diff options
Diffstat (limited to 'jstests/noPassthrough/refresh_sessions_command.js')
-rw-r--r-- | jstests/noPassthrough/refresh_sessions_command.js | 185 |
1 files changed, 91 insertions, 94 deletions
diff --git a/jstests/noPassthrough/refresh_sessions_command.js b/jstests/noPassthrough/refresh_sessions_command.js index 4386b61429e..a0a65fb4695 100644 --- a/jstests/noPassthrough/refresh_sessions_command.js +++ b/jstests/noPassthrough/refresh_sessions_command.js @@ -1,96 +1,93 @@ (function() { - "use strict"; - - // This test makes assertions about the number of sessions, which are not compatible with - // implicit sessions. - TestData.disableImplicitSessions = true; - - var conn; - var admin; - var result; - var startSession = {startSession: 1}; - - // Run initial tests without auth. - conn = MongoRunner.runMongod(); - admin = conn.getDB("admin"); - - result = admin.runCommand(startSession); - assert.commandWorked(result, "failed to startSession"); - var lsid = result.id; - - // Test that we can run refreshSessions unauthenticated if --auth is off. - result = admin.runCommand({refreshSessions: [lsid]}); - assert.commandWorked(result, "could not run refreshSessions unauthenticated without --auth"); - - // Test that we can run refreshSessions authenticated if --auth is off. - admin.createUser( - {user: 'admin', pwd: 'admin', roles: ['readAnyDatabase', 'userAdminAnyDatabase']}); - admin.auth("admin", "admin"); - result = admin.runCommand(startSession); - var lsid2 = result.id; - result = admin.runCommand({refreshSessions: [lsid2]}); - assert.commandWorked(result, "could not run refreshSessions logged in with --auth off"); - - // Turn on auth for further testing. - MongoRunner.stopMongod(conn); - conn = MongoRunner.runMongod({auth: "", nojournal: "", setParameter: {maxSessions: 3}}); - admin = conn.getDB("admin"); - - admin.createUser( - {user: 'admin', pwd: 'admin', roles: ['readAnyDatabase', 'userAdminAnyDatabase']}); - admin.auth("admin", "admin"); - - result = admin.runCommand({ - createRole: 'readSessionsCollection', - privileges: [{resource: {db: 'config', collection: 'system.sessions'}, actions: ['find']}], - roles: [] - }); - assert.commandWorked(result, "couldn't make readSessionsCollection role"); - - admin.createUser( - {user: 'readSessionsCollection', pwd: 'pwd', roles: ['readSessionsCollection']}); - admin.logout(); - - // Test that we cannot run refreshSessions unauthenticated if --auth is on. - result = admin.runCommand({refreshSessions: [lsid]}); - assert.commandFailed(result, "able to run refreshSessions without authenticating"); - - // Test that we can run refreshSessions on our own sessions authenticated if --auth is on. - admin.auth("admin", "admin"); - result = admin.runCommand(startSession); - var lsid3 = result.id; - result = admin.runCommand({refreshSessions: [lsid3]}); - assert.commandWorked(result, "unable to run refreshSessions while logged in"); - - // Test that we can refresh "others'" sessions (new ones) when authenticated with --auth. - result = admin.runCommand({refreshSessions: [lsid]}); - assert.commandWorked(result, "unable to refresh novel lsids"); - - // Test that sending a mix of known and new sessions is fine - result = admin.runCommand({refreshSessions: [lsid, lsid2, lsid3]}); - assert.commandWorked(result, "unable to refresh mix of known and unknown lsids"); - - // Test that sending a set of sessions with duplicates is fine - result = admin.runCommand({refreshSessions: [lsid, lsid, lsid, lsid]}); - assert.commandWorked(result, "unable to refresh with duplicate lsids in the set"); - - // Test that we can run refreshSessions with an empty set of sessions. - result = admin.runCommand({refreshSessions: []}); - assert.commandWorked(result, "unable to refresh empty set of lsids"); - - // Test that we cannot run refreshSessions when the cache is full. - var lsid4 = {"id": UUID()}; - result = admin.runCommand({refreshSessions: [lsid4]}); - assert.commandFailed(result, "able to run refreshSessions when the cache is full"); - - // Test that once we force a refresh, all of these sessions are in the sessions collection. - admin.logout(); - admin.auth("readSessionsCollection", "pwd"); - result = admin.runCommand({refreshLogicalSessionCacheNow: 1}); - assert.commandWorked(result, "could not force refresh"); - - var config = conn.getDB("config"); - assert.eq(config.system.sessions.count(), 3, "should have refreshed all session records"); - - MongoRunner.stopMongod(conn); +"use strict"; + +// This test makes assertions about the number of sessions, which are not compatible with +// implicit sessions. +TestData.disableImplicitSessions = true; + +var conn; +var admin; +var result; +var startSession = {startSession: 1}; + +// Run initial tests without auth. +conn = MongoRunner.runMongod(); +admin = conn.getDB("admin"); + +result = admin.runCommand(startSession); +assert.commandWorked(result, "failed to startSession"); +var lsid = result.id; + +// Test that we can run refreshSessions unauthenticated if --auth is off. +result = admin.runCommand({refreshSessions: [lsid]}); +assert.commandWorked(result, "could not run refreshSessions unauthenticated without --auth"); + +// Test that we can run refreshSessions authenticated if --auth is off. +admin.createUser({user: 'admin', pwd: 'admin', roles: ['readAnyDatabase', 'userAdminAnyDatabase']}); +admin.auth("admin", "admin"); +result = admin.runCommand(startSession); +var lsid2 = result.id; +result = admin.runCommand({refreshSessions: [lsid2]}); +assert.commandWorked(result, "could not run refreshSessions logged in with --auth off"); + +// Turn on auth for further testing. +MongoRunner.stopMongod(conn); +conn = MongoRunner.runMongod({auth: "", nojournal: "", setParameter: {maxSessions: 3}}); +admin = conn.getDB("admin"); + +admin.createUser({user: 'admin', pwd: 'admin', roles: ['readAnyDatabase', 'userAdminAnyDatabase']}); +admin.auth("admin", "admin"); + +result = admin.runCommand({ + createRole: 'readSessionsCollection', + privileges: [{resource: {db: 'config', collection: 'system.sessions'}, actions: ['find']}], + roles: [] +}); +assert.commandWorked(result, "couldn't make readSessionsCollection role"); + +admin.createUser({user: 'readSessionsCollection', pwd: 'pwd', roles: ['readSessionsCollection']}); +admin.logout(); + +// Test that we cannot run refreshSessions unauthenticated if --auth is on. +result = admin.runCommand({refreshSessions: [lsid]}); +assert.commandFailed(result, "able to run refreshSessions without authenticating"); + +// Test that we can run refreshSessions on our own sessions authenticated if --auth is on. +admin.auth("admin", "admin"); +result = admin.runCommand(startSession); +var lsid3 = result.id; +result = admin.runCommand({refreshSessions: [lsid3]}); +assert.commandWorked(result, "unable to run refreshSessions while logged in"); + +// Test that we can refresh "others'" sessions (new ones) when authenticated with --auth. +result = admin.runCommand({refreshSessions: [lsid]}); +assert.commandWorked(result, "unable to refresh novel lsids"); + +// Test that sending a mix of known and new sessions is fine +result = admin.runCommand({refreshSessions: [lsid, lsid2, lsid3]}); +assert.commandWorked(result, "unable to refresh mix of known and unknown lsids"); + +// Test that sending a set of sessions with duplicates is fine +result = admin.runCommand({refreshSessions: [lsid, lsid, lsid, lsid]}); +assert.commandWorked(result, "unable to refresh with duplicate lsids in the set"); + +// Test that we can run refreshSessions with an empty set of sessions. +result = admin.runCommand({refreshSessions: []}); +assert.commandWorked(result, "unable to refresh empty set of lsids"); + +// Test that we cannot run refreshSessions when the cache is full. +var lsid4 = {"id": UUID()}; +result = admin.runCommand({refreshSessions: [lsid4]}); +assert.commandFailed(result, "able to run refreshSessions when the cache is full"); + +// Test that once we force a refresh, all of these sessions are in the sessions collection. +admin.logout(); +admin.auth("readSessionsCollection", "pwd"); +result = admin.runCommand({refreshLogicalSessionCacheNow: 1}); +assert.commandWorked(result, "could not force refresh"); + +var config = conn.getDB("config"); +assert.eq(config.system.sessions.count(), 3, "should have refreshed all session records"); + +MongoRunner.stopMongod(conn); })(); |