db.login() Not Working as Intended

[JelaniThompson]

Hey there! I've been trying to figure out how to make my authentication for the past few days with no luck. I'm currently hosting my application on localhost without HTTPS. Using db.signup() works as intended but entering the same credentials into db.login() returns this:

{ error: 'badmatch',
  reason: '{"name":"Bradzilla","password":"MegamanDorkBoi"}',
  ref: 3935085039,
  name: 'badmatch',
  status: 500,
  message: '{"name":"Bradzilla","password":"MegamanDorkBoi"}' }

My current code file is this: https://gist.github.com/JelaniThompson/1ca4564a163c83f905d2d5fc9f2b4a1f

I think my issue is that my password is returning plain text instead of a matching salt. How would I be able to solve this?

[nolanlawson]

Which version of CouchDB are you using? It's best to use 1.6.1 or later.

[JelaniThompson]

Hey there! @nolanlawson thanks for the reply. I'm using CouchDB 2 but I'm not sure if that would be the issue considering db.signup() works just fine. I'm using Express body-parser to get the username and password data from my form but I did read that this is strictly a browser thing and not to be used in Node. I could try an older version of CouchDB if you think that could be the issue though.

[nolanlawson]

TBH I haven’t run the test suite against CouchDB 2.0 so I’m not 100% sure if it works. Ideally though this library should support both 1.x and 2.x.

On Nov 2, 2016, at 6:57 PM, Jelani Thompson notifications@github.com wrote:

Hey there! @nolanlawson https://github.com/nolanlawson thanks for the reply. I'm using CouchDB 2 but I'm not sure if that would be the issue considering db.signup() works just fine. I'm using Express body-parser to get the username and password data from my form but I did read that this is strictly a browser thing and not to be used in Node. I could try an older version of CouchDB if you think that could be the issue though.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub #127 (comment), or mute the thread https://github.com/notifications/unsubscribe-auth/AARUwonpS6S3Ciwiv1oNmUuKEQvXsHVhks5q6T-dgaJpZM4KnNlf.

[koofah]

I think this might help.
https://github.com/nolanlawson/pouchdb-authentication/issues/130

[natcohen]

@nolanlawson Got the same problem with the login... running on cloudant and in my node server! When signing-up a new user, it works but I'm getting "password_scheme": "simple" which, according to the doc should be pbkdf2. And when I try to login, I'm getting badmatch.

@koofah your link doesn't work!

[natcohen]

@nolanlawson just read it's not supposed to work on Node.js why is that? Anything that is not supposed to work on Node.js is used?
BTW would it be possible to replace iriscouch with cloudant in the doc?

[nolanlawson]

I didn't intend it to work in Node.js; this library is designed to be a simple interface to CouchDB authentication. Maybe it works in Node, but I doubt it. As for Cloudant, I haven't tested it.

[natcohen]

@nolanlawson I'm a bit lost then...how are we supposed to design a user creation platform without exposing the _users DB password?

[tdevns]

Some work needs to be done before this is compatible with Node. I'm trying to use it with Electron; while logging in may work the session() call does not change away from the anonymous (name: null) user. Chromium Developer Tools > "Application" Tab > Cookies shows nothing between this and pouchdb-auth but the latter is holding the session after refreshes.

[acdcjunior]

Here's @koofah 's link correct URL: #130

Some good tips there.

Though I'm not sure it's the best option, here's how I managed (running at NodeJS -- check the link for running at browser):

const PouchDB = require('pouchdb');

const ajaxOpts = {
    ajax: {
        headers: {
            Authorization: 'Basic ' + Buffer.from('admin:password').toString('base64')
        },
        body: {
            name: 'admin',
            password: 'password'
        }
    }
};

const db = new PouchDB(`http://myCouchDbHost:5984/myDatabase`, ajaxOpts);
// proceed as usual using db, you should get no auth errors...