2 files changed, 20 insertions, 0 deletions

diff --git a/src/mongo/db/auth/authorization_session.cpp b/src/mongo/db/auth/authorization_session.cpp
index 42735813bb9..a29e1c2ff5e 100644
--- a/src/mongo/db/auth/authorization_session.cpp
+++ b/src/mongo/db/auth/authorization_session.cpp
@@ -176,6 +176,22 @@ User* AuthorizationSession::lookupUser(const UserName& name) {
     return _authenticatedUsers.lookup(name);
 }
 
+User* AuthorizationSession::getSingleUser() {
+    UserName userName;
+
+    auto userNameItr = getAuthenticatedUserNames();
+    if (userNameItr.more()) {
+        userName = userNameItr.next();
+        if (userNameItr.more()) {
+            uasserted(ErrorCodes::Unauthorized, "there are no users authenticated");
+        }
+    } else {
+        uasserted(ErrorCodes::Unauthorized, "too many users are authenticated");
+    }
+
+    return lookupUser(userName);
+}
+
 void AuthorizationSession::logoutDatabase(const std::string& dbname) {
     User* removedUser = _authenticatedUsers.removeByDBName(dbname);
     if (removedUser) {
diff --git a/src/mongo/db/auth/authorization_session.h b/src/mongo/db/auth/authorization_session.h
index 65588ab0708..eccb2dcbbc3 100644
--- a/src/mongo/db/auth/authorization_session.h
+++ b/src/mongo/db/auth/authorization_session.h
@@ -119,6 +119,10 @@ public:
     // and ownership of the user stays with the AuthorizationManager
     User* lookupUser(const UserName& name);
 
+    // Returns the single user on this auth session. If no user is authenticated, or if
+    // multiple users are authenticated, this method will throw an exception.
+    User* getSingleUser();
+
     // Gets an iterator over the names of all authenticated users stored in this manager.
     UserNameIterator getAuthenticatedUserNames();