Basic Auth implementation does not use login credentials provided in options.auth #204
Description
In release v1.0.0 basic auth is implemented. This implenetation uses only credentials in provided in the database url in the form of https://user:[email protected]/database. Credentials provided in options.auth are ignored.
Expected Behavior and Current Behavior
var db1 = new Pouchdb("https://domain.com/database", {"auth": {"username":"user", "password": "pwd"}})
var db2 = new Pouchdb(" https://user:[email protected]/database");
/* db1 and db2 should behave exactly the same but do not*/
Possible Solution
In commit function getBasicAuthHeaders(db) {...} uses just the db.name to create HTTP Basic Auth header, but should also use the other options provided into Pouchdb() constructor. It seems all other HTTP header options in options are also ignored like for custom headers.
Steps to Reproduce (for bugs)
var db1 = new Pouchdb("https://domain.com/database", {"auth": {"username":"user", "password": "pwd"}});
db.getUser("user").then(...);
The above code fails.
Context
Firstly, my usernames are email addresses. therefore i cannot use the Basic Auth in url.
Secondly, Apple Safari (iOS, desktop) has a very restrictive cookie policy which disallows web sites to see cookies from another site if the user himself did not visit the other site with visible content too. Pure CORS with session cookies in not possible with safari. workarounds exists but complicated (iframes, redirects). Therefore basic auth over HTTPS is a good solution for that issue.
Your Environment
- Version of PouchDB Authentication: 1.1.0
- Version of PouchDB: 6.3.4
- Platform name and version: Chrome, Firefox, Safari
- Operating System and version: Linux, iOS
- Server: CouchDB 2.0.0
Remarks
When the fix is released, can you ping me so that I can update the clojurescript wrapper on https://clojars.org/