -> ok; -Port -> -config:set("httpd", "port", integer_to_list(Port)) +Port when is_binary(Port) -> +config:set("httpd", "port", binary_to_list(Port)); +Port when is_integer(Port) -> +config:set_integer("httpd", "port", Port) end, couch_log:notice("Enable Cluster: ~p~n", [Options]). %cluster_state:set(enabled).
[1/2] couchdb-setup git commit: fix enable_cluster_http for admin-party clusters
Repository: couchdb-setup Updated Branches: refs/heads/wizard-admin.party [created] 20ac682c0 fix enable_cluster_http for admin-party clusters Project: http://git-wip-us.apache.org/repos/asf/couchdb-setup/repo Commit: http://git-wip-us.apache.org/repos/asf/couchdb-setup/commit/2d3da674 Tree: http://git-wip-us.apache.org/repos/asf/couchdb-setup/tree/2d3da674 Diff: http://git-wip-us.apache.org/repos/asf/couchdb-setup/diff/2d3da674 Branch: refs/heads/wizard-admin.party Commit: 2d3da67489212ee9fdfc1f512a5f7e4b71114cca Parents: ff19be1 Author: Robert KowalskiAuthored: Fri Jul 31 17:04:23 2015 +0200 Committer: Robert Kowalski Committed: Thu Sep 10 20:36:00 2015 +0200 -- src/setup.erl | 21 +++- test/t-admin-party.sh | 60 ++ 2 files changed, 75 insertions(+), 6 deletions(-) -- http://git-wip-us.apache.org/repos/asf/couchdb-setup/blob/2d3da674/src/setup.erl -- diff --git a/src/setup.erl b/src/setup.erl index 2118349..aa2da56 100644 --- a/src/setup.erl +++ b/src/setup.erl @@ -69,14 +69,23 @@ enable_cluster(Options) -> enable_cluster_http(Options) end. +get_remote_request_options(Options) -> +case couch_util:get_value(remote_current_user, Options, undefined) of +undefined -> +[]; +_ -> +[ +{basic_auth, { +binary_to_list(couch_util:get_value(remote_current_user, Options)), + binary_to_list(couch_util:get_value(remote_current_password, Options)) +}} +] +end. + enable_cluster_http(Options) -> % POST to nodeB/_setup -RequestOptions = [ -{basic_auth, { -binary_to_list(couch_util:get_value(remote_current_user, Options)), -binary_to_list(couch_util:get_value(remote_current_password, Options)) -}} -], + +RequestOptions = get_remote_request_options(Options), Body = ?JSON_ENCODE({[ {<<"action">>, <<"enable_cluster">>}, http://git-wip-us.apache.org/repos/asf/couchdb-setup/blob/2d3da674/test/t-admin-party.sh -- diff --git a/test/t-admin-party.sh b/test/t-admin-party.sh new file mode 100755 index 000..3c94917 --- /dev/null +++ b/test/t-admin-party.sh @@ -0,0 +1,60 @@ +#!/bin/sh -ex +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy of +# the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under +# the License. + +HEADERS="-HContent-Type:application/json" +# show cluster state: +curl 127.0.0.1:15986/_nodes/_all_docs + +# Enable Cluster on node A +curl 127.0.0.1:15984/_cluster_setup -d '{"action":"enable_cluster","username":"a","password":"b","bind_address":"0.0.0.0"}' $HEADERS + +# Add node B on node A +curl a:b@127.0.0.1:15984/_cluster_setup -d '{"action":"add_node","username":"a","password":"b","host":"127.0.0.1","port":25984}' $HEADERS + +# Enable Cluster on node B +curl a:b@127.0.0.1:15984/_cluster_setup -d '{"action":"enable_cluster","remote_node":"127.0.0.1","port":"25984","username":"a","password":"b","bind_address":"0.0.0.0"}' $HEADERS + +# Show cluster state: +curl a:b@127.0.0.1:15986/_nodes/_all_docs + +# Show db doesnât exist on node A +curl a:b@127.0.0.1:15984/foo + +# Show db doesnât exist on node B +curl a:b@127.0.0.1:25984/foo + +# Create database (on node A) +curl -X PUT a:b@127.0.0.1:15984/foo + +# Show db does exist on node A +curl a:b@127.0.0.1:15984/foo + +# Show db does exist on node B +curl a:b@127.0.0.1:25984/foo + +# Finish cluster +curl a:b@127.0.0.1:15984/_cluster_setup -d '{"action":"finish_cluster"}' $HEADERS + +# Show system dbs exist on node A +curl a:b@127.0.0.1:15984/_users +curl a:b@127.0.0.1:15984/_replicator +curl a:b@127.0.0.1:15984/_metadata +curl a:b@127.0.0.1:15984/_global_changes + +# Show system dbs exist on node B +curl a:b@127.0.0.1:25984/_users +curl a:b@127.0.0.1:25984/_replicator +curl a:b@127.0.0.1:25984/_metadata +curl a:b@127.0.0.1:25984/_global_changes + +echo "YAY ALL GOOD"
fauxton commit: updated refs/heads/master to ae91c75
