// Auth tests for the $listSessions {allUsers:true} aggregation stage. // @tags: [requires_sharding] (function() { 'use strict'; load('jstests/aggregation/extras/utils.js'); // This test makes assertions about the number of sessions, which are not compatible with // implicit sessions. TestData.disableImplicitSessions = true; function runListAllSessionsTest(mongod) { assert(mongod); const admin = mongod.getDB("admin"); const config = mongod.getDB("config"); const pipeline = [{'$listSessions': {allUsers: true}}]; admin.createUser({user: 'admin', pwd: 'pass', roles: jsTest.adminUserRoles}); assert(admin.auth('admin', 'pass')); admin.createUser({user: 'user1', pwd: 'pass', roles: jsTest.basicUserRoles}); admin.logout(); // Fail if we're not logged in. assertErrorCode(config.system.sessions, pipeline, ErrorCodes.Unauthorized); // Start a new session and capture its sessionId. assert(admin.auth('user1', 'pass')); const myid = assert.commandWorked(admin.runCommand({startSession: 1})).id.id; assert(myid !== undefined); assert.commandWorked(admin.runCommand({refreshLogicalSessionCacheNow: 1})); // Ensure that a normal user can NOT listSessions{allUsers:true} to view their session. assertErrorCode(config.system.sessions, pipeline, ErrorCodes.Unauthorized); // Ensure that a normal user can NOT listSessions to view others' sessions. const viewAdminPipeline = [{'$listSessions': {users: [{user: 'admin', db: 'admin'}]}}]; assertErrorCode(config.system.sessions, viewAdminPipeline, ErrorCodes.Unauthorized); // Ensure that the cache now contains the session and is visible by admin admin.logout(); assert(admin.auth('admin', 'pass')); const resultArray = config.system.sessions .aggregate( [{'$listSessions': {allUsers: true}}, {'$sort': {lastUse: -1}}, {'$limit': 1}]) .toArray(); assert.eq(resultArray.length, 1); const cacheid = resultArray[0]._id.id; assert(cacheid !== undefined); assert.eq(0, bsonWoCompare({x: cacheid}, {x: myid})); // Make sure pipelining other collections fail. assertErrorCode(admin.system.collections, pipeline, ErrorCodes.InvalidNamespace); } const mongod = MongoRunner.runMongod({auth: ""}); runListAllSessionsTest(mongod); MongoRunner.stopMongod(mongod); const st = new ShardingTest({shards: 1, mongos: 1, config: 1, other: {keyFile: 'jstests/libs/key1'}}); // Ensure that the sessions collection exists. st.c0.getDB("admin").runCommand({refreshLogicalSessionCacheNow: 1}); st.rs0.getPrimary().getDB("admin").runCommand({refreshLogicalSessionCacheNow: 1}); runListAllSessionsTest(st.s0); st.stop(); })();