jstests/auth/js_scope_leak.js


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

// Test for SERVER-9129
// Verify global scope data does not persist past logout or auth.
// NOTE: Each test case covers 3 state transitions:
//          no auth       -> auth user 'a'
//          auth user 'a' -> auth user 'b'
//          auth user 'b' -> logout
//
//       These transitions are tested for $where and MapReduce.

var conn = MongoRunner.runMongod();
var test = conn.getDB("test");

// insert a single document and add two test users
test.foo.insert({a: 1});
assert.eq(1, test.foo.findOne().a);
test.createUser({user: 'a', pwd: 'a', roles: jsTest.basicUserRoles});
test.createUser({user: 'b', pwd: 'b', roles: jsTest.basicUserRoles});

function missingOrEquals(string) {
    return 'function() { ' +
        'var global = function(){return this;}.call();'
        // Uncomment the next line when debugging.
        // + 'print(global.hasOwnProperty("someGlobal") ? someGlobal : "MISSING" );'
        + 'return !global.hasOwnProperty("someGlobal")' +
        '    || someGlobal == unescape("' + escape(string) + '");' +
        '}()';
}

// test $where
function testWhere() {
    // set the global variable 'someGlobal' before authenticating
    test.foo.findOne({$where: 'someGlobal = "noUsers";'});

    // test new user auth causes scope to be cleared
    test.auth('a', 'a');
    assert.eq(
        1, test.foo.count({$where: 'return ' + missingOrEquals('a')}), "$where: Auth user 'a");

    // test auth as another user causes scope to be cleared
    test.foo.findOne({$where: 'someGlobal = "a";'});
    test.auth('b', 'b');
    assert(test.foo.count({$where: 'return ' + missingOrEquals('a&b')}), "$where: Auth user 'b'");
    // test user logout causes scope to be cleared
    test.foo.findOne({$where: 'someGlobal = "a&b";'});
    test.logout();
    assert(test.foo.count({$where: 'return ' + missingOrEquals('noUsers')}), "$where: log out");
}
testWhere();
testWhere();

function testMapReduce() {
    var mapSet = function(string) {
        return Function('someGlobal = "' + string + '"');
    };
    var mapGet = function(string) {
        return Function('assert(' + missingOrEquals(string) + ')');
    };
    var reduce = function(k, v) {};
    var setGlobalInMap = function(string) {
        test.foo.mapReduce(mapSet(string), reduce, {out: {inline: 1}});
    };
    var getGlobalFromMap = function(string) {
        test.foo.mapReduce(mapGet(string), reduce, {out: {inline: 1}});
    };

    // set the global variable 'someGlobal' before authenticating
    setGlobalInMap('noUsers');

    // test new user auth causes scope to be cleared
    test.auth('a', 'a');
    assert.doesNotThrow(function() {
        getGlobalFromMap('a');
    }, [], "M/R: Auth user 'a'");

    // test auth as another user causes scope to be cleared
    setGlobalInMap('a');
    test.auth('b', 'b');
    assert.doesNotThrow(function() {
        getGlobalFromMap('a&b');
    }, [], "M/R: Auth user 'b'");

    // test user logout causes scope to be cleared
    setGlobalInMap('a&b');
    test.logout();
    assert.doesNotThrow(function() {
        getGlobalFromMap('noUsers');
    }, [], "M/R: Log out");
}
testMapReduce();
testMapReduce();

MongoRunner.stopMongod(conn);