summaryrefslogtreecommitdiff
path: root/src/mongo/db/auth/user_document_parser_test.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/mongo/db/auth/user_document_parser_test.cpp')
-rw-r--r--src/mongo/db/auth/user_document_parser_test.cpp233
1 files changed, 133 insertions, 100 deletions
diff --git a/src/mongo/db/auth/user_document_parser_test.cpp b/src/mongo/db/auth/user_document_parser_test.cpp
index c3a1e0a490f..273eaff86f5 100644
--- a/src/mongo/db/auth/user_document_parser_test.cpp
+++ b/src/mongo/db/auth/user_document_parser_test.cpp
@@ -74,7 +74,8 @@ TEST_F(V1UserDocumentParsing, testParsingV0UserDocuments) {
<< "spencer"
<< "pwd"
<< "passwordHash"
- << "readOnly" << true);
+ << "readOnly"
+ << true);
BSONObj readWriteAdmin = BSON("user"
<< "admin"
<< "pwd"
@@ -83,7 +84,8 @@ TEST_F(V1UserDocumentParsing, testParsingV0UserDocuments) {
<< "admin"
<< "pwd"
<< "passwordHash"
- << "readOnly" << true);
+ << "readOnly"
+ << true);
ASSERT_OK(v1parser.initializeUserRolesFromUserDocument(user.get(), readOnly, "test"));
RoleNameIterator roles = user->getRoles();
@@ -124,15 +126,15 @@ TEST_F(V1UserDocumentParsing, VerifyRolesFieldMustBeAnArray) {
}
TEST_F(V1UserDocumentParsing, VerifySemanticallyInvalidRolesStillParse) {
- ASSERT_OK(
- v1parser.initializeUserRolesFromUserDocument(user.get(),
- BSON("user"
- << "spencer"
- << "pwd"
- << ""
- << "roles" << BSON_ARRAY("read"
- << "frim")),
- "test"));
+ ASSERT_OK(v1parser.initializeUserRolesFromUserDocument(user.get(),
+ BSON("user"
+ << "spencer"
+ << "pwd"
+ << ""
+ << "roles"
+ << BSON_ARRAY("read"
+ << "frim")),
+ "test"));
RoleNameIterator roles = user->getRoles();
RoleName role = roles.next();
if (role == RoleName("read", "test")) {
@@ -145,26 +147,28 @@ TEST_F(V1UserDocumentParsing, VerifySemanticallyInvalidRolesStillParse) {
}
TEST_F(V1UserDocumentParsing, VerifyOtherDBRolesMustBeAnObjectOfArraysOfStrings) {
- ASSERT_NOT_OK(
- v1parser.initializeUserRolesFromUserDocument(adminUser.get(),
- BSON("user"
- << "admin"
- << "pwd"
- << ""
- << "roles" << BSON_ARRAY("read")
- << "otherDBRoles" << BSON_ARRAY("read")),
- "admin"));
+ ASSERT_NOT_OK(v1parser.initializeUserRolesFromUserDocument(adminUser.get(),
+ BSON("user"
+ << "admin"
+ << "pwd"
+ << ""
+ << "roles"
+ << BSON_ARRAY("read")
+ << "otherDBRoles"
+ << BSON_ARRAY("read")),
+ "admin"));
- ASSERT_NOT_OK(
- v1parser.initializeUserRolesFromUserDocument(adminUser.get(),
- BSON("user"
- << "admin"
- << "pwd"
- << ""
- << "roles" << BSON_ARRAY("read")
- << "otherDBRoles" << BSON("test2"
- << "read")),
- "admin"));
+ ASSERT_NOT_OK(v1parser.initializeUserRolesFromUserDocument(adminUser.get(),
+ BSON("user"
+ << "admin"
+ << "pwd"
+ << ""
+ << "roles"
+ << BSON_ARRAY("read")
+ << "otherDBRoles"
+ << BSON("test2"
+ << "read")),
+ "admin"));
}
TEST_F(V1UserDocumentParsing, VerifyCannotGrantPrivilegesOnOtherDatabasesNormally) {
@@ -175,7 +179,8 @@ TEST_F(V1UserDocumentParsing, VerifyCannotGrantPrivilegesOnOtherDatabasesNormall
<< "spencer"
<< "pwd"
<< ""
- << "roles" << BSONArrayBuilder().arr()
+ << "roles"
+ << BSONArrayBuilder().arr()
<< "otherDBRoles"
<< BSON("test2" << BSON_ARRAY("read"))),
"test"));
@@ -184,15 +189,17 @@ TEST_F(V1UserDocumentParsing, VerifyCannotGrantPrivilegesOnOtherDatabasesNormall
TEST_F(V1UserDocumentParsing, GrantUserAdminOnTestViaAdmin) {
// Grant userAdmin on test via admin.
- ASSERT_OK(v1parser.initializeUserRolesFromUserDocument(
- adminUser.get(),
- BSON("user"
- << "admin"
- << "pwd"
- << ""
- << "roles" << BSONArrayBuilder().arr() << "otherDBRoles"
- << BSON("test" << BSON_ARRAY("userAdmin"))),
- "admin"));
+ ASSERT_OK(v1parser.initializeUserRolesFromUserDocument(adminUser.get(),
+ BSON("user"
+ << "admin"
+ << "pwd"
+ << ""
+ << "roles"
+ << BSONArrayBuilder().arr()
+ << "otherDBRoles"
+ << BSON("test" << BSON_ARRAY(
+ "userAdmin"))),
+ "admin"));
RoleNameIterator roles = adminUser->getRoles();
ASSERT_EQUALS(RoleName("userAdmin", "test"), roles.next());
ASSERT_FALSE(roles.more());
@@ -200,15 +207,16 @@ TEST_F(V1UserDocumentParsing, GrantUserAdminOnTestViaAdmin) {
TEST_F(V1UserDocumentParsing, MixedV0V1UserDocumentsAreInvalid) {
// Try to mix fields from V0 and V1 user documents and make sure it fails.
- ASSERT_NOT_OK(
- v1parser.initializeUserRolesFromUserDocument(user.get(),
- BSON("user"
- << "spencer"
- << "pwd"
- << "passwordHash"
- << "readOnly" << false << "roles"
- << BSON_ARRAY("read")),
- "test"));
+ ASSERT_NOT_OK(v1parser.initializeUserRolesFromUserDocument(user.get(),
+ BSON("user"
+ << "spencer"
+ << "pwd"
+ << "passwordHash"
+ << "readOnly"
+ << false
+ << "roles"
+ << BSON_ARRAY("read")),
+ "test"));
ASSERT_FALSE(user->getRoles().more());
}
@@ -235,20 +243,25 @@ TEST_F(V2UserDocumentParsing, V2DocumentValidation) {
<< "spencer"
<< "pwd"
<< "a"
- << "roles" << BSON_ARRAY("read"))));
+ << "roles"
+ << BSON_ARRAY("read"))));
// Need name field
ASSERT_NOT_OK(v2parser.checkValidUserDocument(BSON("db"
<< "test"
- << "credentials" << BSON("MONGODB-CR"
- << "a") << "roles"
+ << "credentials"
+ << BSON("MONGODB-CR"
+ << "a")
+ << "roles"
<< emptyArray)));
// Need source field
ASSERT_NOT_OK(v2parser.checkValidUserDocument(BSON("user"
<< "spencer"
- << "credentials" << BSON("MONGODB-CR"
- << "a") << "roles"
+ << "credentials"
+ << BSON("MONGODB-CR"
+ << "a")
+ << "roles"
<< emptyArray)));
// Need credentials field
@@ -256,23 +269,27 @@ TEST_F(V2UserDocumentParsing, V2DocumentValidation) {
<< "spencer"
<< "db"
<< "test"
- << "roles" << emptyArray)));
+ << "roles"
+ << emptyArray)));
// Need roles field
ASSERT_NOT_OK(v2parser.checkValidUserDocument(BSON("user"
<< "spencer"
<< "db"
<< "test"
- << "credentials" << BSON("MONGODB-CR"
- << "a"))));
+ << "credentials"
+ << BSON("MONGODB-CR"
+ << "a"))));
// Empty roles arrays are OK
ASSERT_OK(v2parser.checkValidUserDocument(BSON("user"
<< "spencer"
<< "db"
<< "test"
- << "credentials" << BSON("MONGODB-CR"
- << "a") << "roles"
+ << "credentials"
+ << BSON("MONGODB-CR"
+ << "a")
+ << "roles"
<< emptyArray)));
// Need credentials of {external: true} if user's db is $external
@@ -280,16 +297,20 @@ TEST_F(V2UserDocumentParsing, V2DocumentValidation) {
<< "spencer"
<< "db"
<< "$external"
- << "credentials" << BSON("external" << true)
- << "roles" << emptyArray)));
+ << "credentials"
+ << BSON("external" << true)
+ << "roles"
+ << emptyArray)));
// Roles must be objects
ASSERT_NOT_OK(v2parser.checkValidUserDocument(BSON("user"
<< "spencer"
<< "db"
<< "test"
- << "credentials" << BSON("MONGODB-CR"
- << "a") << "roles"
+ << "credentials"
+ << BSON("MONGODB-CR"
+ << "a")
+ << "roles"
<< BSON_ARRAY("read"))));
