1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
|
"use strict";
// Test creating and authenticating users with special characters.
(function() {
var conn = MongoRunner.runMongod({auth: ''});
var adminDB = conn.getDB('admin');
adminDB.createUser({user: 'admin', pwd: 'pass', roles: jsTest.adminUserRoles});
var testUserSpecialCharacters = function() {
// Create a user with special characters, make sure it can auth.
assert(adminDB.auth('admin', 'pass'));
adminDB.createUser(
{user: '~`!@#$%^&*()-_+={}[]||;:",.//><', pwd: 'pass', roles: jsTest.adminUserRoles});
assert(adminDB.logout());
assert(adminDB.auth({user: '~`!@#$%^&*()-_+={}[]||;:",.//><', pwd: 'pass'}));
assert(adminDB.logout());
};
testUserSpecialCharacters();
var testUserAndDatabaseAtSymbolConflation = function() {
// Create a pair of users and databases such that their string representations are
// identical.
assert(adminDB.auth('admin', 'pass'));
var bcDB = conn.getDB('b@c');
bcDB.createUser({user: 'a', pwd: 'pass2', roles: [{role: 'readWrite', db: 'b@c'}]});
var cDB = conn.getDB('c');
cDB.createUser({user: 'a@b', pwd: 'pass1', roles: [{role: 'readWrite', db: 'c'}]});
assert(adminDB.logout());
// Ensure they cannot authenticate to the wrong database.
assert(!bcDB.auth('a@b', 'pass1'));
assert(!bcDB.auth('a@b', 'pass2'));
assert(!cDB.auth('a', 'pass1'));
assert(!cDB.auth('a', 'pass2'));
// Ensure that they can both successfully authenticate to their correct database.
assert(cDB.auth('a@b', 'pass1'));
assert.commandWorked(cDB.col.insert({data: 1}));
assert.writeError(bcDB.col.insert({data: 2}));
assert(cDB.logout());
assert(bcDB.auth('a', 'pass2'));
assert.commandWorked(bcDB.col.insert({data: 3}));
assert.writeError(cDB.col.insert({data: 4}));
assert(bcDB.logout());
// Ensure that the user cache permits both users to log in at the same time
assert(cDB.auth('a@b', 'pass1'));
assert(bcDB.auth('a', 'pass2'));
assert(cDB.logout());
assert(bcDB.logout());
assert(bcDB.auth('a', 'pass2'));
assert(cDB.auth('a@b', 'pass1'));
assert(cDB.logout());
assert(bcDB.logout());
};
testUserAndDatabaseAtSymbolConflation();
MongoRunner.stopMongod(conn);
})();
|