diff options
| author | Sara Golemon <sara.golemon@mongodb.com> | 2018-02-14 14:38:35 -0500 |
|---|---|---|
| committer | Sara Golemon <sara.golemon@mongodb.com> | 2018-02-15 13:25:31 -0500 |
| commit | 686ec3269f07b0a927d8c18d4f092809fc7d4c31 (patch) | |
| tree | 2d4718f0b1b201e8bcf9a8b7037e9aae7f32da02 /jstests | |
| parent | 6c80eeef1f7228ace1e19c8b39c1a560d279612b (diff) | |
| download | mongo-686ec3269f07b0a927d8c18d4f092809fc7d4c31.tar.gz | |
SERVER-32965 isMaster.saslSupportedMechs updates
* Include SCRAM-SHA-256 in output.
* Handle SASLPREP normalization.
Diffstat (limited to 'jstests')
| -rw-r--r-- | jstests/auth/sasl_mechanism_discovery.js | 45 |
1 files changed, 34 insertions, 11 deletions
diff --git a/jstests/auth/sasl_mechanism_discovery.js b/jstests/auth/sasl_mechanism_discovery.js index c2dfb7aabcc..0dfcb7a36bc 100644 --- a/jstests/auth/sasl_mechanism_discovery.js +++ b/jstests/auth/sasl_mechanism_discovery.js @@ -6,30 +6,53 @@ var db = conn.getDB("admin"); var externalDB = conn.getDB("$external"); - // Make users + // Enable SCRAM-SHA-256. + assert.commandWorked(db.adminCommand({setFeatureCompatibilityVersion: "4.0"})); + + function checkMechs(userid, mechs) { + const res = + assert.commandWorked(db.runCommand({isMaster: 1, saslSupportedMechs: userid})); + assert.eq(mechs, res.saslSupportedMechs, tojson(res)); + } + + // Make users. assert.commandWorked(db.runCommand({createUser: "user", pwd: "pwd", roles: []})); assert.commandWorked(externalDB.runCommand({createUser: "user", roles: []})); + assert.commandWorked(db.runCommand( + {createUser: "IX", pwd: "pwd", roles: [], mechanisms: ["SCRAM-SHA-256"]})); + + // Internal users should support scram methods. + checkMechs("admin.user", ["SCRAM-SHA-1", "SCRAM-SHA-256"]); + + // External users should support PLAIN, but not scram methods. + checkMechs("$external.user", ["PLAIN"]); - // Internal users should support SCRAM-SHA-1. - var isMasterResult = - assert.commandWorked(db.runCommand({isMaster: 1, saslSupportedMechs: "admin.user"})); - assert.eq(["SCRAM-SHA-1"], isMasterResult.saslSupportedMechs, tojson(isMasterResult)); + // Check non-normalized name finds normalized user. + const IXchar = "\u2168"; + const IXuserid = "admin." + IXchar; + checkMechs(IXuserid, ["SCRAM-SHA-256"]); - // External users should support PLAIN, but not SCRAM-SHA-1. - isMasterResult = assert.commandWorked( - db.runCommand({isMaster: 1, saslSupportedMechs: "$external.user"})); - assert.eq(["PLAIN"], isMasterResult.saslSupportedMechs, tojson(isMasterResult)); + // Check that names with compatibility equivalence collide. + assert.commandWorked(db.runCommand( + {createUser: IXchar, pwd: "pwd", roles: [], mechanisms: ["SCRAM-SHA-1"]})); + assert.commandFailed(db.runCommand({isMaster: 1, saslSupportedMechs: IXuserid}), + ErrorCodes.BadValue, + "Two users exist with names exhibiting compatibility equivalence"); } // Test standalone. - var m = MongoRunner.runMongod({setParameter: "authenticationMechanisms=SCRAM-SHA-1,PLAIN"}); + var m = MongoRunner.runMongod( + {setParameter: "authenticationMechanisms=SCRAM-SHA-1,SCRAM-SHA-256,PLAIN"}); runTest(m); MongoRunner.stopMongod(m); // Test mongos. var st = new ShardingTest({ shards: 0, - other: {mongosOptions: {setParameter: "authenticationMechanisms=PLAIN,SCRAM-SHA-1"}} + other: { + mongosOptions: + {setParameter: "authenticationMechanisms=PLAIN,SCRAM-SHA-256,SCRAM-SHA-1"} + } }); runTest(st.s0); st.stop(); |