diff options
Diffstat (limited to 'src/mongo/db/auth/user_document_parser_test.cpp')
-rw-r--r-- | src/mongo/db/auth/user_document_parser_test.cpp | 233 |
1 files changed, 133 insertions, 100 deletions
diff --git a/src/mongo/db/auth/user_document_parser_test.cpp b/src/mongo/db/auth/user_document_parser_test.cpp index c3a1e0a490f..273eaff86f5 100644 --- a/src/mongo/db/auth/user_document_parser_test.cpp +++ b/src/mongo/db/auth/user_document_parser_test.cpp @@ -74,7 +74,8 @@ TEST_F(V1UserDocumentParsing, testParsingV0UserDocuments) { << "spencer" << "pwd" << "passwordHash" - << "readOnly" << true); + << "readOnly" + << true); BSONObj readWriteAdmin = BSON("user" << "admin" << "pwd" @@ -83,7 +84,8 @@ TEST_F(V1UserDocumentParsing, testParsingV0UserDocuments) { << "admin" << "pwd" << "passwordHash" - << "readOnly" << true); + << "readOnly" + << true); ASSERT_OK(v1parser.initializeUserRolesFromUserDocument(user.get(), readOnly, "test")); RoleNameIterator roles = user->getRoles(); @@ -124,15 +126,15 @@ TEST_F(V1UserDocumentParsing, VerifyRolesFieldMustBeAnArray) { } TEST_F(V1UserDocumentParsing, VerifySemanticallyInvalidRolesStillParse) { - ASSERT_OK( - v1parser.initializeUserRolesFromUserDocument(user.get(), - BSON("user" - << "spencer" - << "pwd" - << "" - << "roles" << BSON_ARRAY("read" - << "frim")), - "test")); + ASSERT_OK(v1parser.initializeUserRolesFromUserDocument(user.get(), + BSON("user" + << "spencer" + << "pwd" + << "" + << "roles" + << BSON_ARRAY("read" + << "frim")), + "test")); RoleNameIterator roles = user->getRoles(); RoleName role = roles.next(); if (role == RoleName("read", "test")) { @@ -145,26 +147,28 @@ TEST_F(V1UserDocumentParsing, VerifySemanticallyInvalidRolesStillParse) { } TEST_F(V1UserDocumentParsing, VerifyOtherDBRolesMustBeAnObjectOfArraysOfStrings) { - ASSERT_NOT_OK( - v1parser.initializeUserRolesFromUserDocument(adminUser.get(), - BSON("user" - << "admin" - << "pwd" - << "" - << "roles" << BSON_ARRAY("read") - << "otherDBRoles" << BSON_ARRAY("read")), - "admin")); + ASSERT_NOT_OK(v1parser.initializeUserRolesFromUserDocument(adminUser.get(), + BSON("user" + << "admin" + << "pwd" + << "" + << "roles" + << BSON_ARRAY("read") + << "otherDBRoles" + << BSON_ARRAY("read")), + "admin")); - ASSERT_NOT_OK( - v1parser.initializeUserRolesFromUserDocument(adminUser.get(), - BSON("user" - << "admin" - << "pwd" - << "" - << "roles" << BSON_ARRAY("read") - << "otherDBRoles" << BSON("test2" - << "read")), - "admin")); + ASSERT_NOT_OK(v1parser.initializeUserRolesFromUserDocument(adminUser.get(), + BSON("user" + << "admin" + << "pwd" + << "" + << "roles" + << BSON_ARRAY("read") + << "otherDBRoles" + << BSON("test2" + << "read")), + "admin")); } TEST_F(V1UserDocumentParsing, VerifyCannotGrantPrivilegesOnOtherDatabasesNormally) { @@ -175,7 +179,8 @@ TEST_F(V1UserDocumentParsing, VerifyCannotGrantPrivilegesOnOtherDatabasesNormall << "spencer" << "pwd" << "" - << "roles" << BSONArrayBuilder().arr() + << "roles" + << BSONArrayBuilder().arr() << "otherDBRoles" << BSON("test2" << BSON_ARRAY("read"))), "test")); @@ -184,15 +189,17 @@ TEST_F(V1UserDocumentParsing, VerifyCannotGrantPrivilegesOnOtherDatabasesNormall TEST_F(V1UserDocumentParsing, GrantUserAdminOnTestViaAdmin) { // Grant