summaryrefslogtreecommitdiff
path: root/jstests/core/connection_status.js
blob: 47aab3f0f43a5e34fc0cf7eb5dfb416c0a190fea (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
// Tests the connectionStatus command
(function() {
    "use strict";
    var dbName = 'connection_status';
    var myDB = db.getSiblingDB(dbName);
    myDB.dropAllUsers();

    /**
     * Test that the output of connectionStatus makes sense.
     */
    function validateConnectionStatus(expectedUser, expectedRole, showPrivileges) {
        var connectionStatus =
            myDB.runCommand({"connectionStatus": 1, "showPrivileges": showPrivileges});
        assert.commandWorked(connectionStatus);
        var authInfo = connectionStatus.authInfo;

        // Test that authenticated users are properly returned.
        var users = authInfo.authenticatedUsers;
        var matches = 0;
        var infoStr = tojson(authInfo);
        for (var i = 0; i < users.length; i++) {
            var user = users[i].user;
            var db = users[i].db;
            assert(isString(user),
                   "each authenticatedUsers should have a 'user' string:" + infoStr);
            assert(isString(db), "each authenticatedUsers should have a 'db' string:" + infoStr);
            if (user === expectedUser.user && db === expectedUser.db) {
                matches++;
            }
        }
        assert.eq(
            matches, 1, "expected user should be present once in authenticatedUsers:" + infoStr);

        // Test that authenticated roles are properly returned.
        var roles = authInfo.authenticatedUserRoles;
        matches = 0;
        for (var i = 0; i < roles.length; i++) {
            var role = roles[i].role;
            var db = roles[i].db;
            assert(isString(role),
                   "each authenticatedUserRole should have a 'role' string:" + infoStr);
            assert(isString(db), "each authenticatedUserRole should have a 'db' string:" + infoStr);
            if (role === expectedRole.role && db === expectedRole.db) {
                matches++;
            }
        }
        // Role will be duplicated when users with the same role are logged in at the same time.
        assert.gte(
            matches, 1, "expected role should be present in authenticatedUserRoles:" + infoStr);

        var privileges = authInfo.authenticatedUserPrivileges;
        if (showPrivileges) {
            for (var i = 0; i < privileges.length; i++) {
                assert(
                    isObject(privileges[i].resource),
                    "each authenticatedUserPrivilege should have a 'resource' object:" + infoStr);
                var actions = privileges[i].actions;
                for (var j = 0; j < actions.length; j++) {
                    assert(isString(actions[j]),
                           "each authenticatedUserPrivilege action should be a string:" + infoStr);
                }
            }

        } else {
            // Test that privileges are not returned without asking
            assert.eq(privileges,
                      undefined,
                      "authenticatedUserPrivileges should not be returned by default:" + infoStr);
        }
    }

    function test(userName) {
        var user = {user: userName, db: dbName};
        var role = {role: "root", db: "admin"};
        myDB.createUser({user: userName, pwd: "weak password", roles: [role]});
        myDB.auth(userName, "weak password");

        // Validate with and without showPrivileges
        validateConnectionStatus(user, role, true);
        validateConnectionStatus(user, role, false);

        // Clean up.
        myDB.dropAllUsers();
        myDB.logout();
    }

    test("someone");
    test("someone else");
})();