File: scram_spec.rb

package info (click to toggle)
ruby-mongo 2.21.3-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 14,764 kB
  • sloc: ruby: 108,806; makefile: 5; sh: 2
file content (121 lines) | stat: -rw-r--r-- 3,000 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
 
# frozen_string_literal: true
# rubocop:todo all

require 'spec_helper'
require 'support/shared/auth_context'

describe Mongo::Auth::Scram do
  require_no_external_user

  let(:server) do
    authorized_client.cluster.next_primary
  end

  include_context 'auth unit tests'

  let(:cache_mod) { Mongo::Auth::CredentialCache }

  shared_examples_for 'caches scram credentials' do |cache_key|

    it 'caches scram credentials' do
      cache_mod.clear
      expect(cache_mod.store).to be_empty

      expect(login['ok']).to eq(1)

      expect(cache_mod.store).not_to be_empty
      client_key_entry = cache_mod.store.keys.detect do |key|
        key.include?(test_user.password) && key.include?(cache_key)
      end
      expect(client_key_entry).not_to be nil
    end
  end

  shared_examples_for 'works correctly' do

    before do
      connection.connect!
    end

    describe '#login' do

      context 'when the user is not authorized' do

        let(:user) do
          Mongo::Auth::User.new(
            database: 'driver',
            user: 'notauser',
            password: 'password',
            auth_mech: auth_mech,
          )
        end

        let(:authenticator) do
          described_class.new(user, connection)
        end

        it 'raises an exception' do
          expect do
            authenticator.login
          end.to raise_error(Mongo::Auth::Unauthorized)
        end

        context 'when compression is used' do
          require_compression
          min_server_fcv '3.6'

          it 'does not compress the message' do
            expect(Mongo::Protocol::Compressed).not_to receive(:new)
            expect {
              authenticator.login
            }.to raise_error(Mongo::Auth::Unauthorized)
          end
        end
      end

      context 'when the user is authorized for the database' do

        let(:authenticator) do
          described_class.new(test_user, connection)
        end

        let(:login) do
          authenticator.login
        end

        it 'logs the user into the connection' do
          expect(login['ok']).to eq(1)
        end

        it_behaves_like 'caches scram credentials', :salted_password
        it_behaves_like 'caches scram credentials', :client_key
        it_behaves_like 'caches scram credentials', :server_key

        context 'if conversation has not verified server signature' do
          it 'raises an exception' do
            expect_any_instance_of(Mongo::Auth::ScramConversationBase).to receive(:server_verified?).and_return(false)
            lambda do
              login
            end.should raise_error(Mongo::Error::MissingScramServerSignature)
          end
        end
      end
    end
  end

  context 'when SCRAM-SHA-1 is used' do
    min_server_fcv '3.0'

    let(:auth_mech) { :scram }

    it_behaves_like 'works correctly'
  end

  context 'when SCRAM-SHA-256 is used' do
    min_server_fcv '4.0'

    let(:auth_mech) { :scram256 }

    it_behaves_like 'works correctly'
  end
end