userAdmin on test via admin. - ASSERT_OK(v1parser.initializeUserRolesFromUserDocument( - adminUser.get(), - BSON("user" - << "admin" - << "pwd" - << "" - << "roles" << BSONArrayBuilder().arr() << "otherDBRoles" - << BSON("test" << BSON_ARRAY("userAdmin"))), - "admin")); + ASSERT_OK(v1parser.initializeUserRolesFromUserDocument(adminUser.get(), + BSON("user" + << "admin" + << "pwd" + << "" + << "roles" + << BSONArrayBuilder().arr() + << "otherDBRoles" + << BSON("test" << BSON_ARRAY( + "userAdmin"))), + "admin")); RoleNameIterator roles = adminUser->getRoles(); ASSERT_EQUALS(RoleName("userAdmin", "test"), roles.next()); ASSERT_FALSE(roles.more()); @@ -200,15 +207,16 @@ TEST_F(V1UserDocumentParsing, GrantUserAdminOnTestViaAdmin) { TEST_F(V1UserDocumentParsing, MixedV0V1UserDocumentsAreInvalid) { // Try to mix fields from V0 and V1 user documents and make sure it fails. - ASSERT_NOT_OK( - v1parser.initializeUserRolesFromUserDocument(user.get(), - BSON("user" - << "spencer" - << "pwd" - << "passwordHash" - << "readOnly" << false << "roles" - << BSON_ARRAY("read")), - "test")); + ASSERT_NOT_OK(v1parser.initializeUserRolesFromUserDocument(user.get(), + BSON("user" + << "spencer" + << "pwd" + << "passwordHash" + << "readOnly" + << false + << "roles" + << BSON_ARRAY("read")), + "test")); ASSERT_FALSE(user->getRoles().more()); } @@ -235,20 +243,25 @@ TEST_F(V2UserDocumentParsing, V2DocumentValidation) { << "spencer" << "pwd" << "a" - << "roles" << BSON_ARRAY("read")))); + << "roles" + << BSON_ARRAY("read")))); // Need name field ASSERT_NOT_OK(v2parser.checkValidUserDocument(BSON("db" << "test" - << "credentials" << BSON("MONGODB-CR" - << "a") << "roles" + << "credentials" + << BSON("MONGODB-CR" + << "a") + << "roles" << emptyArray))); // Need source field ASSERT_NOT_OK(v2parser.checkValidUserDocument(BSON("user" << "spencer" - << "credentials" << BSON("MONGODB-CR" - << "a") << "roles" + << "credentials" + << BSON("MONGODB-CR" + << "a") + << "roles" << emptyArray))); // Need credentials field @@ -256,23 +269,27 @@ TEST_F(V2UserDocumentParsing, V2DocumentValidation) { << "spencer" << "db" << "test" - << "roles" << emptyArray))); + << "roles" + << emptyArray))); // Need roles field ASSERT_NOT_OK(v2parser.checkValidUserDocument(BSON("user" << "spencer" << "db" << "test" - << "credentials" << BSON("MONGODB-CR" - << "a")))); + << "credentials" + << BSON("MONGODB-CR" + << "a")))); // Empty roles arrays are OK ASSERT_OK(v2parser.checkValidUserDocument(BSON("user" << "spencer" << "db" << "test" - << "credentials" << BSON("MONGODB-CR" - << "a") << "roles" + << "credentials" + << BSON("MONGODB-CR" + << "a") + << "roles" << emptyArray))); // Need credentials of {external: true} if user's db is $external @@ -280,16 +297,20 @@ TEST_F(V2UserDocumentParsing, V2DocumentValidation) { << "spencer" << "db" << "$external" - << "credentials" << BSON("external" << true) - << "roles" << emptyArray))); + << "credentials" + << BSON("external" << true) + << "roles" + << emptyArray))); // Roles must be objects ASSERT_NOT_OK(v2parser.checkValidUserDocument(BSON("user" << "spencer" << "db" << "test" - << "credentials" << BSON("MONGODB-CR" - << "a") << "roles" + << "credentials" + << BSON("MONGODB-CR" + << "a") + << "roles" << BSON_ARRAY("read")))); // Role