Repository: couchdb-fauxton Updated Branches: refs/heads/master 24953b293 -> ae91c75e6 Remove unused template; flexbox CSS tweaks; mixins added Just a few small clean-up tasks. This removes an unused template, improves the flex CSS to make it more usable elsewhere including moving the key rules to mixins. Project: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/repo Commit: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/commit/ae91c75e Tree: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/tree/ae91c75e Diff: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/diff/ae91c75e Branch: refs/heads/master Commit: ae91c75e6672c214a4f2a98377791d13fa714f83 Parents: 24953b2 Author: Ben KeenAuthored: Tue Sep 8 16:31:34 2015 -0700 Committer: Ben Keen Committed: Thu Sep 10 13:56:43 2015 -0700 -- .../compaction/assets/less/compaction.less | 2 +- app/templates/layouts/with_tabs.html| 25 -- app/templates/layouts/with_tabs_sidebar.html| 4 +-- assets/less/layouts.less| 36 assets/less/mixins.less | 20 +++ 5 files changed, 37 insertions(+), 50 deletions(-) -- http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/blob/ae91c75e/app/addons/compaction/assets/less/compaction.less -- diff --git a/app/addons/compaction/assets/less/compaction.less b/app/addons/compaction/assets/less/compaction.less index 5344989..4083c6a 100644 --- a/app/addons/compaction/assets/less/compaction.less +++ b/app/addons/compaction/assets/less/compaction.less @@ -19,6 +19,6 @@ padding: 10px; } -#dashboard.flexbox-layout #dashboard-content .compaction-page { +#dashboard-content.flex-layout .compaction-page { padding: @panelPadding; } http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/blob/ae91c75e/app/templates/layouts/with_tabs.html -- diff --git a/app/templates/layouts/with_tabs.html b/app/templates/layouts/with_tabs.html deleted file mode 100644 index 94cf801..000 --- a/app/templates/layouts/with_tabs.html +++ /dev/null @@ -1,25 +0,0 @@ - - - - - - - - - - - - - http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/blob/ae91c75e/app/templates/layouts/with_tabs_sidebar.html -- diff --git a/app/templates/layouts/with_tabs_sidebar.html b/app/templates/layouts/with_tabs_sidebar.html index e0cff3e..4e16359 100644 --- a/app/templates/layouts/with_tabs_sidebar.html +++ b/app/templates/layouts/with_tabs_sidebar.html @@ -12,7 +12,7 @@ License for the specific language governing permissions and limitations under the License. */%> - + @@ -26,7 +26,7 @@ the License. - + http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/blob/ae91c75e/assets/less/layouts.less -- diff --git a/assets/less/layouts.less b/assets/less/layouts.less index 33b2af9..2321f16 100644 --- a/assets/less/layouts.less +++ b/assets/less/layouts.less @@ -1,16 +1,17 @@ @import "variables.less"; +@import "mixins.less"; -/* new flex layout for templates */ +/* new flex layout for templates. "body #dashboard" needed for specificity: will remove at end */ +body #dashboard .flex-layout { + .display-flex(); -#dashboard.flexbox-layout #dashboard-content { - display: -webkit-flex; - display: -ms-flexbox; - display: flex; - - -webkit-flex-direction: column; - -ms-flex-direction: column; - flex-direction: column; + &.flex-cols { +.flex-direction(column); + } + &.flex-rows { +.flex-direction(row); + } /* overrides */ padding: 0; @@ -21,35 +22,26 @@ /* always default all child elements as flex items */ &>* { --webkit-flex: 1; --ms-flex: 1; -flex: 1; +.flex(1); } /* notice we don't set heights. Flex will expand to fill the content but no more */ #dashboard-upper-content { --webkit-flex: 0 0 auto; --ms-flex: 0 0 auto; -flex: 0 0 auto; +.flex(0 0 auto); } - #dashboard-lower-content { padding: @panelPadding; } #footer { --webkit-flex: 0 0 auto; --ms-flex: 0 0 auto; -flex: 0 0 auto; +.flex(0 0 auto); } } /* can be added to any element in a display:flex element that you want to act as the main body. It expands to the available space and shows a scrollbar */ .flex-body { - -webkit-flex: 1; - -ms-flex: 1; - flex: 1; + .flex(1); overflow: auto; } http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/blob/ae91c75e/assets/less/mixins.less