3

I want to synchronize the passwords from a MySQL database user table with the CouchDB _users database. From what I can see, on CouchDB it is not possible to look up a user's password hash through the HTTP API. How would you go about manually retrieving and modifying the CouchDB user password hashes?

This question seems to cover SETTING the password, but not GETTING.

Community
  • 1
  • 1
pokstad
  • 3,411
  • 3
  • 30
  • 39

1 Answers1

4

You cannot get the original password, only the SHA1 checksum and input hash.

You can simply fetch them directly from the user's document in the _users database.

curl http://localhost:5984/_users/_all_docs?startkey=\"org.couchdb.user\"\&include_docs=true

For each row, you have the salt and password_sha value.

JasonSmith
  • 72,674
  • 22
  • 123
  • 149
  • Is there any reason why the hashes wouldn't be returned? I executed this same query on my v1.0.1 server (Ubuntu 11.04 package) and received all attributes for users EXCEPT the password items. I also tried this on futon while logged in as admin. The user's password hash and salt were not listed. – pokstad Sep 01 '11 at 03:40
  • I think the admin user does *not* get a password hash or salt, because those are stored in the .ini config files instead. Other normal users do have a hash and salt value, in Apache CouchDB. – JasonSmith Sep 01 '11 at 03:45
  • 3
    admin users *do* get a hash and salt, but it's stored only in the .ini file, and therefore not readable via the _users db. You can fetch it from /_config/admins/ though. – Robert Newson Sep 01 '11 at 10:11
  • One more thing to verify before I accept: Is there an "official" way to create users besides posting a user document to the _user db? It kind of scares me that the system treats admin user docs differently. Are there any other gotchas to regular user documents? – pokstad Sep 01 '11 at 16:16
  • 1
    The admin password values are the only exception I can think of. The official way to create normal users is definitely documents in the `_users` database. The official way to update them is definitely to change the values in that doc. – JasonSmith Sep 02 '11 at 00:02