...
Create a new Admin user
For example, creating a system admin with "annaadmin" as the username and "secretadminpass" as the password.
No Format > HOST="http://127.0.0.1:5984" > curl -X PUT $HOST/_config/admins/annaadmin -d '"secretadminpass"' ""
System admin is allowed to do anything to a CouchDB installation.
Confirm that the new system admin has been created successfully
Without credentials
No Format > curl -X PUT $HOST/somedatabaseyourdatabase {"error":"unauthorized","reason":"You are not a server admin."}
With credentials
No Format > HOST="http://anna:secret@127.0.0.1:5984" > curl -X PUT $HOST/somedatabase {"ok":true}/yourdatabase {"ok":true}
Create a new database user
For example, creating a user "test" with password "pass1"
No Format curl -X PUT http://localhost:5984/_users/org.couchdb.user:jan \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -d '{"name": "test", "password": "pass1", "roles": [], "type": "user"}'
NB: Passwords for existing databases can be changed.
Check where the new database user exists
Request
No Format curl -X POST http://localhost:5984/_session -d 'name=test&password=pass1'
Correct Response
No Format {"ok":true,"name":"test","roles":[]}
Assign the new user to your database (Authorization)
This is done by creating authorization rules. These rules are set up by a server admin and can be modified at any time.For Example, assigning yourdatabase "test" admin and member privilege
No Format > curl -X PUT http://localhost:5984/yourdatabase/_security \ -u admin:adminpass \ -H "Content-Type: application/json" \ -d '{"admins": { "names": ["test"], "roles": [] }, "members": { "names": ["test"], "roles": [] } }'
→ If both the names and roles fields of either the admins or members properties are emptyarrays, it means the database has no admins or members.
→ Having no admins, onlyserver admins (with the reserved
_admin
role) are able to update design document and make other admin level changes.→ Having no members, any user can write regular documents (any non-design document) and read documents from the database.
→ If there are any member names or roles defined for a database, then only authenticated users having a matching name or role are allowed to read documents from the database.
→ For complex scenarios, use roles i.e. update database users to have roles and assign these roles to your database.
Confirm that authorization rules have been updated
Request
No Format curl -X GET -u test:pass1 http://localhost:5984/yourdatabase/_security
Correct Response
No Format {"admins":{"names":["test"],"roles":[]},"members":{"names":["test"],"roles":[]}}
In opensrp-client update AllConstants.CloudantSync.class
Code Block language java public static class CloudantSync { ... public static final String COUCH_DATABASE_NAME = "yourdatabase"; public static final String COUCH_DATABASE_USER = "test"; public static final String COUCH_DATABASE_PASS = "pass1"; }
NB: Committing this file after adding your credentials will be a big security risk since the database can be accessed on the browser the the port is open.
- Test your application
To restrict browser access, you can configure [couch_httpd_auth] with require_valid_user:true in couchdb local.ini file although this is not required.
References: