SERVER-6334 ReplSet connections magically gets reauthenticated after logging out

Make sure DBClientReplicaSet clears it's auth table entries whenever user logs out.

1 files changed, 84 insertions, 2 deletions

diff --git a/jstests/sharding/auth_repl.js b/jstests/sharding/auth_repl.js
index 02b13e03812..e732dee0036 100644
--- a/jstests/sharding/auth_repl.js
+++ b/jstests/sharding/auth_repl.js
@@ -1,5 +1,5 @@
-var replTest = new ReplSetTest({ nodes: 3, useHostName : false });
-replTest.startSet({ oplogSize: 10, keyFile: 'jstests/libs/key1' });
+var replTest = new ReplSetTest({ nodes: 3, useHostName : false, keyFile: 'jstests/libs/key1' });
+replTest.startSet({ oplogSize: 10 });
 replTest.initiate();
 replTest.awaitSecondaryNodes();
 
@@ -47,5 +47,87 @@ conn.setSlaveOk(false);
 doc = testColl.findOne();
 assert(doc != null);
 
+var queryToPriShouldFail = function() {
+    conn.setSlaveOk(false);
+
+    assert.throws(function() {
+        testColl.findOne();
+    });
+
+    // should still not work even after retrying
+    assert.throws(function() {
+        testColl.findOne();
+    });
+};
+
+var queryToSecShouldFail = function() {
+    conn.setSlaveOk(true);
+
+    assert.throws(function() {
+        testColl.findOne();
+    });
+
+    // should still not work even after retrying
+    assert.throws(function() {
+        testColl.findOne();
+    });
+
+    // Query to secondary using readPref
+    assert.throws(function() {
+        testColl.find().readPref('secondary').next();
+    });
+
+    // should still not work even after retrying
+    assert.throws(function() {
+        testColl.find().readPref('secondary').next();
+    });
+};
+
+assert(testDB.logout().ok);
+
+jsTest.log('Sending an unauthorized query that should fail');
+queryToPriShouldFail();
+queryToSecShouldFail();
+
+// Repeat logout test, with secondary first, then primary
+assert.eq(1, testDB.auth('a', 'a'));
+assert(testDB.logout().ok);
+
+// re-initialize the underlying connections to primary and secondary
+jsTest.log('Sending an unauthorized query that should still fail');
+queryToSecShouldFail();
+queryToPriShouldFail();
+
+// Repeat logout test, now with the cached secondary down
+assert.eq(1, testDB.auth('a', 'a'));
+
+// Find out the current cached secondary in the repl connection
+conn.setSlaveOk(true);
+var secHost = testColl.find().readPref('secondary').explain().server;
+var secNodeIdx = -1;
+var secPortStr = secHost.split(':')[1];
+
+for (var x = 0; x < nodeCount; x++) {
+    var nodePortStr = replTest.nodes[x].host.split(':')[1];
+
+    if (nodePortStr == secPortStr) {
+        secNodeIdx = x;
+    }
+}
+
+assert(secNodeIdx >= 0); // test sanity check
+
+// Kill the cached secondary
+replTest.stop(secNodeIdx, 15, true, { auth: { user: 'user', pwd: 'user' }});
+
+assert(testDB.logout().ok);
+
+replTest.restart(secNodeIdx);
+replTest.awaitSecondaryNodes();
+
+jsTest.log('Sending an unauthorized query after restart that should still fail');
+queryToSecShouldFail();
+queryToPriShouldFail();
+
 replTest.stopSet();