jstests/auth/auth1.js


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119

// test read/write permissions
// skip this test on 32-bit platforms

function setupTest() {
    print("START auth1.js");
    baseName = "jstests_auth_auth1";

    m = MongoRunner.runMongod({auth: "", bind_ip: "127.0.0.1", useHostname: false});
    return m;
}

function runTest(m) {
    // these are used by read-only user
    db = m.getDB("test");
    mro = new Mongo(m.host);
    dbRO = mro.getDB("test");
    tRO = dbRO[baseName];

    db.getSisterDB("admin").createUser({user: "root", pwd: "root", roles: ["root"]});
    db.getSisterDB("admin").auth("root", "root");

    t = db[baseName];
    t.drop();

    db.dropAllUsers();
    db.logout();

    db.getSisterDB("admin").createUser({user: "super", pwd: "super", roles: ["__system"]});
    db.getSisterDB("admin").auth("super", "super");
    db.createUser({user: "eliot", pwd: "eliot", roles: jsTest.basicUserRoles});
    db.createUser({user: "guest", pwd: "guest", roles: jsTest.readOnlyUserRoles});
    db.getSisterDB("admin").logout();

    assert.throws(function() {
        t.findOne();
    }, [], "read without login");

    print("make sure we can't run certain commands w/out auth");
    var codeUnauthorized = 13;
    var rslt = db.runCommand({eval: "function() { return 1; }"});
    assert.eq(rslt.code, codeUnauthorized, tojson(rslt));
    var rslt = db.runCommand({getLog: "global"});
    assert.eq(rslt.code, codeUnauthorized, tojson(rslt));

    assert(!db.auth("eliot", "eliot2"), "auth succeeded with wrong password");
    assert(db.auth("eliot", "eliot"), "auth failed");
    // Change password
    db.changeUserPassword("eliot", "eliot2");
    assert(!db.auth("eliot", "eliot"), "auth succeeded with wrong password");
    assert(db.auth("eliot", "eliot2"), "auth failed");

    for (i = 0; i < 1000; ++i) {
        t.save({i: i});
    }
    assert.eq(1000, t.count(), "A1");
    assert.eq(1000, t.find().toArray().length, "A2");

    db.setProfilingLevel(2);
    t.count();
    db.setProfilingLevel(0);
    assert.lt(0, db.system.profile.find({user: "eliot@test"}).count(), "AP1");

    var p = {
        key: {i: true},
        reduce: function(obj, prev) {
            prev.count++;
        },
        initial: {count: 0}
    };

    assert.eq(1000, t.group(p).length, "A5");

    assert(dbRO.auth("guest", "guest"), "auth failed 2");

    assert.eq(1000, tRO.count(), "B1");
    assert.eq(1000, tRO.find().toArray().length, "B2");  // make sure we have a getMore in play
    assert.commandWorked(dbRO.runCommand({ismaster: 1}), "B3");

    assert.writeError(tRO.save({}));

    assert.eq(1000, tRO.count(), "B6");

    assert.eq(1000, tRO.group(p).length, "C1");

    var p = {
        key: {i: true},
        reduce: function(obj, prev) {
            db.jstests_auth_auth1.save({i: 10000});
            prev.count++;
        },
        initial: {count: 0}
    };

    assert.throws(function() {
        return t.group(p);
    }, [], "write reduce didn't fail");
    assert.eq(1000, dbRO.jstests_auth_auth1.count(), "C3");

    db.getSiblingDB('admin').auth('super', 'super');

    assert.eq(1000,
              db.eval(function() {
                  return db["jstests_auth_auth1"].count();
              }),
              "D1");
    db.eval(function() {
        db["jstests_auth_auth1"].save({i: 1000});
    });
    assert.eq(1001,
              db.eval(function() {
                  return db["jstests_auth_auth1"].count();
              }),
              "D2");

    print("SUCCESS auth1.js");
}

var m = setupTest();
runTest(m);