fix(ajax): correctly handle Basic authentication

Fixes #109.

When username and password are present in db url, generate Basic
authentication token and put it in ajax request headers.

Author: ptitjes

package.json

@@ -41,6 +41,7 @@
   "dependencies": {
     "inherits": "2.0.3",
     "pouchdb-ajax": "6.3.4",
+    "pouchdb-binary-utils": "6.3.4",
     "pouchdb-promise": "6.3.4",
     "pouchdb-utils": "6.3.4",
     "url-join": "2.0.2",

src/admins.js

@@ -1,4 +1,4 @@
-import { AuthError, getBaseUrl, getConfigUrl, wrapError } from './utils';
+import { AuthError, getBaseUrl, getBasicAuthHeaders, getConfigUrl, wrapError } from './utils';
 
 import ajaxCore from 'pouchdb-ajax';
 import { assign, toPromise } from 'pouchdb-utils';
@@ -14,6 +14,7 @@ var getMembership = toPromise(function (opts, callback) {
   var ajaxOpts = assign({
     method: 'GET',
     url: url,
+    headers: getBasicAuthHeaders(db),
   }, opts.ajax || {});
   ajaxCore(ajaxOpts, wrapError(callback));
 });
@@ -54,6 +55,7 @@ var signUpAdmin = toPromise(function (username, password, opts, callback) {
       method: 'PUT',
       url: url,
       processData: false,
+      headers: getBasicAuthHeaders(db),
       body: '"' + password + '"',
     }, opts.ajax || {});
     ajaxCore(ajaxOpts, wrapError(callback));
@@ -93,6 +95,7 @@ var deleteAdmin = toPromise(function (username, opts, callback) {
       method: 'DELETE',
       url: url,
       processData: false,
+      headers: getBasicAuthHeaders(db),
     }, opts.ajax || {});
     ajaxCore(ajaxOpts, wrapError(callback));
   });

src/authentication.js

@@ -1,6 +1,6 @@
 'use strict';
 
-import { AuthError, getSessionUrl, wrapError } from './utils';
+import { AuthError, getBasicAuthHeaders, getSessionUrl, wrapError } from './utils';
 
 import ajaxCore from 'pouchdb-ajax';
 import { assign, toPromise } from 'pouchdb-utils';
@@ -24,7 +24,7 @@ var logIn = toPromise(function (username, password, opts, callback) {
   var ajaxOpts = assign({
     method: 'POST',
     url: getSessionUrl(db),
-    headers: {'Content-Type': 'application/json'},
+    headers: assign({'Content-Type': 'application/json'}, getBasicAuthHeaders(db)),
     body: {name: username, password: password},
   }, opts.ajax || {});
   ajaxCore(ajaxOpts, wrapError(callback));
@@ -39,6 +39,7 @@ var logOut = toPromise(function (opts, callback) {
   var ajaxOpts = assign({
     method: 'DELETE',
     url: getSessionUrl(db),
+    headers: getBasicAuthHeaders(db),
   }, opts.ajax || {});
   ajaxCore(ajaxOpts, wrapError(callback));
 });
@@ -54,6 +55,7 @@ var getSession = toPromise(function (opts, callback) {
   var ajaxOpts = assign({
     method: 'GET',
     url: url,
+    headers: getBasicAuthHeaders(db),
   }, opts.ajax || {});
   ajaxCore(ajaxOpts, wrapError(callback));
 });

src/users.js

@@ -1,6 +1,6 @@
 'use strict';
 
-import { AuthError, getUsersUrl, wrapError } from './utils';
+import { AuthError, getBasicAuthHeaders, getUsersUrl, wrapError } from './utils';
 
 import Promise from 'pouchdb-promise';
 import ajaxCore from 'pouchdb-ajax';
@@ -43,6 +43,7 @@ function updateUser(db, user, opts, callback) {
     method: 'PUT',
     url: url,
     body: user,
+    headers: getBasicAuthHeaders(db),
   }, opts.ajax || {});
   ajaxCore(ajaxOpts, wrapError(callback));
 }
@@ -89,6 +90,7 @@ var getUser = toPromise(function (username, opts, callback) {
   var ajaxOpts = assign({
     method: 'GET',
     url: url + '/' + encodeURIComponent('org.couchdb.user:' + username),
+    headers: getBasicAuthHeaders(db),
   }, opts.ajax || {});
   ajaxCore(ajaxOpts, wrapError(callback));
 });
@@ -137,6 +139,7 @@ var deleteUser = toPromise(function (username, opts, callback) {
     var ajaxOpts = assign({
       method: 'DELETE',
       url: url,
+      headers: getBasicAuthHeaders(db),
     }, opts.ajax || {});
     ajaxCore(ajaxOpts, wrapError(callback));
   });
@@ -169,6 +172,7 @@ var changePassword = toPromise(function (username, password, opts, callback) {
     var ajaxOpts = assign({
       method: 'PUT',
       url: url,
+      headers: getBasicAuthHeaders(db),
       body: user,
     }, opts.ajax || {});
     ajaxCore(ajaxOpts, wrapError(callback));
@@ -193,6 +197,7 @@ var changeUsername = toPromise(function (oldUsername, newUsername, opts, callbac
     var updateOpts = assign({
       method: 'PUT',
       url: url,
+      headers: getBasicAuthHeaders(db),
       body: user,
     }, opts.ajax);
     return ajax(updateOpts);

src/utils.js

@@ -3,6 +3,7 @@
 import urlJoin from 'url-join';
 import urlParse from 'url-parse';
 import inherits from 'inherits';
+import { btoa } from 'pouchdb-binary-utils';
 
 function getBaseUrl(db) {
   if (typeof db.getUrl === 'function') { // pouchdb pre-6.0.0
@@ -26,6 +27,17 @@ function getSessionUrl(db) {
   return urlJoin(getBaseUrl(db), '/_session');
 }
 
+function getBasicAuthHeaders(db) {
+  var url = urlParse(db.name);
+  if (!url.auth) {
+    return {};
+  }
+
+  var str = url.username + ':' + url.password;
+  var token = btoa(unescape(encodeURIComponent(str)));
+  return {Authorization: 'Basic ' + token};
+}
+
 function wrapError(callback) {
   // provide more helpful error message
   return function (err, res) {
@@ -51,4 +63,12 @@ function AuthError(message) {
 
 inherits(AuthError, Error);
 
-export { AuthError, getBaseUrl, getConfigUrl, getSessionUrl, getUsersUrl, wrapError };
+export {
+  AuthError,
+  getBaseUrl,
+  getBasicAuthHeaders,
+  getConfigUrl,
+  getSessionUrl,
+  getUsersUrl,
+  wrapError,
+};