diff options
author | ADAM David Alan Martin <adam.martin@10gen.com> | 2017-12-14 16:03:37 -0500 |
---|---|---|
committer | ADAM David Alan Martin <adam.martin@10gen.com> | 2017-12-14 16:05:16 -0500 |
commit | 2efa93e1132e2dbc1b7f5a7f0118a9440e511f89 (patch) | |
tree | 42cb20ce9c9a787fb4f258d32b7c8ebbe9deeaab /jstests | |
parent | 3b116b0dc632a0533c8b76ddbf02186e4bf6774e (diff) | |
download | mongo-2efa93e1132e2dbc1b7f5a7f0118a9440e511f89.tar.gz |
SERVER-32164 Fix handling of `authSource` in URIs.
Diffstat (limited to 'jstests')
-rw-r--r-- | jstests/ssl/shell_option_parsing.js | 184 |
1 files changed, 184 insertions, 0 deletions
diff --git a/jstests/ssl/shell_option_parsing.js b/jstests/ssl/shell_option_parsing.js new file mode 100644 index 00000000000..cc043d57115 --- /dev/null +++ b/jstests/ssl/shell_option_parsing.js @@ -0,0 +1,184 @@ +// Test mongo shell connect strings. +(function() { + 'use strict'; + + const SERVER_CERT = "jstests/libs/server.pem"; + const CAFILE = "jstests/libs/ca.pem"; + + var opts = { + sslMode: "allowSSL", + sslPEMKeyFile: SERVER_CERT, + sslAllowInvalidCertificates: "", + sslAllowConnectionsWithoutCertificates: "", + sslCAFile: CAFILE, + setParameter: "authenticationMechanisms=MONGODB-X509,SCRAM-SHA-1" + }; + + var rst = new ReplSetTest({name: 'sslSet', nodes: 3, nodeOptions: opts}); + + rst.startSet(); + rst.initiate(); + + const mongod = rst.getPrimary(); + const host = mongod.host; + const port = mongod.port; + + const username = "user"; + const usernameNotTest = "userNotTest"; + const usernameX509 = "C=US,ST=New York,L=New York City,O=MongoDB,OU=KernelUser,CN=client"; + + const password = username; + const passwordNotTest = usernameNotTest; + + mongod.getDB("test").createUser({user: username, pwd: username, roles: []}); + mongod.getDB("notTest").createUser({user: usernameNotTest, pwd: usernameNotTest, roles: []}); + mongod.getDB("$external").createUser({user: usernameX509, roles: []}); + + var i = 0; + function testConnect(noPasswordPrompt, ...args) { + const command = [ + 'mongo', + '--eval', + ';', + '--ssl', + '--sslAllowInvalidHostnames', + '--sslCAFile', + CAFILE, + ...args + ]; + print("=========================================> The command (" + (i++) + + ") I am going to run is: " + command.join(' ')); + + clearRawMongoProgramOutput(); + var clientPID = _startMongoProgram.apply(null, command); + sleep(30000); + + if (checkProgram(clientPID).alive) { + stopMongoProgramByPid(clientPID); + } + + assert.eq(!noPasswordPrompt, rawMongoProgramOutput().includes("Enter password:")); + } + + testConnect(false, `mongodb://${username}@${host}/test`); + testConnect(false, `mongodb://${username}@${host}/test`, '--password'); + + testConnect(false, `mongodb://${username}@${host}/test`, '--username', username); + testConnect(false, `mongodb://${username}@${host}/test`, '--password', '--username', username); + + testConnect(false, + `mongodb://${usernameNotTest}@${host}/test?authSource=notTest`, + '--password', + '--username', + usernameNotTest); + + testConnect(false, `mongodb://${usernameNotTest}@${host}/test?authSource=notTest`); + + testConnect(false, + `mongodb://${usernameNotTest}@${host}/test?authSource=notTest`, + '--password', + '--username', + usernameNotTest, + '--authenticationDatabase', + 'notTest'); + + testConnect(false, + `mongodb://${usernameNotTest}@${host}/test`, + '--password', + '--username', + usernameNotTest, + '--authenticationDatabase', + 'notTest'); + + testConnect(false, `mongodb://${host}/test?authSource=notTest`, '--username', usernameNotTest); + + testConnect(false, `mongodb://${host}/test`, '--username', username); + testConnect(false, `mongodb://${host}/test`, '--password', '--username', username); + + testConnect(true, `mongodb://${host}/test`, '--password', password, '--username', username); + + testConnect(true, `mongodb://${username}:${password}@${host}/test`); + testConnect(true, `mongodb://${username}:${password}@${host}/test`, '--password'); + testConnect(true, `mongodb://${username}:${password}@${host}/test`, '--password', password); + testConnect(true, `mongodb://${username}@${host}/test`, '--password', password); + + testConnect(true, + `mongodb://${usernameNotTest}@${host}/test?authSource=notTest`, + '--username', + usernameNotTest, + '--password', + passwordNotTest, + '--authenticationDatabase', + 'notTest'); + + testConnect(true, + `mongodb://${usernameNotTest}@${host}/test?authSource=notTest`, + '--username', + usernameNotTest, + '--password', + passwordNotTest); + + testConnect(true, + `mongodb://${usernameNotTest}@${host}/test?authSource=notTest`, + '--password', + passwordNotTest); + + testConnect(true, + `mongodb://${host}/test?authSource=notTest`, + '--username', + usernameNotTest, + '--password', + passwordNotTest); + + // TODO: Enable this set of tests in the future -- needs proper encoding for X509 username in + // URI + if (false) { + testConnect( + true, + `mongodb://${usernameX509}@${host}/test?authMechanism=MONGODB-X509&authSource=$external`); + testConnect( + true, + `mongodb://${usernameX509}@${host}/test?authMechanism=MONGODB-X509&authSource=$external`, + '--username', + usernameX509); + testConnect(true, + `mongodb://${usernameX509}@${host}/test?authSource=$external`, + '--authenticationMechanism', + 'MONGODB-X509'); + + testConnect( + true, + `mongodb://${usernameX509}@${host}/test?authMechanism=MONGODB-X509&authSource=$external`, + '--authenticationMechanism', + 'MONGODB-X509'); + testConnect( + true, + `mongodb://${usernameX509}@${host}/test?authMechanism=MONGODB-X509&authSource=$external`, + '--authenticationMechanism', + 'MONGODB-X509', + '--username', + usernameX509); + testConnect(true, + `mongodb://${usernameX509}@${host}/test?authSource=$external`, + '--authenticationMechanism', + 'MONGODB-X509'); + } + /* */ + + testConnect(true, `mongodb://${host}/test?authMechanism=MONGODB-X509&authSource=$external`); + testConnect(true, + `mongodb://${host}/test?authMechanism=MONGODB-X509&authSource=$external`, + '--username', + usernameX509); + + testConnect(true, + `mongodb://${host}/test?authSource=$external`, + '--authenticationMechanism', + 'MONGODB-X509'); + testConnect(true, + `mongodb://${host}/test?authSource=$external`, + '--username', + usernameX509, + '--authenticationMechanism', + 'MONGODB-X509'); +})(); |