SERVER-32164 Fix handling of `authSource` in URIs.

author: ADAM David Alan Martin <adam.martin@10gen.com> 2017-12-14 16:03:37 -0500
committer: ADAM David Alan Martin <adam.martin@10gen.com> 2017-12-14 16:05:16 -0500
commit: 2efa93e1132e2dbc1b7f5a7f0118a9440e511f89 (patch)
tree: 42cb20ce9c9a787fb4f258d32b7c8ebbe9deeaab /jstests
parent: 3b116b0dc632a0533c8b76ddbf02186e4bf6774e (diff)
download: mongo-2efa93e1132e2dbc1b7f5a7f0118a9440e511f89.tar.gz
1 files changed, 184 insertions, 0 deletions
diff --git a/jstests/ssl/shell_option_parsing.js b/jstests/ssl/shell_option_parsing.js
new file mode 100644
index 00000000000..cc043d57115
--- /dev/null
+++ b/jstests/ssl/shell_option_parsing.js
@@ -0,0 +1,184 @@
+// Test mongo shell connect strings.
+(function() {
+    'use strict';
+
+    const SERVER_CERT = "jstests/libs/server.pem";
+    const CAFILE = "jstests/libs/ca.pem";
+
+    var opts = {
+        sslMode: "allowSSL",
+        sslPEMKeyFile: SERVER_CERT,
+        sslAllowInvalidCertificates: "",
+        sslAllowConnectionsWithoutCertificates: "",
+        sslCAFile: CAFILE,
+        setParameter: "authenticationMechanisms=MONGODB-X509,SCRAM-SHA-1"
+    };
+
+    var rst = new ReplSetTest({name: 'sslSet', nodes: 3, nodeOptions: opts});
+
+    rst.startSet();
+    rst.initiate();
+
+    const mongod = rst.getPrimary();
+    const host = mongod.host;
+    const port = mongod.port;
+
+    const username = "user";
+    const usernameNotTest = "userNotTest";
+    const usernameX509 = "C=US,ST=New York,L=New York City,O=MongoDB,OU=KernelUser,CN=client";
+
+    const password = username;
+    const passwordNotTest = usernameNotTest;
+
+    mongod.getDB("test").createUser({user: username, pwd: username, roles: []});
+    mongod.getDB("notTest").createUser({user: usernameNotTest, pwd: usernameNotTest, roles: []});
+    mongod.getDB("$external").createUser({user: usernameX509, roles: []});
+
+    var i = 0;
+    function testConnect(noPasswordPrompt, ...args) {
+        const command = [
+            'mongo',
+            '--eval',
+            ';',
+            '--ssl',
+            '--sslAllowInvalidHostnames',
+            '--sslCAFile',
+            CAFILE,
+            ...args
+        ];
+        print("=========================================> The command (" + (i++) +
+              ") I am going to run is: " + command.join(' '));
+
+        clearRawMongoProgramOutput();
+        var clientPID = _startMongoProgram.apply(null, command);
+        sleep(30000);
+
+        if (checkProgram(clientPID).alive) {
+            stopMongoProgramByPid(clientPID);
+        }
+
+        assert.eq(!noPasswordPrompt, rawMongoProgramOutput().includes("Enter password:"));
+    }
+
+    testConnect(false, `mongodb://${username}@${host}/test`);
+    testConnect(false, `mongodb://${username}@${host}/test`, '--password');
+
+    testConnect(false, `mongodb://${username}@${host}/test`, '--username', username);
+    testConnect(false, `mongodb://${username}@${host}/test`, '--password', '--username', username);
+
+    testConnect(false,
+                `mongodb://${usernameNotTest}@${host}/test?authSource=notTest`,
+                '--password',
+                '--username',
+                usernameNotTest);
+
+    testConnect(false, `mongodb://${usernameNotTest}@${host}/test?authSource=notTest`);
+
+    testConnect(false,
+                `mongodb://${usernameNotTest}@${host}/test?authSource=notTest`,
+                '--password',
+                '--username',
+                usernameNotTest,
+                '--authenticationDatabase',
+                'notTest');
+
+    testConnect(false,
+                `mongodb://${usernameNotTest}@${host}/test`,
+                '--password',
+                '--username',
+                usernameNotTest,
+                '--authenticationDatabase',
+                'notTest');
+
+    testConnect(false, `mongodb://${host}/test?authSource=notTest`, '--username', usernameNotTest);
+