needs name @@ -297,8 +318,10 @@ TEST_F(V2UserDocumentParsing, V2DocumentValidation) { << "spencer" << "db" << "test" - << "credentials" << BSON("MONGODB-CR" - << "a") << "roles" + << "credentials" + << BSON("MONGODB-CR" + << "a") + << "roles" << BSON_ARRAY(BSON("db" << "dbA"))))); @@ -307,8 +330,10 @@ TEST_F(V2UserDocumentParsing, V2DocumentValidation) { << "spencer" << "db" << "test" - << "credentials" << BSON("MONGODB-CR" - << "a") << "roles" + << "credentials" + << BSON("MONGODB-CR" + << "a") + << "roles" << BSON_ARRAY(BSON("role" << "roleA"))))); @@ -318,8 +343,10 @@ TEST_F(V2UserDocumentParsing, V2DocumentValidation) { << "spencer" << "db" << "test" - << "credentials" << BSON("MONGODB-CR" - << "a") << "roles" + << "credentials" + << BSON("MONGODB-CR" + << "a") + << "roles" << BSON_ARRAY(BSON("role" << "roleA" << "db" @@ -330,8 +357,10 @@ TEST_F(V2UserDocumentParsing, V2DocumentValidation) { << "spencer" << "db" << "test" - << "credentials" << BSON("MONGODB-CR" - << "a") << "roles" + << "credentials" + << BSON("MONGODB-CR" + << "a") + << "roles" << BSON_ARRAY(BSON("role" << "roleA" << "db" @@ -346,10 +375,13 @@ TEST_F(V2UserDocumentParsing, V2DocumentValidation) { << "spencer" << "db" << "test" - << "credentials" << BSON("MONGODB-CR" - << "a") << "extraData" + << "credentials" + << BSON("MONGODB-CR" + << "a") + << "extraData" << BSON("foo" - << "bar") << "roles" + << "bar") + << "roles" << BSON_ARRAY(BSON("role" << "roleA" << "db" @@ -424,44 +456,45 @@ TEST_F(V2UserDocumentParsing, V2RoleExtraction) { user.get())); // V1-style roles arrays no longer work - ASSERT_NOT_OK( - v2parser.initializeUserRolesFromUserDocument(BSON("user" - << "spencer" - << "roles" << BSON_ARRAY("read")), - user.get())); + ASSERT_NOT_OK(v2parser.initializeUserRolesFromUserDocument(BSON("user" + << "spencer" + << "roles" + << BSON_ARRAY("read")), + user.get())); // Roles must have "db" field - ASSERT_NOT_OK( - v2parser.initializeUserRolesFromUserDocument(BSON("user" - << "spencer" - << "roles" << BSON_ARRAY(BSONObj())), - user.get())); - ASSERT_NOT_OK(v2parser.initializeUserRolesFromUserDocument(BSON("user" << "spencer" - << "roles" << BSON_ARRAY(BSON( - "role" - << "roleA"))), + << "roles" + << BSON_ARRAY(BSONObj())), user.get())); ASSERT_NOT_OK( v2parser.initializeUserRolesFromUserDocument(BSON("user" << "spencer" - << "roles" << BSON_ARRAY(BSON("user" - << "roleA" - << "db" - << "dbA"))), + << "roles" + << BSON_ARRAY(BSON("role" + << "roleA"))), user.get())); + ASSERT_NOT_OK(v2parser.initializeUserRolesFromUserDocument(BSON("user" + << "spencer" + << "roles" + << BSON_ARRAY(BSON("user" + << "roleA" + << "db" + << "dbA"))), + user.get())); + // Valid role names are extracted successfully - ASSERT_OK( - v2parser.initializeUserRolesFromUserDocument(BSON("user" - << "spencer" - << "roles" << BSON_ARRAY(BSON("role" - << "roleA" - << "db" - << "dbA"))), - user.get())); + ASSERT_OK(v2parser.initializeUserRolesFromUserDocument(BSON("user" + << "spencer" + << "roles" + << BSON_ARRAY(BSON("role" + << "roleA" + << "db" + << "dbA"))), + user.get())); RoleNameIterator roles = user->getRoles(); ASSERT_EQUALS(RoleName("roleA", "dbA"), roles.next()); ASSERT_FALSE(roles.more()); |