SERVER-29628 $listLocalSessions aggregation stage

author: Sara Golemon <sara.golemon@mongodb.com> 2017-08-08 13:34:39 -0400
committer: Sara Golemon <sara.golemon@mongodb.com> 2017-08-23 09:18:17 -0400
commit: a09f19822fb2a1e5b662bd8d542dd8e2f2607fc6 (patch)
tree: 4d396a07bdf8db1752aa4952211f4b46490459b7 /jstests/auth
parent: 3b8719aecf7541ee83738d9241bfcbc1281b6ed2 (diff)
download: mongo-a09f19822fb2a1e5b662bd8d542dd8e2f2607fc6.tar.gz
3 files changed, 144 insertions, 0 deletions
diff --git a/jstests/auth/lib/commands_lib.js b/jstests/auth/lib/commands_lib.js
index 10cde2c2382..db35708e96c 100644
--- a/jstests/auth/lib/commands_lib.js
+++ b/jstests/auth/lib/commands_lib.js
@@ -661,6 +661,22 @@ var authCommandsLib = {
           skipSharded: true
         },
         {
+          testname: "aggregate_listLocalSessions_allUsers_true",
+          command: {aggregate: 1, pipeline: [{$listLocalSessions: {allUsers: true}}], cursor: {}},
+          testcases: [{
+              runOnDb: adminDbName,
+              roles:
+                  {clusterAdmin: 1, clusterMonitor: 1, clusterManager: 1, root: 1, __system: 1}
+          }],
+          skipSharded: true
+        },
+        {
+          testname: "aggregate_listLocalSessions_allUsers_false",
+          command: {aggregate: 1, pipeline: [{$listLocalSessions: {allUsers: false}}], cursor: {}},
+          testcases: [{runOnDb: adminDbName, roles: roles_all}],
+          skipSharded: true
+        },
+        {
           testname: "aggregate_lookup",
           command: {
               aggregate: "foo",
diff --git a/jstests/auth/list_all_local_sessions.js b/jstests/auth/list_all_local_sessions.js
new file mode 100644
index 00000000000..2d67011bf06
--- /dev/null
+++ b/jstests/auth/list_all_local_sessions.js
@@ -0,0 +1,56 @@
+// Auth tests for the $listLocalSessions {allUsers:true} aggregation stage.
+
+(function() {
+    'use strict';
+    load('jstests/aggregation/extras/utils.js');
+
+    function runListAllLocalSessionsTest(mongod) {
+        assert(mongod);
+        const admin = mongod.getDB("admin");
+        const db = mongod.getDB("test");
+
+        const pipeline = [{'$listLocalSessions': {allUsers: true}}];
+        function listAllLocalSessions() {
+            return admin.aggregate(pipeline);
+        }
+
+        admin.createUser({user: 'admin', pwd: 'pass', roles: jsTest.adminUserRoles});
+        assert(admin.auth('admin', 'pass'));
+        db.createUser({user: 'user1', pwd: 'pass', roles: jsTest.basicUserRoles});
+        admin.logout();
+
+        // Shouldn't be able to listLocalSessions when not logged in.
+        assertErrorCode(admin, pipeline, ErrorCodes.Unauthorized);
+
+        // Start a new session and capture its sessionId.
+        assert(db.auth('user1', 'pass'));
+        const myid = assert.commandWorked(db.runCommand({startSession: 1})).id.id;
+        assert(myid !== undefined);
+
+        // Ensure that a normal user can NOT listAllLocalSessions to view their session.
+        assertErrorCode(admin, pipeline, ErrorCodes.Unauthorized);
+        db.logout();
+
+        // Ensure that the cache now contains the session and is visible by admin.
