From f202c4c1ba24b9f561e8b11dac5b04fa0eeb4919 Mon Sep 17 00:00:00 2001 From: "A. Jesse Jiryu Davis" Date: Fri, 19 Apr 2019 13:52:12 -0400 Subject: SERVER-35638 Short timeout to autocomplete collection names Also resolves SERVER-40736, test autocompletion of collection names for users without the listCollections permission. --- jstests/auth/autocomplete_auth.js | 51 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 jstests/auth/autocomplete_auth.js (limited to 'jstests/auth') diff --git a/jstests/auth/autocomplete_auth.js b/jstests/auth/autocomplete_auth.js new file mode 100644 index 00000000000..5e15cae3718 --- /dev/null +++ b/jstests/auth/autocomplete_auth.js @@ -0,0 +1,51 @@ +/** + * Tests that when a user who lacks the listCollections privilege types 'db.' in the shell, + * autocompletion shows the collections on which she has permissions. + * + * @tags: [ + * assumes_superuser_permissions, + * assumes_write_concern_unchanged, + * creates_and_authenticates_user, + * requires_auth, + * requires_non_retryable_commands, + * ] + */ + +// Get shell's global scope. +const self = this; + +(function() { + 'use strict'; + + const testName = jsTest.name(); + const conn = MongoRunner.runMongod({auth: ''}); + const admin = conn.getDB('admin'); + admin.createUser({user: 'admin', pwd: 'pass', roles: jsTest.adminUserRoles}); + assert(admin.auth('admin', 'pass')); + + admin.getSiblingDB(testName).createRole({ + role: 'coachTicket', + privileges: [{resource: {db: testName, collection: 'coachClass'}, actions: ['find']}], + roles: [] + }); + + admin.getSiblingDB(testName).createUser( + {user: 'coachPassenger', pwd: 'password', roles: ['coachTicket']}); + + const testDB = conn.getDB(testName); + testDB.coachClass.insertOne({}); + testDB.businessClass.insertOne({}); + + // Must use 'db' to test autocompletion. + self.db = new Mongo(conn.host).getDB(testName); + assert(db.auth('coachPassenger', 'password')); + const authzErrorCode = 13; + assert.commandFailedWithCode(db.runCommand({listCollections: 1}), authzErrorCode); + assert.commandWorked(db.runCommand({find: 'coachClass'})); + assert.commandFailedWithCode(db.runCommand({find: 'businessClass'}), authzErrorCode); + shellAutocomplete('db.'); + assert(__autocomplete__.includes('db.coachClass'), + `Completions should include 'coachClass': ${__autocomplete__}`); + assert(!__autocomplete__.includes('db.businessClass'), + `Completions should NOT include 'businessClass': ${__autocomplete__}`); +})(); -- cgit v1.2.1