SERVER-23184 Fix connection_status.js test.

(cherry picked from commit 10e70cabf340199e6dccaced6fb7dd12cfb6e689)

1 files changed, 65 insertions, 54 deletions

diff --git a/jstests/core/connection_status.js b/jstests/core/connection_status.js
index 2ecfb211b6d..728e3d8a131 100644
--- a/jstests/core/connection_status.js
+++ b/jstests/core/connection_status.js
@@ -1,80 +1,91 @@
 // Tests the connectionStatus command
 (function() {
+    "use strict";
     var dbName = 'connection_status';
     var myDB = db.getSiblingDB(dbName);
     myDB.dropAllUsers();
 
-    function test(userName) {
-        myDB.createUser(
-            {user: userName, pwd: "weak password", roles: [{db: "admin", role: "root"}]});
-        myDB.auth(userName, "weak password");
-
-        var output = myDB.runCommand("connectionStatus");
-        assert.commandWorked(output);
+    /**
+     * Test that the output of connectionStatus makes sense.
+     */
+    function validateConnectionStatus(expectedUser, expectedRole, showPrivileges) {
+        var connectionStatus =
+            myDB.runCommand({"connectionStatus": 1, "showPrivileges": showPrivileges});
+        assert.commandWorked(connectionStatus);
+        var authInfo = connectionStatus.authInfo;
 
         // Test that authenticated users are properly returned.
-        var users = output.authInfo.authenticatedUsers;
-
+        var users = authInfo.authenticatedUsers;
         var matches = 0;
+        var infoStr = tojson(authInfo);
         for (var i = 0; i < users.length; i++) {
-            if (users[i].db != dbName)
-                continue;
-
-            assert.eq(users[i].user, userName);
-            matches++;
+            var user = users[i].user;
+            var db = users[i].db;
+            assert(isString(user),
+                   "each authenticatedUsers should have a 'user' string:" + infoStr);
+            assert(isString(db), "each authenticatedUsers should have a 'db' string:" + infoStr);
+            if (user === expectedUser.user && db === expectedUser.db) {
+                matches++;
+            }
         }
-        assert.eq(matches, 1);
+        assert.eq(
+            matches, 1, "expected user should be present once in authenticatedUsers:" + infoStr);
 
         // Test that authenticated roles are properly returned.
-        var roles = output.authInfo.authenticatedUserRoles;
-
+        var roles = authInfo.authenticatedUserRoles;
         matches = 0;
         for (var i = 0; i < roles.length; i++) {
-            if (roles[i].db != "admin")
-                continue;
-
-            assert.eq(roles[i].role, "root");
-            matches++;
-        }
-        assert(matches >= 1);
-
-        // Test roles/ privileges for a non-root user.
-        myDB.createUser({user: "foo", pwd: "weak password", roles: [{db: "foo", role: "read"}]});
-        myDB.logout();
-        myDB.auth("foo", "weak password");
-
-        output = myDB.runCommand({"connectionStatus": 1, "showPrivileges": 1});
-        assert.commandWorked(output);
-
-        var users = output.authInfo.authenticatedUsers;
-        var authedAsSystem = false;
-        for (var i = 0; i < users.length; i++) {
-            var authed = users[i];
-            if (authed.user === "__system" && authed.db === "local") {
-                authedAsSystem = true;
+            var role = roles[i].role;
+            var db = roles[i].db;
+            assert(isString(role),
+                   "each authenticatedUserRole should have a 'role' string:" + infoStr);
+            assert(isString(db), "each authenticatedUserRole should have a 'db' string:" + infoStr);
+            if (role === expectedRole.role && db === expectedRole.db) {
+                matches++;
             }
         }
-
-        var privileges = output.authInfo.authenticatedUserPrivileges;
-
-        for (var i = 0; i < privileges.length; i++) {
-            if (privileges[i].resource.anyResource) {
-                if (authedAsSystem) {
-                    assert.eq(["anyAction"],
-                              privileges[i].actions,
-                              "__system user should only have anyResource/anyAction privilege:" +
-                                  tojson(output));
-                } else {
-                    assert(false,
-                           "read role should not have anyResource privileges:" + tojson(output));
+        // Role will be duplicated when users with the same role are logged in at the same time.
+        assert.gte(
+            matches, 1, "expected role should be present in authenticatedUserRoles:" + infoStr);
+
+        var privileges = authInfo.authenticatedUserPrivileges;
+        if (showPrivileges) {
+            for (var i = 0; i < privileges.length; i++) {
+                assert(
+                    isObject(privileges[i].resource),
+                    "each authenticatedUserPrivilege should have a 'resource' object:" + infoStr);
+                var actions = privileges[i].actions;
+                for (var j = 0; j < actions.length; j++) {
+                    assert(isString(actions[j]),
+                           "each authenticatedUserPrivilege action should be a string:" + infoStr);
                 }
             }
+
+        } else {
+            // Test that privileges are not returned without asking
+            assert.eq(privileges,
+                      undefined,
+                      "authenticatedUserPrivileges should not be returned by default:" + infoStr);
         }
+    }
 
-        myDB.logout();
+    function test(userName) {
+        var user = {
+            user: userName,
+            db: dbName
+        };
+        var role = {
+            role: "root",
+            db: "admin"
+        };
+        myDB.createUser({user: userName, pwd: "weak password", roles: [role]});
+        myDB.auth(userName, "weak password");
+
+        // Validate with and without showPrivileges
+        validateConnectionStatus(user, role, true);
+        validateConnectionStatus(user, role, false);
 
         // Clean up.
-        myDB.auth(userName, "weak password");
         myDB.dropAllUsers();
         myDB.logout();
     }