summaryrefslogtreecommitdiff
path: root/jstests/auth/indexSystemUsers.js
blob: 8b9069b1afb513d70cf10f4950d49c017c11a217 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
// SERVER-8802: Test that you can't build indexes on system.users and use that to drop users with
// dropDups.
var conn = MongoRunner.runMongod({auth: ""});

var adminDB = conn.getDB("admin");
var testDB = conn.getDB("test");
adminDB.createUser({user: 'admin', pwd: 'x', roles: ['userAdminAnyDatabase']});
adminDB.auth('admin', 'x');
adminDB.createUser({user: 'mallory', pwd: 'x', roles: ['readWriteAnyDatabase']});
testDB.createUser({user: 'user', pwd: 'x', roles: ['read']});
assert.eq(3, adminDB.system.users.count());
adminDB.logout();

adminDB.auth('mallory', 'x');
var res = adminDB.system.users.createIndex({haxx: 1}, {unique: true, dropDups: true});
assert(!res.ok);
assert.eq(13, res.code);  // unauthorized
// Make sure that no indexes were built.
var collectionInfosCursor = adminDB.runCommand("listCollections", {
    filter: {
        $and: [
            {name: /^admin\.system\.users\.\$/},
            {name: {$ne: "admin.system.users.$_id_"}},
            {name: {$ne: "admin.system.users.$user_1_db_1"}}
        ]
    }
});

assert.eq([], new DBCommandCursor(adminDB, collectionInfosCursor).toArray());
adminDB.logout();

adminDB.auth('admin', 'x');
// Make sure that no users were actually dropped
assert.eq(3, adminDB.system.users.count());
MongoRunner.stopMongod(conn, null, {user: 'admin', pwd: 'x'});