+    testConnect(false, `mongodb://${host}/test`, '--username', username);
+    testConnect(false, `mongodb://${host}/test`, '--password', '--username', username);
+
+    testConnect(true, `mongodb://${host}/test`, '--password', password, '--username', username);
+
+    testConnect(true, `mongodb://${username}:${password}@${host}/test`);
+    testConnect(true, `mongodb://${username}:${password}@${host}/test`, '--password');
+    testConnect(true, `mongodb://${username}:${password}@${host}/test`, '--password', password);
+    testConnect(true, `mongodb://${username}@${host}/test`, '--password', password);
+
+    testConnect(true,
+                `mongodb://${usernameNotTest}@${host}/test?authSource=notTest`,
+                '--username',
+                usernameNotTest,
+                '--password',
+                passwordNotTest,
+                '--authenticationDatabase',
+                'notTest');
+
+    testConnect(true,
+                `mongodb://${usernameNotTest}@${host}/test?authSource=notTest`,
+                '--username',
+                usernameNotTest,
+                '--password',
+                passwordNotTest);
+
+    testConnect(true,
+                `mongodb://${usernameNotTest}@${host}/test?authSource=notTest`,
+                '--password',
+                passwordNotTest);
+
+    testConnect(true,
+                `mongodb://${host}/test?authSource=notTest`,
+                '--username',
+                usernameNotTest,
+                '--password',
+                passwordNotTest);
+
+    // TODO: Enable this set of tests in the future -- needs proper encoding for X509 username in
+    // URI
+    if (false) {
+        testConnect(
+            true,
+            `mongodb://${usernameX509}@${host}/test?authMechanism=MONGODB-X509&authSource=$external`);
+        testConnect(
+            true,
+            `mongodb://${usernameX509}@${host}/test?authMechanism=MONGODB-X509&authSource=$external`,
+            '--username',
+            usernameX509);
+        testConnect(true,
+                    `mongodb://${usernameX509}@${host}/test?authSource=$external`,
+                    '--authenticationMechanism',
+                    'MONGODB-X509');
+
+        testConnect(
+            true,
+            `mongodb://${usernameX509}@${host}/test?authMechanism=MONGODB-X509&authSource=$external`,
+            '--authenticationMechanism',
+            'MONGODB-X509');
+        testConnect(
+            true,
+            `mongodb://${usernameX509}@${host}/test?authMechanism=MONGODB-X509&authSource=$external`,
+            '--authenticationMechanism',
+            'MONGODB-X509',
+            '--username',
+            usernameX509);
+        testConnect(true,
+                    `mongodb://${usernameX509}@${host}/test?authSource=$external`,
+                    '--authenticationMechanism',
+                    'MONGODB-X509');
+    }
+    /* */
+
+    testConnect(true, `mongodb://${host}/test?authMechanism=MONGODB-X509&authSource=$external`);
+    testConnect(true,
+                `mongodb://${host}/test?authMechanism=MONGODB-X509&authSource=$external`,
+                '--username',
+                usernameX509);
+
+    testConnect(true,
+                `mongodb://${host}/test?authSource=$external`,
+                '--authenticationMechanism',
+                'MONGODB-X509');
+    testConnect(true,
+                `mongodb://${host}/test?authSource=$external`,
+                '--username',
+                usernameX509,
+                '--authenticationMechanism',
+                'MONGODB-X509');
+})();
author	ADAM David Alan Martin <adam.martin@10gen.com>	2017-12-14 16:03:37 -0500
committer	ADAM David Alan Martin <adam.martin@10gen.com>	2017-12-14 16:05:16 -0500
commit	2efa93e1132e2dbc1b7f5a7f0118a9440e511f89 (patch)
tree	42cb20ce9c9a787fb4f258d32b7c8ebbe9deeaab /jstests
parent	3b116b0dc632a0533c8b76ddbf02186e4bf6774e (diff)
download	mongo-2efa93e1132e2dbc1b7f5a7f0118a9440e511f89.tar.gz