Not able channel the document properly


#1

My config file is

{
“log”: [“CRUD”, “REST+”, “Access”],
“CORS”: {
“Origin”:[""],
“LoginOrigin”:["
"],
“Headers”:[“Content-Type”],
“MaxAge”: 1728000
},
“adminInterface”:":4985",
“databases”: {
“mydb”: {
“users”: {
“GUEST”: {“disabled”: false, “admin_channels”: ["*"]}
},
“server”: “http://192.168.3.134:8091”,
“sync”: function (doc, oldDoc) { if (doc.type == "ticket") { channel("ticket-"+doc._id); var ownerName = doc.owner.substring(doc.owner.indexOf(":") + 1); log(doc.owner); log(doc._id); log(ownerName); access(doc.owner, "ticket-"+doc._id); } }
}
}
}

With this configuration i am expecting only the document owner should be able to access the documents that they created, but it is syncing all the document all the user.

Please help to fix this issue

Thanks & Regards
Shiv


#2

This is the log i am getting after creating the document. PLEASE check invalidate message, is this a cause ??

2015-10-09T20:01:48.912+05:30 HTTP: #054: PUT /mydb/_local/38ad959195dcd00ebc8d155966241dbd839d8b53
2015-10-09T20:01:51.242+05:30 HTTP: #055: PUT /mydb/_local/302a6f988935c94afc65ce3afec9f6bc9ac5e5b4
2015-10-09T20:01:55.827+05:30 HTTP: #056: POST /mydb/_revs_diff
2015-10-09T20:01:55.852+05:30 HTTP: #057: POST /mydb/_bulk_docs
2015/10/09 20:01:55 JS: cust1
2015/10/09 20:01:55 JS: cust1-ticketGruAr
2015/10/09 20:01:55 JS: cust1
2015-10-09T20:01:55.853+05:30 CRUD: Doc “cust1-ticketGruAr” in channels "{ticket-cust1-ticketGruAr}"
2015-10-09T20:01:55.853+05:30 Access: Doc “cust1-ticketGruAr” grants channel access: map[cust1:ticket-cust1-ticketGruAr:26]
2015-10-09T20:01:55.853+05:30 CRUD: Stored doc “cust1-ticketGruAr” / "1-83517ae6340ed8093c42c6a5e45a64fb"
2015-10-09T20:01:55.853+05:30 Access: Rev “cust1-ticketGruAr”/“1-83517ae6340ed8093c42c6a5e45a64fb” invalidates channels of [cust1]
2015-10-09T20:01:55.854+05:30 Access: Invalidate access of “cust1”


#3

try disabling the GUEST user account in the sync gateway config

"GUEST": {"disabled": true}

#4

Your sync function gives guest access to all channels, so all users can see all documents.


#5

Thanks Jens, even after removing its a same result !!!


#6

Sorry Andy…


#7

Thanks Andy and Jen, even after removing its a same result


#8

Now it says … 401 Login required.

Before creating document, i am calling rest api in my application and authenticating user.


#9

Did you create any user accounts in your config file or using the gateway’s admin API?


#10

I have created some users using the gateway admin.
Before doing replication in mobile app and calling rest api to authenticate user, which is working properly.

Do i need to set any cookies after successful authentication ?


#11

I have set the cookie as per the requirement, still facing the same problem

Following steps i am doing in my app server api which i call on login

def cblogin():
    if flask.request.method == 'POST':
        password = None
        if flask.request.json and 'name' in flask.request.json:
            userName = flask.request.json['name']
            if 'password' in flask.request.json:
                password = flask.request.json['password']
            else:
                return flask.Response(
                    json.dumps({"status": "error", "msg": "UnAuthorized ,Please enter Correct Password"}), 200,
                    [("Content-Type", "application/json"),
                     ('Cache-Control', 'private, max-age=0, no-cache, no-store')])
            userQuery = {"name": userName, "password": password}
            resp = requests.post("http://192.168.0.128:4984/mydb/_session",json.dumps(userQuery))
            if (resp.status_code == 200):
                resp2 = requests.post("http://192.168.0.128:4985/mydb/_session",json.dumps({"name":userQuery["name"]}))
                if resp2.status_code == 200:
                    resp2Dict = json.loads(resp2.text)
                    session_id = resp2Dict['session_id']
                    cookie_name = resp2Dict['cookie_name']
                    expires = resp2Dict['expires']
                    return flask.Response(
                        json.dumps(
                            {
                                "status":"ok",
                                "msg":"Login successful"
                            }
                        ),
                        200,
                        [
                            ("Content-Type", "application/json"),
                            ('Cache-Control', 'private, max-age=0, no-cache, no-store'),
                            ('Set-Cookie',""+cookie_name+"="+session_id+";")
                        ]
                    )
    return  flask.Response({})

Above code is working fine and i could able to set the session. But, when i sych from mobile it say unauthorized user on sync gateway


#12

The client’s replicator doesn’t necessarily use the same cookie store as the REST API you’re calling in the app. (It depends on the platform — you haven’t said which platform it is.) If you get a cookie using a REST API, you need to tell the Replication object to use that cookie.

The app server code you’ve posted isn’t doing anything useful. It just makes a POST to /db/_session, which the app itself could make directly without the need for an app server.

Also, it isn’t necessary to authenticate this way. It would be much easier for your app to just authenticate the Replication object with the username and password directly.