summaryrefslogtreecommitdiff
path: root/jstests/auth/iteration_count_control.js
blob: b0a790c43c68b225e8398b86cd5ec0494a5e0b0c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
// Test SCRAM iterationCount control.
load('./jstests/multiVersion/libs/auth_helpers.js');

var conn = MongoRunner.runMongod({auth: ''});

var testIterationCountControl = function(){
    var adminDB = conn.getDB('admin');
    adminDB.createUser({user: 'user1', pwd: 'pass',
                        roles: jsTest.adminUserRoles});
    assert(adminDB.auth({user: 'user1', pwd: 'pass'}));

    var userDoc = getUserDoc(adminDB, 'user1');
    assert.eq(10000, userDoc.credentials['SCRAM-SHA-1'].iterationCount);

    // Changing iterationCount should not affect existing users.
    assert.commandWorked(adminDB.runCommand({setParameter: 1,
                                             scramIterationCount: 5000}));
    userDoc = getUserDoc(adminDB, 'user1');
    assert.eq(10000, userDoc.credentials['SCRAM-SHA-1'].iterationCount);

    // But it should take effect when the user's password is changed.
    adminDB.updateUser('user1', {pwd: 'pass',
                                 roles: jsTest.adminUserRoles});
    userDoc = getUserDoc(adminDB, 'user1');
    assert.eq(5000, userDoc.credentials['SCRAM-SHA-1'].iterationCount);

    // Test invalid values for iterationCount. 5000 is the minimum value.
    assert.commandFailed(adminDB.runCommand({setParameter: 1,
                                             scramIterationCount: 4999}));
    assert.commandFailed(adminDB.runCommand({setParameter: 1,
                                             scramIterationCount: -5000}));
};

testIterationCountControl();
MongoRunner.stopMongod(conn);