SERVER-32410 Validate User::CredentialData during auth

author: Sara Golemon <sara.golemon@mongodb.com> 2017-12-19 14:17:37 -0500
committer: Sara Golemon <sara.golemon@mongodb.com> 2017-12-21 14:32:44 -0500
commit: fb8046d813af032d6d51327affbab9b6199fe654 (patch)
tree: 1ffa28fe494a7765047b69514089e848503e78eb /jstests/auth/scram-credentials-invalid.js
parent: 260cc0cb463537cf9f1f479a8c38e74ffd807407 (diff)
download: mongo-fb8046d813af032d6d51327affbab9b6199fe654.tar.gz
1 files changed, 45 insertions, 0 deletions
diff --git a/jstests/auth/scram-credentials-invalid.js b/jstests/auth/scram-credentials-invalid.js
new file mode 100644
index 00000000000..16c0c204d12
--- /dev/null
+++ b/jstests/auth/scram-credentials-invalid.js
@@ -0,0 +1,45 @@
+// Ensure that attempting to use SCRAM-SHA-1 auth on a
+// user with invalid SCRAM-SHA-1 credentials fails gracefully.
+
+(function() {
+    'use strict';
+
+    function runTest(mongod) {
+        assert(mongod);
+        const admin = mongod.getDB('admin');
+        const test = mongod.getDB('test');
+
+        admin.createUser({user: 'admin', pwd: 'pass', roles: jsTest.adminUserRoles});
+        assert(admin.auth('admin', 'pass'));
+
+        test.createUser({user: 'user', pwd: 'pass', roles: jsTest.basicUserRoles});
+
+        // Give the test user an invalid set of SCRAM-SHA-1 credentials.
+        assert.eq(admin.system.users
+                      .update({_id: "test.user"}, {
+                          $set: {
+                              "credentials.SCRAM-SHA-1": {
+                                  salt: "AAAA",
+                                  storedKey: "AAAA",
+                                  serverKey: "AAAA",
+                                  iterationCount: 10000
+                              }
+                          }
+                      })
+                      .nModified,
+                  1,
+                  "Should have updated one document for user@test");
+        admin.logout();
+
+        assert(!test.auth({user: 'user', pwd: 'pass'}));
+
+        assert.soon(function() {
+            const log = cat(mongod.fullOptions.logFile);
+            return /Unable to perform SCRAM-SHA-1 auth.* invalid SCRAM credentials/.test(log);
+        }, "No warning issued for invalid SCRAM-SHA-1 credendials doc", 30 * 1000, 5 * 1000);
+    }
+
+    const mongod = MongoRunner.runMongod({auth: "", useLogFiles: true});
+    runTest(mongod);
+    MongoRunner.stopMongod(mongod);
+})();
author	Sara Golemon <sara.golemon@mongodb.com>	2017-12-19 14:17:37 -0500
committer	Sara Golemon <sara.golemon@mongodb.com>	2017-12-21 14:32:44 -0500
commit	fb8046d813af032d6d51327affbab9b6199fe654 (patch)
tree	1ffa28fe494a7765047b69514089e848503e78eb /jstests/auth/scram-credentials-invalid.js
parent	260cc0cb463537cf9f1f479a8c38e74ffd807407 (diff)
download	mongo-fb8046d813af032d6d51327affbab9b6199fe654.tar.gz