summaryrefslogtreecommitdiff
path: root/jstests/auth/renameSystemCollections.js
diff options
context:
space:
mode:
Diffstat (limited to 'jstests/auth/renameSystemCollections.js')
-rw-r--r--jstests/auth/renameSystemCollections.js30
1 files changed, 15 insertions, 15 deletions
diff --git a/jstests/auth/renameSystemCollections.js b/jstests/auth/renameSystemCollections.js
index 7e4c7b821e3..dffee963499 100644
--- a/jstests/auth/renameSystemCollections.js
+++ b/jstests/auth/renameSystemCollections.js
@@ -1,5 +1,5 @@
// SERVER-8623: Test that renameCollection can't be used to bypass auth checks on system namespaces
-var conn = MongoRunner.runMongod({auth : ""});
+var conn = MongoRunner.runMongod({auth: ""});
var adminDB = conn.getDB("admin");
var testDB = conn.getDB("testdb");
@@ -7,38 +7,38 @@ var testDB2 = conn.getDB("testdb2");
var CodeUnauthorized = 13;
-var backdoorUserDoc = { user: 'backdoor', db: 'admin', pwd: 'hashed', roles: ['root'] };
+var backdoorUserDoc = {
+ user: 'backdoor',
+ db: 'admin',
+ pwd: 'hashed',
+ roles: ['root']
+};
-adminDB.createUser({user:'userAdmin',
- pwd:'password',
- roles:['userAdminAnyDatabase']});
+adminDB.createUser({user: 'userAdmin', pwd: 'password', roles: ['userAdminAnyDatabase']});
adminDB.auth('userAdmin', 'password');
-adminDB.createUser({user:'readWriteAdmin',
- pwd:'password',
- roles:['readWriteAnyDatabase']});
-adminDB.createUser({user:'readWriteAndUserAdmin',
- pwd:'password',
- roles:['readWriteAnyDatabase', 'userAdminAnyDatabase']});
+adminDB.createUser({user: 'readWriteAdmin', pwd: 'password', roles: ['readWriteAnyDatabase']});
+adminDB.createUser({
+ user: 'readWriteAndUserAdmin',
+ pwd: 'password',
+ roles: ['readWriteAnyDatabase', 'userAdminAnyDatabase']
+});
adminDB.createUser({user: 'root', pwd: 'password', roles: ['root']});
adminDB.createUser({user: 'rootier', pwd: 'password', roles: ['__system']});
adminDB.logout();
-
jsTestLog("Test that a readWrite user can't rename system.profile to something they can read");
adminDB.auth('readWriteAdmin', 'password');
res = adminDB.system.profile.renameCollection("profile");
assert.eq(0, res.ok);
assert.eq(CodeUnauthorized, res.code);
-
jsTestLog("Test that a readWrite user can't rename system.users to something they can read");
var res = adminDB.system.users.renameCollection("users");
assert.eq(0, res.ok);
assert.eq(CodeUnauthorized, res.code);
assert.eq(0, adminDB.users.count());
-
jsTestLog("Test that a readWrite user can't use renameCollection to override system.users");
adminDB.users.insert(backdoorUserDoc);
res = adminDB.users.renameCollection("system.users", true);
@@ -70,7 +70,7 @@ assert.eq(0, res.ok);
assert.eq(CodeUnauthorized, res.code);
assert.eq(null, adminDB.system.users.findOne({user: backdoorUserDoc.user}));
-assert.neq(null, adminDB.system.users.findOne({user:'userAdmin'}));
+assert.neq(null, adminDB.system.users.findOne({user: 'userAdmin'}));
adminDB.auth('rootier', 'password');
View Lorry Controller Status