无法使 PouchDB 身份验证工作

Question

我尝试了许多配置，但未能通过此 Karma/Jasmine 单元测试。有什么我想念的想法吗？

运行 CouchDb 1.6.1。 Jasmine 单元测试在 IntelliJ IDEA 中运行。

describe("CouchDb Auth")      
  it("Test login", function (done) {

    var auth = {
      username: 'demo',
      password: 'omed'
    }

    var url = 'http://127.0.0.1:5984/demo';

    var ajaxOpts = {
      headers: {
    // 'Access-Control-Allow-Credentials': 'true',
    'Authorization': 'Basic ' + window.btoa(auth.username + ':' + auth.password),
      }
    };

    var db = new PouchDB(url, {skipSetup: true});

    db.login(auth.username, auth.password, ajaxOpts)
      .then(function(res) {
    console.log(res);
    done();
      })
      .catch(function(err) {
    console.log(err);

    done('Failed to login');
      });
  });
});

local.ini 文件：沙发 1.6.1

[couchdb]
;max_document_size = 4294967296 ; bytes
uuid = 3fe8f6afb42b8fde93b8b66818b3476c

[httpd]
bind_address = 0.0.0.0
enable_cors = true

; Uncomment next line to trigger basic-auth popup on unauthorized requests.
WWW-Authenticate = Basic realm="administrator"
; WWW-Authenticate = Other realm="app"

[cors]
; You can’t set origins: * and credentials = true at the same time.
credentials = true
; List of origins separated by a comma, * means accept all
; Origins must include the scheme: http://example.com
origins = http://localhost:9876
; List of accepted headers separated by a comma
headers = accept, authorization, content-type, origin, referer, cache-control, x-requested-with, x-csrf-token
; List of accepted methods
methods = GET, PUT, POST, HEAD, DELETE

[couch_httpd_auth]
secret = somesecretstuff
require_valid_user = true

[log]
level = debug

[ssl]
;cert_file = /full/path/to/server_cert.pem
;key_file = /full/path/to/server_key.pem
;password = somepassword
; set to true to validate peer certificates
verify_ssl_certificates = false
; Path to file containing PEM encoded CA certificates (trusted
; certificates used for verifying a peer certificate). May be omitted if
; you do not want to verify the peer.
;cacert_file = /full/path/to/cacertf
; The verification fun (optional) if not specified, the default
; verification fun will be used.
;verify_fun = {Module, VerifyFun}
; maximum peer certificate depth
ssl_certificate_max_depth = 1

[vhosts]

[update_notification]

[admins]
;admin = mysecretpassword

; demo = omed
demo = -pbkdf2-606718f546624acae3a7ed561540352921281e7c,a1d619524376dfbd0f8f6547856d74eb,10

Answer 1

pouchdb-authentication 实际上设计为使用 cookie 身份验证，而不是 HTTP 身份验证（即Authorization 标头）。调用db.login() 应该就足够了，因为它会为你设置cookie。

如果您不确定失败的原因，我建议您在自己的浏览器中针对您自己的 CouchDB 运行 pouchdb-authentication 测试套件，这样您就可以尝试找出问题是否出在您的 Nginx 层，您的 CouchDB 配置，您的 pouchdb-authentication 配置等。为此，只需：

git clone https://github.com/nolanlawson/pouchdb-authentication.git
cd pouchdb-authentication
npm install
npm run dev

然后在浏览器中打开http://127.0.0.1:8002/test/index.html。它将尝试使用 localhost:5984 进行身份验证。

Answer 2

HTTP 身份验证

https://github.com/pouchdb/pouchdb/blob/master/src/adapters/http/index.js

 if (opts.auth || host.auth) {
      var nAuth = opts.auth || host.auth;
      var token = btoa(nAuth.username + ':' + nAuth.password);
      ajaxOpts.headers = ajaxOpts.headers || {};
      ajaxOpts.headers.Authorization = 'Basic ' + token;
 }

所以ajaxOpts应该是

 var ajaxOpts = {
      auth: {
           username:'...',
           password:'...'    
      }          
 };

在 phonegap 上工作，没有 cookie。