// Role needs name
@@ -297,8 +318,10 @@ TEST_F(V2UserDocumentParsing, V2DocumentValidation) {
<< "spencer"
<< "db"
<< "test"
- << "credentials" << BSON("MONGODB-CR"
- << "a") << "roles"
+ << "credentials"
+ << BSON("MONGODB-CR"
+ << "a")
+ << "roles"
<< BSON_ARRAY(BSON("db"
<< "dbA")))));
@@ -307,8 +330,10 @@ TEST_F(V2UserDocumentParsing, V2DocumentValidation) {
<< "spencer"
<< "db"
<< "test"
- << "credentials" << BSON("MONGODB-CR"
- << "a") << "roles"
+ << "credentials"
+ << BSON("MONGODB-CR"
+ << "a")
+ << "roles"
<< BSON_ARRAY(BSON("role"
<< "roleA")))));
@@ -318,8 +343,10 @@ TEST_F(V2UserDocumentParsing, V2DocumentValidation) {
<< "spencer"
<< "db"
<< "test"
- << "credentials" << BSON("MONGODB-CR"
- << "a") << "roles"
+ << "credentials"
+ << BSON("MONGODB-CR"
+ << "a")
+ << "roles"
<< BSON_ARRAY(BSON("role"
<< "roleA"
<< "db"
@@ -330,8 +357,10 @@ TEST_F(V2UserDocumentParsing, V2DocumentValidation) {
<< "spencer"
<< "db"
<< "test"
- << "credentials" << BSON("MONGODB-CR"
- << "a") << "roles"
+ << "credentials"
+ << BSON("MONGODB-CR"
+ << "a")
+ << "roles"
<< BSON_ARRAY(BSON("role"
<< "roleA"
<< "db"
@@ -346,10 +375,13 @@ TEST_F(V2UserDocumentParsing, V2DocumentValidation) {
<< "spencer"
<< "db"
<< "test"
- << "credentials" << BSON("MONGODB-CR"
- << "a") << "extraData"
+ << "credentials"
+ << BSON("MONGODB-CR"
+ << "a")
+ << "extraData"
<< BSON("foo"
- << "bar") << "roles"
+ << "bar")
+ << "roles"
<< BSON_ARRAY(BSON("role"
<< "roleA"
<< "db"
@@ -424,44 +456,45 @@ TEST_F(V2UserDocumentParsing, V2RoleExtraction) {
user.get()));
// V1-style roles arrays no longer work
- ASSERT_NOT_OK(
- v2parser.initializeUserRolesFromUserDocument(BSON("user"
- << "spencer"
- << "roles" << BSON_ARRAY("read")),
- user.get()));
+ ASSERT_NOT_OK(v2parser.initializeUserRolesFromUserDocument(BSON("user"
+ << "spencer"
+ << "roles"
+ << BSON_ARRAY("read")),
+ user.get()));
// Roles must have "db" field
- ASSERT_NOT_OK(
- v2parser.initializeUserRolesFromUserDocument(BSON("user"
- << "spencer"
- << "roles" << BSON_ARRAY(BSONObj())),
- user.get()));
-
ASSERT_NOT_OK(v2parser.initializeUserRolesFromUserDocument(BSON("user"
<< "spencer"
- << "roles" << BSON_ARRAY(BSON(
- "role"
- << "roleA"))),
+ << "roles"
+ << BSON_ARRAY(BSONObj())),
user.get()));
ASSERT_NOT_OK(
v2parser.initializeUserRolesFromUserDocument(BSON("user"
<< "spencer"
- << "roles" << BSON_ARRAY(BSON("user"
- << "roleA"
- << "db"
- << "dbA"))),
+ << "roles"
+ << BSON_ARRAY(BSON("role"
+ << "roleA"))),
user.get()));
+ ASSERT_NOT_OK(v2parser.initializeUserRolesFromUserDocument(BSON("user"
+ << "spencer"
+ << "roles"
+ << BSON_ARRAY(BSON("user"
+ << "roleA"
+ << "db"
+ << "dbA"))),
+ user.get()));
+
// Valid role names are extracted successfully
- ASSERT_OK(
- v2parser.initializeUserRolesFromUserDocument(BSON("user"
- << "spencer"
- << "roles" << BSON_ARRAY(BSON("role"
- << "roleA"
- << "db"
- << "dbA"))),
- user.get()));
+ ASSERT_OK(v2parser.initializeUserRolesFromUserDocument(BSON("user"
+ << "spencer"
+ << "roles"
+ << BSON_ARRAY(BSON("role"
+ << "roleA"
+ << "db"
+ << "dbA"))),
+ user.get()));
RoleNameIterator roles = user->getRoles();
ASSERT_EQUALS(RoleName("roleA", "dbA"), roles.next());
ASSERT_FALSE(roles.more());
View Lorry Controller Status