diff options
Diffstat (limited to 'jstests/auth/renameSystemCollections.js')
-rw-r--r-- | jstests/auth/renameSystemCollections.js | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/jstests/auth/renameSystemCollections.js b/jstests/auth/renameSystemCollections.js index 7e4c7b821e3..dffee963499 100644 --- a/jstests/auth/renameSystemCollections.js +++ b/jstests/auth/renameSystemCollections.js @@ -1,5 +1,5 @@ // SERVER-8623: Test that renameCollection can't be used to bypass auth checks on system namespaces -var conn = MongoRunner.runMongod({auth : ""}); +var conn = MongoRunner.runMongod({auth: ""}); var adminDB = conn.getDB("admin"); var testDB = conn.getDB("testdb"); @@ -7,38 +7,38 @@ var testDB2 = conn.getDB("testdb2"); var CodeUnauthorized = 13; -var backdoorUserDoc = { user: 'backdoor', db: 'admin', pwd: 'hashed', roles: ['root'] }; +var backdoorUserDoc = { + user: 'backdoor', + db: 'admin', + pwd: 'hashed', + roles: ['root'] +}; -adminDB.createUser({user:'userAdmin', - pwd:'password', - roles:['userAdminAnyDatabase']}); +adminDB.createUser({user: 'userAdmin', pwd: 'password', roles: ['userAdminAnyDatabase']}); adminDB.auth('userAdmin', 'password'); -adminDB.createUser({user:'readWriteAdmin', - pwd:'password', - roles:['readWriteAnyDatabase']}); -adminDB.createUser({user:'readWriteAndUserAdmin', - pwd:'password', - roles:['readWriteAnyDatabase', 'userAdminAnyDatabase']}); +adminDB.createUser({user: 'readWriteAdmin', pwd: 'password', roles: ['readWriteAnyDatabase']}); +adminDB.createUser({ + user: 'readWriteAndUserAdmin', + pwd: 'password', + roles: ['readWriteAnyDatabase', 'userAdminAnyDatabase'] +}); adminDB.createUser({user: 'root', pwd: 'password', roles: ['root']}); adminDB.createUser({user: 'rootier', pwd: 'password', roles: ['__system']}); adminDB.logout(); - jsTestLog("Test that a readWrite user can't rename system.profile to something they can read"); adminDB.auth('readWriteAdmin', 'password'); res = adminDB.system.profile.renameCollection("profile"); assert.eq(0, res.ok); assert.eq(CodeUnauthorized, res.code); - jsTestLog("Test that a readWrite user can't rename system.users to something they can read"); var res = adminDB.system.users.renameCollection("users"); assert.eq(0, res.ok); assert.eq(CodeUnauthorized, res.code); assert.eq(0, adminDB.users.count()); - jsTestLog("Test that a readWrite user can't use renameCollection to override system.users"); adminDB.users.insert(backdoorUserDoc); res = adminDB.users.renameCollection("system.users", true); @@ -70,7 +70,7 @@ assert.eq(0, res.ok); assert.eq(CodeUnauthorized, res.code); assert.eq(null, adminDB.system.users.findOne({user: backdoorUserDoc.user})); -assert.neq(null, adminDB.system.users.findOne({user:'userAdmin'})); +assert.neq(null, adminDB.system.users.findOne({user: 'userAdmin'})); adminDB.auth('rootier', 'password'); |