Channels synch not working with Basic Auth in Couchbase Mobile Lite


#1

Hi,

I am able to synch data based on channels name with guest access, But when i use Basic Auth, it is not synching channels. can you please help on this.

Here is my synch config file.

{
    "log": ["*"],
    "databases": {
        "costalerts": {
            "server": "http://localhost:8091",
            "bucket": "costalerts",
            "username": "user1",
            "password": "user1@123",
            "enable_shared_bucket_access": true,
            "import_docs": "continuous",
            "num_index_replicas": 0,
            "users": { "hey": { "disabled": false, "password" : "Hey#123", "admin_channels": ["*"] }
                    },
            "sync": `function (doc, oldDoc) {
                
                            access (user1, doc.channels);      
                            channel (doc.channel_name);          
            }`
        }
    }
}

#2

@itssrinadh,
Can you use users in this format in sync gateway config and see if it works?
“users”: {
“abc”: {“password”: “Hey#123”, “admin_channels”: [“abc”]},
}
Replace users part with this in sync gateway config. You can replace ‘abc’ with the user you want to login.
When you login , you can use abc/Hey#123 as credentials.


#3

I am not sure of the objective here. “user1” corresponds to the RBAC credentials that the Sync Gateway uses to connect to Couchbase Server. This is not the same as the Sync Gateway user thats defined within “users”. You should be providing channel access to the Sync Gateway users.

You have provided “hey” with access to all channels. So what is the point of the sync function where you are controlling channel access?

I would recommend that you review this example that discusses the basics of Sync Gateway configuration setup .


#4

I worked around what you said But no luck.
Please see following attachments

synch config:

{
    "log": ["*"],
    "databases": {
        "alerts": {
            "server": "http://localhost:8091",
            "bucket": "alerts",
            "username": "admin",
            "password": "admin123",
            "enable_shared_bucket_access": true,
            "import_docs": "continuous",
            "num_index_replicas": 0,
            "users": { 
                       "king": { "disabled": false, "password" : "king123", "admin_channels": ["*"] }
                    }
        }
    }
}

Couchbase record:

Admin permissions from curl

curl http://localhost:4985/costalerts/_user/osi

{"name":"king","admin_channels":["*"],"all_channels":["!","*"]}

#5

@itssrinadh It looks like your user is set up as expected (i.e. they’ve been granted the * channel). What operation isn’t working as expected when authenticating as that user? Can you provide sample output (curl request, log output, etc) for the failing operation?


#6
Here i requesting channels from my mobile lite and here i am not getting any records. if i turn off channels code. i am getting all the data.
let url = URL(string: AppURLs.kCouchbaseURL)!
        let target = URLEndpoint(url: url)
        let config = ReplicatorConfiguration(database: database!, target: target)
        config.replicatorType = type
        config.allowReplicatingInBackground = true
        print("Store ID \(StoreDetails.shared.storeID ?? "No Store ID")")
        if let storeid = StoreDetails.shared.storeID{
           config.channels = [storeid]
        }
        config.continuous = true
        config.authenticator = BasicAuthenticator(username: CBConstants.kUsername, password: CBConstants.kPassword)
        self.replicator = Replicator(config: config)
        self.replicator?.resetCheckpoint()
        self.replicator?.start()

#7

The info you’re showing us isn’t consistent. Sometimes the dB is named “alerts”, sometimes it’s “costalerts”. There are 3 or 4 different user names shown. In your latest message you didn’t say what the actual user name or channel ID are.

If you’re not clear in how you describe the problem, we can’t help you. Look at what you’re providing and pretend to be someone who doesn’t know the situation, and ask yourself if you’d have the relevant information.


#8

@jens I am sorry for confusing you.

Actually I changed my user name here because of security issues. Please consider following and live synch config file.

Channel is 1000023
Here is my original synch gateway.

Couchbase SynchGateway

{
    "log": ["*"],
    "databases": {
        "costalerts": {
            "server": "http://localhost:8091",
            "bucket": "costalerts",
            "username": "admin",
            "password": "admin@123",
            "enable_shared_bucket_access": true,
            "import_docs": "continuous",
            "users": { "osi": { "disabled": false, "password" : "Aug#2018", "admin_channels": ["*"] }
                    }
        }
    }
}

#9

In the screenshot you posted of the document, it doesn’t look like it’s in any channels … the channels metadata property contains only nulls. (@adamf, is that correct? Or have I forgotten how the metadata works?)

Are you using the default sync function? In that case the document should get assigned to the channel. But in your first post in the thread, you showed a sync function that wouldn’t work with this document.


#10

I agree that it doesn’t look like the document is being assigned to any channels. If the user has star channel access they would still have access to the document in question, but if there’s a channel filter being applied to the replication, that wouldn’t pick up a document that doesn’t reside in any channels.

You might consider going about things one step at a time. You verified that you were able to replicate the document with guest access. The next step would be to validate the same while authenticating as the user with star channel access - that would validate that your user is set up properly, and you’re configuring the replication properly for that user. Once that works, you could look into adding replication filter. That would make it easier to pinpoint that document channel access is the problem.


#11

Thank you, Now it is wroking fine.