1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
// Tests that a client will auto-discover a user's supported SASL mechanisms during auth().
// @tags: [requires_sharding]
(function() {
"use strict";
function runTest(conn) {
const admin = conn.getDB("admin");
const test = conn.getDB("test");
admin.createUser({user: 'admin', pwd: 'pass', roles: jsTest.adminUserRoles});
assert(admin.auth('admin', 'pass'));
// Verify user mechanism discovery.
function checkUser(username, mechanism) {
var createUser = {createUser: username, pwd: 'pwd', roles: []};
if (mechanism !== undefined) {
createUser.mechanisms = [mechanism];
} else {
// Create both variants, expect to prefer 256.
mechanism = 'SCRAM-SHA-256';
}
assert.commandWorked(test.runCommand(createUser));
assert.eq(test._getDefaultAuthenticationMechanism(username, test.getName()), mechanism);
assert(test.auth(username, 'pwd'));
test.logout();
}
checkUser('userSha1', 'SCRAM-SHA-1');
checkUser('userSha256', 'SCRAM-SHA-256');
checkUser('userAll');
// Verify override of mechanism discovery.
// Depends on 'userAll' user created above.
assert.eq(test._getDefaultAuthenticationMechanism('userAll', test.getName()),
'SCRAM-SHA-256');
test._defaultAuthenticationMechanism = 'SCRAM-SHA-1';
assert.eq(test._getDefaultAuthenticationMechanism('userAll', test.getName()),
'SCRAM-SHA-1');
test._defaultAuthenticationMechanism = 'NO-SUCH-MECHANISM';
assert.eq(test._getDefaultAuthenticationMechanism('userAll', test.getName()),
'SCRAM-SHA-256');
}
// Test standalone.
const m = MongoRunner.runMongod({auth: ""});
runTest(m);
MongoRunner.stopMongod(m);
// Test sharded.
// TODO: Remove 'shardAsReplicaSet: false' when SERVER-32672 is fixed.
const st = new ShardingTest({
shards: 1,
mongos: 1,
config: 1,
other: {keyFile: 'jstests/libs/key1', shardAsReplicaSet: false}
});
runTest(st.s0);
st.stop();
})();
|
