diff options
author | Sara Golemon <sara.golemon@mongodb.com> | 2021-10-13 21:04:55 +0000 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2021-12-07 00:23:48 +0000 |
commit | d7845457fd30cd1798f70444c2a66d725ab361b4 (patch) | |
tree | 335bd948371be032d209a26c564a140b4ea215a4 /src/mongo/rpc | |
parent | 4a915072ab5279480305a6023db6671e3f32cfd0 (diff) | |
download | mongo-d7845457fd30cd1798f70444c2a66d725ab361b4.tar.gz |
SERVER-61615 Parse authenticated user from security token and add to authorization session
Diffstat (limited to 'src/mongo/rpc')
-rw-r--r-- | src/mongo/rpc/metadata/security_token_metadata_test.cpp | 28 |
1 files changed, 24 insertions, 4 deletions
diff --git a/src/mongo/rpc/metadata/security_token_metadata_test.cpp b/src/mongo/rpc/metadata/security_token_metadata_test.cpp index 00c664c4fc7..1319dae55c7 100644 --- a/src/mongo/rpc/metadata/security_token_metadata_test.cpp +++ b/src/mongo/rpc/metadata/security_token_metadata_test.cpp @@ -30,6 +30,7 @@ #include "mongo/platform/basic.h" #include "mongo/bson/oid.h" +#include "mongo/crypto/sha256_block.h" #include "mongo/db/auth/security_token.h" #include "mongo/db/auth/security_token_gen.h" #include "mongo/db/client.h" @@ -43,14 +44,28 @@ namespace rpc { namespace test { namespace { +constexpr auto kAuthenticatedUserFieldName = "authenticatedUser"_sd; constexpr auto kPingFieldName = "ping"_sd; -constexpr auto kTenantFieldName = "tenant"_sd; +constexpr auto kSigFieldName = "sig"_sd; + +BSONObj makeSecurityToken(const UserName& userName) { + auto authUser = userName.toBSON(true /* serialize token */); + ASSERT_EQ(authUser["tenant"_sd].type(), jstOID); + + BSONObjBuilder token; + token.append(kAuthenticatedUserFieldName, authUser); + + auto block = SHA256Block::computeHash({ConstDataRange(authUser.objdata(), authUser.objsize())}); + token.appendBinData(kSigFieldName, block.size(), BinDataGeneral, block.data()); + + return token.obj(); +} class SecurityTokenMetadataTest : public LockerNoopServiceContextTest {}; TEST_F(SecurityTokenMetadataTest, SecurityTokenNotAccepted) { const auto kPingBody = BSON(kPingFieldName << 1); - const auto kTokenBody = BSON(kTenantFieldName << OID::gen()); + const auto kTokenBody = makeSecurityToken(UserName("user", "admin", OID::gen())); gMultitenancySupport = false; auto msgBytes = OpMsgBytes{0, kBodySection, kPingBody, kSecurityTokenSection, kTokenBody}; @@ -63,7 +78,7 @@ TEST_F(SecurityTokenMetadataTest, SecurityTokenNotAccepted) { TEST_F(SecurityTokenMetadataTest, BasicSuccess) { const auto kOid = OID::gen(); const auto kPingBody = BSON(kPingFieldName << 1); - const auto kTokenBody = BSON(kTenantFieldName << kOid); + const auto kTokenBody = makeSecurityToken(UserName("user", "admin", kOid)); gMultitenancySupport = true; auto msg = OpMsgBytes{0, kBodySection, kPingBody, kSecurityTokenSection, kTokenBody}.parse(); @@ -77,7 +92,12 @@ TEST_F(SecurityTokenMetadataTest, BasicSuccess) { auth::readSecurityTokenMetadata(opCtx.get(), msg.securityToken); auto token = auth::getSecurityToken(opCtx.get()); ASSERT(token != boost::none); - ASSERT_EQ(token->getTenant(), kOid); + + auto authedUser = token->getAuthenticatedUser(); + ASSERT_EQ(authedUser.getUser(), "user"); + ASSERT_EQ(authedUser.getDB(), "admin"); + ASSERT_TRUE(authedUser.getTenant() != boost::none); + ASSERT_EQ(authedUser.getTenant().get(), kOid); } } // namespace |