couchdb gives HTTP 500, when oauth token secret is unknown

Bug #446490 reported by Chad Miller on 2009-10-08
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
CouchDB
Confirmed
Undecided
Chad Miller
Ubuntu One Servers
Low
Chad Miller
desktopcouch
Low
Chad Miller

Bug Description

Couchdb doesn't handle oauth token secrets being unknown, and when one is sent the server responds with HTTP 500, instead of HTTP 403.

http://issues.apache.org/jira/browse/COUCHDB-522

Chad Miller (cmiller) on 2009-10-08
Changed in ubuntuone-servers:
status: New → Triaged
importance: Undecided → Low
assignee: nobody → Chad Miller (cmiller)
Changed in couchdb:
assignee: nobody → Chad Miller (cmiller)
Chad Miller (cmiller) wrote :

Searchable exception text:

[Thu, 08 Oct 2009 14:44:19 GMT] [info] [<0.1103.24>] Stacktrace: [{oauth_uri,encode,[undefined,[]]},
             {oauth_uri,'-calate/2-lc$^0/1-0-',1},
             {oauth_uri,'-calate/2-lc$^0/1-0-',1},
             {oauth_uri,calate,2},
             {oauth_hmac_sha1,signature,3},
             {oauth_hmac_sha1,verify,4},
             {couch_httpd_oauth,'-oauth_authentication_handler/1-fun-0-',6},
             {couch_httpd,authenticate_request,2}]

Changed in couchdb:
status: New → In Progress
visibility: private → public
Changed in desktopcouch:
status: New → Confirmed
summary: - couchdb.one gives HTTP 500, when oauth token secret is unknown
+ couchdb gives HTTP 500, when oauth token secret is unknown
Chad Miller (cmiller) wrote :

Also an auth-related HTTP 500, but perhaps not for unknwon OAuth token:

ServerError: (500, ('unknown_error', 'badarg'))

Badarg error in HTTP request

Stacktrace:
[{erlang,list_to_binary,[undefined]},
             {couch_httpd_oauth,set_user_ctx,2},
             {couch_httpd,authenticate_request,2},
             {couch_httpd,handle_request,5},
             {mochiweb_http,headers,5},
             {proc_lib,init_p_do_apply,3}]

httpd 500 error response:
 {darg error in HTTP request"error":"unknown_error","reason":"badarg"}

Changed in couchdb:
status: In Progress → Confirmed
Chad Miller (cmiller) wrote :

Further note: Failures in reading the INI *should* be a 500 error, after they stop storing users in INI files. Once users are written to a more sane place (like, say, a database?!), this goes away.

Changed in desktopcouch:
assignee: nobody → Chad Miller (cmiller)
Nicola Larosa (teknico) on 2010-01-12
Changed in desktopcouch:
importance: Undecided → Medium
importance: Medium → Low
Martin Albisetti (beuno) on 2013-06-28
Changed in ubuntuone-servers:
status: Triaged → Invalid
Changed in desktopcouch:
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers