diff options
Diffstat (limited to 'src/mongo/db/auth/user_document_parser_test.cpp')
-rw-r--r-- | src/mongo/db/auth/user_document_parser_test.cpp | 776 |
1 files changed, 433 insertions, 343 deletions
diff --git a/src/mongo/db/auth/user_document_parser_test.cpp b/src/mongo/db/auth/user_document_parser_test.cpp index d2dff197b12..ae6c566d109 100644 --- a/src/mongo/db/auth/user_document_parser_test.cpp +++ b/src/mongo/db/auth/user_document_parser_test.cpp @@ -44,360 +44,450 @@ namespace mongo { namespace { - using std::unique_ptr; - - class V1UserDocumentParsing : public ::mongo::unittest::Test { - public: - V1UserDocumentParsing() {} - - unique_ptr<User> user; - unique_ptr<User> adminUser; - V1UserDocumentParser v1parser; - - void setUp() { - resetUsers(); - } - - void resetUsers() { - user.reset(new User(UserName("spencer", "test"))); - adminUser.reset(new User(UserName("admin", "admin"))); - } - }; - - TEST_F(V1UserDocumentParsing, testParsingV0UserDocuments) { - BSONObj readWrite = BSON("user" << "spencer" << "pwd" << "passwordHash"); - BSONObj readOnly = BSON("user" << "spencer" << "pwd" << "passwordHash" << - "readOnly" << true); - BSONObj readWriteAdmin = BSON("user" << "admin" << "pwd" << "passwordHash"); - BSONObj readOnlyAdmin = BSON("user" << "admin" << "pwd" << "passwordHash" << - "readOnly" << true); - - ASSERT_OK(v1parser.initializeUserRolesFromUserDocument( - user.get(), readOnly, "test")); - RoleNameIterator roles = user->getRoles(); - ASSERT_EQUALS(RoleName("read", "test"), roles.next()); - ASSERT_FALSE(roles.more()); +using std::unique_ptr; - resetUsers(); - ASSERT_OK(v1parser.initializeUserRolesFromUserDocument( - user.get(), readWrite, "test")); - roles = user->getRoles(); - ASSERT_EQUALS(RoleName("dbOwner", "test"), roles.next()); - ASSERT_FALSE(roles.more()); +class V1UserDocumentParsing : public ::mongo::unittest::Test { +public: + V1UserDocumentParsing() {} - resetUsers(); - ASSERT_OK(v1parser.initializeUserRolesFromUserDocument( - adminUser.get(), readOnlyAdmin, "admin")); - roles = adminUser->getRoles(); - ASSERT_EQUALS(RoleName("readAnyDatabase", "admin"), roles.next()); - ASSERT_FALSE(roles.more()); + unique_ptr<User> user; + unique_ptr<User> adminUser; + V1UserDocumentParser v1parser; + void setUp() { resetUsers(); - ASSERT_OK(v1parser.initializeUserRolesFromUserDocument( - adminUser.get(), readWriteAdmin, "admin")); - roles = adminUser->getRoles(); - ASSERT_EQUALS(RoleName("root", "admin"), roles.next()); - ASSERT_FALSE(roles.more()); - } - - TEST_F(V1UserDocumentParsing, VerifyRolesFieldMustBeAnArray) { - ASSERT_NOT_OK(v1parser.initializeUserRolesFromUserDocument( - user.get(), - BSON("user" << "spencer" << "pwd" << "" << "roles" << "read"), - "test")); - ASSERT_FALSE(user->getRoles().more()); - } - - TEST_F(V1UserDocumentParsing, VerifySemanticallyInvalidRolesStillParse) { - ASSERT_OK(v1parser.initializeUserRolesFromUserDocument( - user.get(), - BSON("user" << "spencer" << - "pwd" << "" << - "roles" << BSON_ARRAY("read" << "frim")), - "test")); - RoleNameIterator roles = user->getRoles(); - RoleName role = roles.next(); - if (role == RoleName("read", "test")) { - ASSERT_EQUALS(RoleName("frim", "test"), roles.next()); - } else { - ASSERT_EQUALS(RoleName("frim", "test"), role); - ASSERT_EQUALS(RoleName("read", "test"), roles.next()); - } - ASSERT_FALSE(roles.more()); - } - - TEST_F(V1UserDocumentParsing, VerifyOtherDBRolesMustBeAnObjectOfArraysOfStrings) { - ASSERT_NOT_OK(v1parser.initializeUserRolesFromUserDocument( - adminUser.get(), - BSON("user" << "admin" << - "pwd" << "" << - "roles" << BSON_ARRAY("read") << - "otherDBRoles" << BSON_ARRAY("read")), - "admin")); - - ASSERT_NOT_OK(v1parser.initializeUserRolesFromUserDocument( - adminUser.get(), - BSON("user" << "admin" << - "pwd" << "" << - "roles" << BSON_ARRAY("read") << - "otherDBRoles" << BSON("test2" << "read")), - "admin")); } - TEST_F(V1UserDocumentParsing, VerifyCannotGrantPrivilegesOnOtherDatabasesNormally) { - // Cannot grant roles on other databases, except from admin database. - ASSERT_NOT_OK(v1parser.initializeUserRolesFromUserDocument( - user.get(), - BSON("user" << "spencer" << - "pwd" << "" << - "roles" << BSONArrayBuilder().arr() << - "otherDBRoles" << BSON("test2" << BSON_ARRAY("read"))), - "test")); - ASSERT_FALSE(user->getRoles().more()); + void resetUsers() { + user.reset(new User(UserName("spencer", "test"))); + adminUser.reset(new User(UserName("admin", "admin"))); } - - TEST_F(V1UserDocumentParsing, GrantUserAdminOnTestViaAdmin) { - // Grant userAdmin on test via admin. - ASSERT_OK(v1parser.initializeUserRolesFromUserDocument( - adminUser.get(), - BSON("user" << "admin" << - "pwd" << "" << - "roles" << BSONArrayBuilder().arr() << - "otherDBRoles" << BSON("test" << BSON_ARRAY("userAdmin"))), - "admin")); - RoleNameIterator roles = adminUser->getRoles(); - ASSERT_EQUALS(RoleName("userAdmin", "test"), roles.next()); - ASSERT_FALSE(roles.more()); - } - - TEST_F(V1UserDocumentParsing, MixedV0V1UserDocumentsAreInvalid) { - // Try to mix fields from V0 and V1 user documents and make sure it fails. - ASSERT_NOT_OK(v1parser.initializeUserRolesFromUserDocument( - user.get(), - BSON("user" << "spencer" << - "pwd" << "passwordHash" << - "readOnly" << false << - "roles" << BSON_ARRAY("read")), - "test")); - ASSERT_FALSE(user->getRoles().more()); - } - - class V2UserDocumentParsing : public ::mongo::unittest::Test { - public: - V2UserDocumentParsing() {} - - unique_ptr<User> user; - unique_ptr<User> adminUser; - V2UserDocumentParser v2parser; - - void setUp() { - user.reset(new User(UserName("spencer", "test"))); - adminUser.reset(new User(UserName("admin", "admin"))); - } - }; - - - TEST_F(V2UserDocumentParsing, V2DocumentValidation) { - BSONArray emptyArray = BSONArrayBuilder().arr(); - - // V1 documents don't work - ASSERT_NOT_OK(v2parser.checkValidUserDocument( - BSON("user" << "spencer" << "pwd" << "a" << - "roles" << BSON_ARRAY("read")))); - - // Need name field - ASSERT_NOT_OK(v2parser.checkValidUserDocument( - BSON("db" << "test" << - "credentials" << BSON("MONGODB-CR" << "a") << - "roles" << emptyArray))); - - // Need source field - ASSERT_NOT_OK(v2parser.checkValidUserDocument( - BSON("user" << "spencer" << - "credentials" << BSON("MONGODB-CR" << "a") << - "roles" << emptyArray))); - - // Need credentials field - ASSERT_NOT_OK(v2parser.checkValidUserDocument( - BSON("user" << "spencer" << - "db" << "test" << - "roles" << emptyArray))); - - // Need roles field - ASSERT_NOT_OK(v2parser.checkValidUserDocument( - BSON("user" << "spencer" << - "db" << "test" << - "credentials" << BSON("MONGODB-CR" << "a")))); - - // Empty roles arrays are OK - ASSERT_OK(v2parser.checkValidUserDocument( - BSON("user" << "spencer" << - "db" << "test" << - "credentials" << BSON("MONGODB-CR" << "a") << - "roles" << emptyArray))); - - // Need credentials of {external: true} if user's db is $external - ASSERT_OK(v2parser.checkValidUserDocument( - BSON("user" << "spencer" << - "db" << "$external" << - "credentials" << BSON("external" << true) << - "roles" << emptyArray))); - - // Roles must be objects - ASSERT_NOT_OK(v2parser.checkValidUserDocument( - BSON("user" << "spencer" << - "db" << "test" << - "credentials" << BSON("MONGODB-CR" << "a") << - "roles" << BSON_ARRAY("read")))); - - // Role needs name - ASSERT_NOT_OK(v2parser.checkValidUserDocument( - BSON("user" << "spencer" << - "db" << "test" << - "credentials" << BSON("MONGODB-CR" << "a") << - "roles" << BSON_ARRAY(BSON("db" << "dbA"))))); - - // Role needs source - ASSERT_NOT_OK(v2parser.checkValidUserDocument( - BSON("user" << "spencer" << - "db" << "test" << - "credentials" << BSON("MONGODB-CR" << "a") << - "roles" << BSON_ARRAY(BSON("role" << "roleA"))))); - - - // Basic valid user document - ASSERT_OK(v2parser.checkValidUserDocument( - BSON("user" << "spencer" << - "db" << "test" << - "credentials" << BSON("MONGODB-CR" << "a") << - "roles" << BSON_ARRAY(BSON("role" << "roleA" << - "db" << "dbA"))))); - - // Multiple roles OK - ASSERT_OK(v2parser.checkValidUserDocument( - BSON("user" << "spencer" << - "db" << "test" << - "credentials" << BSON("MONGODB-CR" << "a") << - "roles" << BSON_ARRAY(BSON("role" << "roleA" << - "db" << "dbA") << - BSON("role" << "roleB" << - "db" << "dbB"))))); - - // Optional extraData field OK - ASSERT_OK(v2parser.checkValidUserDocument( - BSON("user" << "spencer" << - "db" << "test" << - "credentials" << BSON("MONGODB-CR" << "a") << - "extraData" << BSON("foo" << "bar") << - "roles" << BSON_ARRAY(BSON("role" << "roleA" << - "db" << "dbA"))))); +}; + +TEST_F(V1UserDocumentParsing, testParsingV0UserDocuments) { + BSONObj readWrite = BSON("user" + << "spencer" + << "pwd" + << "passwordHash"); + BSONObj readOnly = BSON("user" + << "spencer" + << "pwd" + << "passwordHash" + << "readOnly" << true); + BSONObj readWriteAdmin = BSON("user" + << "admin" + << "pwd" + << "passwordHash"); + BSONObj readOnlyAdmin = BSON("user" + << "admin" + << "pwd" + << "passwordHash" + << "readOnly" << true); + + ASSERT_OK(v1parser.initializeUserRolesFromUserDocument(user.get(), readOnly, "test")); + RoleNameIterator roles = user->getRoles(); + ASSERT_EQUALS(RoleName("read", "test"), roles.next()); + ASSERT_FALSE(roles.more()); + + resetUsers(); + ASSERT_OK(v1parser.initializeUserRolesFromUserDocument(user.get(), readWrite, "test")); + roles = user->getRoles(); + ASSERT_EQUALS(RoleName("dbOwner", "test"), roles.next()); + ASSERT_FALSE(roles.more()); + + resetUsers(); + ASSERT_OK( + v1parser.initializeUserRolesFromUserDocument(adminUser.get(), readOnlyAdmin, "admin")); + roles = adminUser->getRoles(); + ASSERT_EQUALS(RoleName("readAnyDatabase", "admin"), roles.next()); + ASSERT_FALSE(roles.more()); + + resetUsers(); + ASSERT_OK( + v1parser.initializeUserRolesFromUserDocument(adminUser.get(), readWriteAdmin, "admin")); + roles = adminUser->getRoles(); + ASSERT_EQUALS(RoleName("root", "admin"), roles.next()); + ASSERT_FALSE(roles.more()); +} + +TEST_F(V1UserDocumentParsing, VerifyRolesFieldMustBeAnArray) { + ASSERT_NOT_OK(v1parser.initializeUserRolesFromUserDocument(user.get(), + BSON("user" + << "spencer" + << "pwd" + << "" + << "roles" + << "read"), + "test")); + ASSERT_FALSE(user->getRoles().more()); +} + +TEST_F(V1UserDocumentParsing, VerifySemanticallyInvalidRolesStillParse) { + ASSERT_OK( + v1parser.initializeUserRolesFromUserDocument(user.get(), + BSON("user" + << "spencer" + << "pwd" + << "" + << "roles" << BSON_ARRAY("read" + << "frim")), + "test")); + RoleNameIterator roles = user->getRoles(); + RoleName role = roles.next(); + if (role == RoleName("read", "test")) { + ASSERT_EQUALS(RoleName("frim", "test"), roles.next()); + } else { + ASSERT_EQUALS(RoleName("frim", "test"), role); + ASSERT_EQUALS(RoleName("read", "test"), roles.next()); } - - TEST_F(V2UserDocumentParsing, V2CredentialExtraction) { - // Old "pwd" field not valid - ASSERT_NOT_OK(v2parser.initializeUserCredentialsFromUserDocument( - user.get(), - BSON("user" << "spencer" << - "db" << "test" << - "pwd" << ""))); - - // Credentials must be provided - ASSERT_NOT_OK(v2parser.initializeUserCredentialsFromUserDocument( - user.get(), - BSON("user" << "spencer" << - "db" << "test"))); - - // Credentials must be object - ASSERT_NOT_OK(v2parser.initializeUserCredentialsFromUserDocument( - user.get(), - BSON("user" << "spencer" << - "db" << "test" << - "credentials" << "a"))); - - // Must specify credentials for MONGODB-CR - ASSERT_NOT_OK(v2parser.initializeUserCredentialsFromUserDocument( - user.get(), - BSON("user" << "spencer" << - "db" << "test" << - "credentials" << BSON("foo" << "bar")))); - - // Make sure extracting valid credentials works - ASSERT_OK(v2parser.initializeUserCredentialsFromUserDocument( - user.get(), - BSON("user" << "spencer" << - "db" << "test" << - "credentials" << BSON("MONGODB-CR" << "a")))); - ASSERT(user->getCredentials().password == "a"); - ASSERT(!user->getCredentials().isExternal); - - // Credentials are {external:true if users's db is $external - ASSERT_OK(v2parser.initializeUserCredentialsFromUserDocument( - user.get(), - BSON("user" << "spencer" << - "db" << "$external" << - "credentials" << BSON("external" << true)))); - ASSERT(user->getCredentials().password.empty()); - ASSERT(user->getCredentials().isExternal); - + ASSERT_FALSE(roles.more()); +} + +TEST_F(V1UserDocumentParsing, VerifyOtherDBRolesMustBeAnObjectOfArraysOfStrings) { + ASSERT_NOT_OK( + v1parser.initializeUserRolesFromUserDocument(adminUser.get(), + BSON("user" + << "admin" + << "pwd" + << "" + << "roles" << BSON_ARRAY("read") + << "otherDBRoles" << BSON_ARRAY("read")), + "admin")); + + ASSERT_NOT_OK( + v1parser.initializeUserRolesFromUserDocument(adminUser.get(), + BSON("user" + << "admin" + << "pwd" + << "" + << "roles" << BSON_ARRAY("read") + << "otherDBRoles" << BSON("test2" + << "read")), + "admin")); +} + +TEST_F(V1UserDocumentParsing, VerifyCannotGrantPrivilegesOnOtherDatabasesNormally) { + // Cannot grant roles on other databases, except from admin database. + ASSERT_NOT_OK( + v1parser.initializeUserRolesFromUserDocument(user.get(), + BSON("user" + << "spencer" + << "pwd" + << "" + << "roles" << BSONArrayBuilder().arr() + << "otherDBRoles" + << BSON("test2" << BSON_ARRAY("read"))), + "test")); + ASSERT_FALSE(user->getRoles().more()); +} + +TEST_F(V1UserDocumentParsing, GrantUserAdminOnTestViaAdmin) { + // Grant userAdmin on test via admin. + ASSERT_OK(v1parser.initializeUserRolesFromUserDocument( + adminUser.get(), + BSON("user" + << "admin" + << "pwd" + << "" + << "roles" << BSONArrayBuilder().arr() << "otherDBRoles" + << BSON("test" << BSON_ARRAY("userAdmin"))), + "admin")); + RoleNameIterator roles = adminUser->getRoles(); + ASSERT_EQUALS(RoleName("userAdmin", "test"), roles.next()); + ASSERT_FALSE(roles.more()); +} + +TEST_F(V1UserDocumentParsing, MixedV0V1UserDocumentsAreInvalid) { + // Try to mix fields from V0 and V1 user documents and make sure it fails. + ASSERT_NOT_OK( + v1parser.initializeUserRolesFromUserDocument(user.get(), + BSON("user" + << "spencer" + << "pwd" + << "passwordHash" + << "readOnly" << false << "roles" + << BSON_ARRAY("read")), + "test")); + ASSERT_FALSE(user->getRoles().more()); +} + +class V2UserDocumentParsing : public ::mongo::unittest::Test { +public: + V2UserDocumentParsing() {} + + unique_ptr<User> user; + unique_ptr<User> adminUser; + V2UserDocumentParser v2parser; + + void setUp() { + user.reset(new User(UserName("spencer", "test"))); + adminUser.reset(new User(UserName("admin", "admin"))); } - - TEST_F(V2UserDocumentParsing, V2RoleExtraction) { - // "roles" field must be provided - ASSERT_NOT_OK(v2parser.initializeUserRolesFromUserDocument( - BSON("user" << "spencer"), - user.get())); - - // V1-style roles arrays no longer work - ASSERT_NOT_OK(v2parser.initializeUserRolesFromUserDocument( - BSON("user" << "spencer" << - "roles" << BSON_ARRAY("read")), - user.get())); - - // Roles must have "db" field - ASSERT_NOT_OK(v2parser.initializeUserRolesFromUserDocument( - BSON("user" << "spencer" << - "roles" << BSON_ARRAY(BSONObj())), - user.get())); - - ASSERT_NOT_OK(v2parser.initializeUserRolesFromUserDocument( - BSON("user" << "spencer" << - "roles" << BSON_ARRAY(BSON("role" << "roleA"))), - user.get())); - - ASSERT_NOT_OK(v2parser.initializeUserRolesFromUserDocument( - BSON("user" << "spencer" << - "roles" << BSON_ARRAY(BSON("user" << "roleA" << - "db" << "dbA"))), - user.get())); - - // Valid role names are extracted successfully - ASSERT_OK(v2parser.initializeUserRolesFromUserDocument( - BSON("user" << "spencer" << - "roles" << BSON_ARRAY(BSON("role" << "roleA" << - "db" << "dbA"))), - user.get())); - RoleNameIterator roles = user->getRoles(); +}; + + +TEST_F(V2UserDocumentParsing, V2DocumentValidation) { + BSONArray emptyArray = BSONArrayBuilder().arr(); + + // V1 documents don't work + ASSERT_NOT_OK(v2parser.checkValidUserDocument(BSON("user" + << "spencer" + << "pwd" + << "a" + << "roles" << BSON_ARRAY("read")))); + + // Need name field + ASSERT_NOT_OK(v2parser.checkValidUserDocument(BSON("db" + << "test" + << "credentials" << BSON("MONGODB-CR" + << "a") << "roles" + << emptyArray))); + + // Need source field + ASSERT_NOT_OK(v2parser.checkValidUserDocument(BSON("user" + << "spencer" + << "credentials" << BSON("MONGODB-CR" + << "a") << "roles" + << emptyArray))); + + // Need credentials field + ASSERT_NOT_OK(v2parser.checkValidUserDocument(BSON("user" + << "spencer" + << "db" + << "test" + << "roles" << emptyArray))); + + // Need roles field + ASSERT_NOT_OK(v2parser.checkValidUserDocument(BSON("user" + << "spencer" + << "db" + << "test" + << "credentials" << BSON("MONGODB-CR" + << "a")))); + + // Empty roles arrays are OK + ASSERT_OK(v2parser.checkValidUserDocument(BSON("user" + << "spencer" + << "db" + << "test" + << "credentials" << BSON("MONGODB-CR" + << "a") << "roles" + << emptyArray))); + + // Need credentials of {external: true} if user's db is $external + ASSERT_OK(v2parser.checkValidUserDocument(BSON("user" + << "spencer" + << "db" + << "$external" + << "credentials" << BSON("external" << true) + << "roles" << emptyArray))); + + // Roles must be objects + ASSERT_NOT_OK(v2parser.checkValidUserDocument(BSON("user" + << "spencer" + << "db" + << "test" + << "credentials" << BSON("MONGODB-CR" + << "a") << "roles" + << BSON_ARRAY("read")))); + + // Role needs name + ASSERT_NOT_OK(v2parser.checkValidUserDocument(BSON("user" + << "spencer" + << "db" + << "test" + << "credentials" << BSON("MONGODB-CR" + << "a") << "roles" + << BSON_ARRAY(BSON("db" + << "dbA"))))); + + // Role needs source + ASSERT_NOT_OK(v2parser.checkValidUserDocument(BSON("user" + << "spencer" + << "db" + << "test" + << "credentials" << BSON("MONGODB-CR" + << "a") << "roles" + << BSON_ARRAY(BSON("role" + << "roleA"))))); + + + // Basic valid user document + ASSERT_OK(v2parser.checkValidUserDocument(BSON("user" + << "spencer" + << "db" + << "test" + << "credentials" << BSON("MONGODB-CR" + << "a") << "roles" + << BSON_ARRAY(BSON("role" + << "roleA" + << "db" + << "dbA"))))); + + // Multiple roles OK + ASSERT_OK(v2parser.checkValidUserDocument(BSON("user" + << "spencer" + << "db" + << "test" + << "credentials" << BSON("MONGODB-CR" + << "a") << "roles" + << BSON_ARRAY(BSON("role" + << "roleA" + << "db" + << "dbA") + << BSON("role" + << "roleB" + << "db" + << "dbB"))))); + + // Optional extraData field OK + ASSERT_OK(v2parser.checkValidUserDocument(BSON("user" + << "spencer" + << "db" + << "test" + << "credentials" << BSON("MONGODB-CR" + << "a") << "extraData" + << BSON("foo" + << "bar") << "roles" + << BSON_ARRAY(BSON("role" + << "roleA" + << "db" + << "dbA"))))); +} + +TEST_F(V2UserDocumentParsing, V2CredentialExtraction) { + // Old "pwd" field not valid + ASSERT_NOT_OK(v2parser.initializeUserCredentialsFromUserDocument(user.get(), + BSON("user" + << "spencer" + << "db" + << "test" + << "pwd" + << ""))); + + // Credentials must be provided + ASSERT_NOT_OK(v2parser.initializeUserCredentialsFromUserDocument(user.get(), + BSON("user" + << "spencer" + << "db" + << "test"))); + + // Credentials must be object + ASSERT_NOT_OK(v2parser.initializeUserCredentialsFromUserDocument(user.get(), + BSON("user" + << "spencer" + << "db" + << "test" + << "credentials" + << "a"))); + + // Must specify credentials for MONGODB-CR + ASSERT_NOT_OK(v2parser.initializeUserCredentialsFromUserDocument(user.get(), + BSON("user" + << "spencer" + << "db" + << "test" + << "credentials" + << BSON("foo" + << "bar")))); + + // Make