File: auth_helpers.js

package info (click to toggle)
mongodb 1%3A3.2.11-2%2Bdeb9u1
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 196,404 kB
  • sloc: cpp: 1,412,793; ansic: 504,961; python: 78,522; perl: 5,837; sh: 5,661; java: 4,202; makefile: 1,784; pascal: 617; xml: 176; asm: 128
file content (65 lines) | stat: -rw-r--r-- 2,325 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
 
// Test the db.auth() shell helper.
//
// This test requires users to persist across a restart.
// @tags: [requires_persistence]

var conn = MongoRunner.runMongod({smallfiles: ""});

var mechanisms, hasCR, hasCramMd5;

var admin = conn.getDB('admin');
// In order to test MONGODB-CR we need to "reset" the authSchemaVersion to
// 26Final "3" or else the user won't get MONGODB-CR credentials.
admin.system.version.save({"_id": "authSchema", "currentVersion": 3});
admin.createUser({user: 'andy', pwd: 'a', roles: jsTest.adminUserRoles});
admin.auth({user: 'andy', pwd: 'a'});

// Attempt to start with CRAM-MD5 enabled
// If this fails the build only supports default auth mechanisms
MongoRunner.stopMongod(conn);
var restartedConn = MongoRunner.runMongod({
    auth: "",
    restart: conn,
    setParameter: "authenticationMechanisms=SCRAM-SHA-1,MONGODB-CR,CRAM-MD5"
});
if (restartedConn != null) {
    mechanisms = ["SCRAM-SHA-1", "MONGODB-CR", "CRAM-MD5"];
    hasCR = true;
    hasCramMd5 = true;
    print("test info: Enabling non-default authentication mechanisms.");
} else {
    restartedConn = MongoRunner.runMongod({restart: conn});
    mechanisms = ["SCRAM-SHA-1", "MONGODB-CR"];
    hasCR = true;
    hasCramMd5 = false;
    print("test info: Using only default password authentication mechanisms.");
}

admin = restartedConn.getDB('admin');
var testedSomething = false;

// Try all the ways to call db.auth that uses SCRAM-SHA-1 or MONGODB-CR.
if (hasCR) {
    testedSomething = true;
    assert(admin.auth('andy', 'a'));
    admin.logout();
    assert(admin.auth({user: 'andy', pwd: 'a'}));
    admin.logout();
    assert(admin.auth({mechanism: 'SCRAM-SHA-1', user: 'andy', pwd: 'a'}));
    admin.logout();
    assert(admin.auth({mechanism: 'MONGODB-CR', user: 'andy', pwd: 'a'}));
    admin.logout();
}

// If the server supports CRAM-MD5, try it out.
if (hasCramMd5) {
    testedSomething = true;
    assert(admin.auth({mechanism: 'CRAM-MD5', user: 'andy', pwd: 'a'}));
    admin.logout();
}

// Sanity check that we tested at least one of MONGODB-CR and CRAM-MD5.
assert(testedSomething, "No candidate authentication mechanisms matched.");

// Invalid mechanisms shouldn't lead to authentication, but also shouldn't crash.
assert(!admin.auth({mechanism: 'this-mechanism-is-fake', user: 'andy', pwd: 'a'}));