diff options
author | Sara Golemon <sara.golemon@mongodb.com> | 2017-12-19 14:17:37 -0500 |
---|---|---|
committer | Sara Golemon <sara.golemon@mongodb.com> | 2017-12-21 14:32:44 -0500 |
commit | fb8046d813af032d6d51327affbab9b6199fe654 (patch) | |
tree | 1ffa28fe494a7765047b69514089e848503e78eb /jstests/auth/scram-credentials-invalid.js | |
parent | 260cc0cb463537cf9f1f479a8c38e74ffd807407 (diff) | |
download | mongo-fb8046d813af032d6d51327affbab9b6199fe654.tar.gz |
SERVER-32410 Validate User::CredentialData during auth
Diffstat (limited to 'jstests/auth/scram-credentials-invalid.js')
-rw-r--r-- | jstests/auth/scram-credentials-invalid.js | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/jstests/auth/scram-credentials-invalid.js b/jstests/auth/scram-credentials-invalid.js new file mode 100644 index 00000000000..16c0c204d12 --- /dev/null +++ b/jstests/auth/scram-credentials-invalid.js @@ -0,0 +1,45 @@ +// Ensure that attempting to use SCRAM-SHA-1 auth on a +// user with invalid SCRAM-SHA-1 credentials fails gracefully. + +(function() { + 'use strict'; + + function runTest(mongod) { + assert(mongod); + const admin = mongod.getDB('admin'); + const test = mongod.getDB('test'); + + admin.createUser({user: 'admin', pwd: 'pass', roles: jsTest.adminUserRoles}); + assert(admin.auth('admin', 'pass')); + + test.createUser({user: 'user', pwd: 'pass', roles: jsTest.basicUserRoles}); + + // Give the test user an invalid set of SCRAM-SHA-1 credentials. + assert.eq(admin.system.users + .update({_id: "test.user"}, { + $set: { + "credentials.SCRAM-SHA-1": { + salt: "AAAA", + storedKey: "AAAA", + serverKey: "AAAA", + iterationCount: 10000 + } + } + }) + .nModified, + 1, + "Should have updated one document for user@test"); + admin.logout(); + + assert(!test.auth({user: 'user', pwd: 'pass'})); + + assert.soon(function() { + const log = cat(mongod.fullOptions.logFile); + return /Unable to perform SCRAM-SHA-1 auth.* invalid SCRAM credentials/.test(log); + }, "No warning issued for invalid SCRAM-SHA-1 credendials doc", 30 * 1000, 5 * 1000); + } + + const mongod = MongoRunner.runMongod({auth: "", useLogFiles: true}); + runTest(mongod); + MongoRunner.stopMongod(mongod); +})(); |