+        assert(admin.auth('admin', 'pass'));
+        const resultArray = assert.doesNotThrow(listAllLocalSessions).toArray();
+        assert.eq(resultArray.length, 1);
+        const cacheid = resultArray[0]._id.id;
+        assert(cacheid !== undefined);
+        assert.eq(0, bsonWoCompare({x: cacheid}, {x: myid}));
+    }
+
+    const mongod = MongoRunner.runMongod({auth: ""});
+    runListAllLocalSessionsTest(mongod);
+    MongoRunner.stopMongod(mongod);
+
+    if (true) {
+        // TODO: SERVER-29141 Enable mongos-only pipelines
+        return;
+    }
+
+    const st =
+        new ShardingTest({shards: 1, mongos: 1, config: 1, other: {keyFile: 'jstests/libs/key1'}});
+    runListAllLocalSessionsTest(st.s0);
+    st.stop();
+})();
diff --git a/jstests/auth/list_local_sessions.js b/jstests/auth/list_local_sessions.js
new file mode 100644
index 00000000000..c214b964d42
--- /dev/null
+++ b/jstests/auth/list_local_sessions.js
@@ -0,0 +1,72 @@
+// All tests for the $listLocalSessions aggregateion stage.
+
+(function() {
+    'use strict';
+    load('jstests/aggregation/extras/utils.js');
+
+    function runListLocalSessionsTest(mongod) {
+        assert(mongod);
+        const admin = mongod.getDB('admin');
+        const db = mongod.getDB("test");
+
+        const pipeline = [{'$listLocalSessions': {}}];
+        function listLocalSessions() {
+            return admin.aggregate(pipeline);
+        }
+
+        admin.createUser({user: 'admin', pwd: 'pass', roles: jsTest.adminUserRoles});
+        assert(admin.auth('admin', 'pass'));
+
+        db.createUser({user: 'user1', pwd: 'pass', roles: jsTest.basicUserRoles});
+        db.createUser({user: 'user2', pwd: 'pass', roles: jsTest.basicUserRoles});
+        admin.logout();
+
+        // Shouldn't be able to listLocalSessions when not logged in.
+        assertErrorCode(admin, pipeline, ErrorCodes.Unauthorized);
+
+        // Start a new session and capture its sessionId.
+        assert(db.auth('user1', 'pass'));
+        const myid = assert.commandWorked(db.runCommand({startSession: 1})).id.id;
+        assert(myid !== undefined);
+
+        // Ensure that the cache now contains the session.
+        const resultArray = assert.doesNotThrow(listLocalSessions).toArray();
+        assert.eq(resultArray.length, 1);
+        const cacheid = resultArray[0]._id.id;
+        const myuid = resultArray[0]._id.uid;
+        assert(cacheid !== undefined);
+        assert.eq(0, bsonWoCompare({x: cacheid}, {x: myid}));
+
+        // Try asking for the session by username.
+        function listMyLocalSessions() {
+            return admin.aggregate(
+                [{'$listLocalSessions': {users: [{user: "user1", db: "test"}]}}]);
+        }
+        const resultArrayMine = assert.doesNotThrow(listMyLocalSessions).toArray();
+        assert.eq(bsonWoCompare(resultArray, resultArrayMine), 0);
+
+        // Ensure that changing users hides the session.
+        assert(db.auth('user2', 'pass'));
+        const otherArray = assert.doesNotThrow(listLocalSessions).toArray();
+        assert.eq(otherArray.length, 0);
+
+        // Ensure that one user can not explicitly ask for another's sessions.
+        assertErrorCode(admin,
+                        [{'$listLocalSessions': {users: [{user: "user1", db: "test"}]}}],
+                        ErrorCodes.Unauthorized);
+    }
+
+    const mongod = MongoRunner.runMongod({auth: ""});
+    runListLocalSessionsTest(mongod);
+    MongoRunner.stopMongod(mongod);
+
+    if (true) {
+        // TODO SERVER-29141: Support forcing pipelines to run on mongos
+        return;
+    }
+
+    const st =
+        new ShardingTest({shards: 1, mongos: 1, config: 1, other: {keyFile: 'jstests/libs/key1'}});
+    runListLocalSessionsTest(st.s0);
+    st.stop();
+})();
author	Sara Golemon <sara.golemon@mongodb.com>	2017-08-08 13:34:39 -0400
committer	Sara Golemon <sara.golemon@mongodb.com>	2017-08-23 09:18:17 -0400
commit	a09f19822fb2a1e5b662bd8d542dd8e2f2607fc6 (patch)
tree	4d396a07bdf8db1752aa4952211f4b46490459b7 /jstests/auth
parent	3b8719aecf7541ee83738d9241bfcbc1281b6ed2 (diff)
download	mongo-a09f19822fb2a1e5b662bd8d542dd8e2f2607fc6.tar.gz