sure extracting valid credentials works + ASSERT_OK(v2parser.initializeUserCredentialsFromUserDocument(user.get(), + BSON("user" + << "spencer" + << "db" + << "test" + << "credentials" + << BSON("MONGODB-CR" + << "a")))); + ASSERT(user->getCredentials().password == "a"); + ASSERT(!user->getCredentials().isExternal); + + // Credentials are {external:true if users's db is $external + ASSERT_OK( + v2parser.initializeUserCredentialsFromUserDocument(user.get(), + BSON("user" + << "spencer" + << "db" + << "$external" + << "credentials" + << BSON("external" << true)))); + ASSERT(user->getCredentials().password.empty()); + ASSERT(user->getCredentials().isExternal); +} + +TEST_F(V2UserDocumentParsing, V2RoleExtraction) { + // "roles" field must be provided + ASSERT_NOT_OK(v2parser.initializeUserRolesFromUserDocument(BSON("user" + << "spencer"), + user.get())); + + // V1-style roles arrays no longer work + ASSERT_NOT_OK( + v2parser.initializeUserRolesFromUserDocument(BSON("user" + << "spencer" + << "roles" << BSON_ARRAY("read")), + user.get())); + + // Roles must have "db" field + ASSERT_NOT_OK( + v2parser.initializeUserRolesFromUserDocument(BSON("user" + << "spencer" + << "roles" << BSON_ARRAY(BSONObj())), + user.get())); + + ASSERT_NOT_OK(v2parser.initializeUserRolesFromUserDocument(BSON("user" + << "spencer" + << "roles" << BSON_ARRAY(BSON( + "role" + << "roleA"))), + user.get())); + + ASSERT_NOT_OK( + v2parser.initializeUserRolesFromUserDocument(BSON("user" + << "spencer" + << "roles" << BSON_ARRAY(BSON("user" + << "roleA" + << "db" + << "dbA"))), + user.get())); + + // Valid role names are extracted successfully + ASSERT_OK( + v2parser.initializeUserRolesFromUserDocument(BSON("user" + << "spencer" + << "roles" << BSON_ARRAY(BSON("role" + << "roleA" + << "db" + << "dbA"))), + user.get())); + RoleNameIterator roles = user->getRoles(); + ASSERT_EQUALS(RoleName("roleA", "dbA"), roles.next()); + ASSERT_FALSE(roles.more()); + + // Multiple roles OK + ASSERT_OK(v2parser.initializeUserRolesFromUserDocument(BSON("user" + << "spencer" + << "roles" + << BSON_ARRAY(BSON("role" + << "roleA" + << "db" + << "dbA") + << BSON("role" + << "roleB" + << "db" + << "dbB"))), + user.get())); + roles = user->getRoles(); + RoleName role = roles.next(); + if (role == RoleName("roleA", "dbA")) { + ASSERT_EQUALS(RoleName("roleB", "dbB"), roles.next()); + } else { + ASSERT_EQUALS(RoleName("roleB", "dbB"), role); ASSERT_EQUALS(RoleName("roleA", "dbA"), roles.next()); - ASSERT_FALSE(roles.more()); - - // Multiple roles OK - ASSERT_OK(v2parser.initializeUserRolesFromUserDocument( - BSON("user" << "spencer" << - "roles" << BSON_ARRAY(BSON("role" << "roleA" << - "db" << "dbA") << - BSON("role" << "roleB" << - "db" << "dbB"))), - user.get())); - roles = user->getRoles(); - RoleName role = roles.next(); - if (role == RoleName("roleA", "dbA")) { - ASSERT_EQUALS(RoleName("roleB", "dbB"), roles.next()); - } else { - ASSERT_EQUALS(RoleName("roleB", "dbB"), role); - ASSERT_EQUALS(RoleName("roleA", "dbA"), roles.next()); - } - ASSERT_FALSE(roles.more()); } + ASSERT_FALSE(roles.more()); +} } // namespace } // namespace mongo |