1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
// Tests the connectionStatus command
var dbName = 'connection_status';
var myDB = db.getSiblingDB(dbName);
myDB.dropAllUsers();
function test(userName) {
myDB.createUser({user: userName, pwd: "weak password", roles: [{db: "admin", role: "root"}]});
myDB.auth(userName, "weak password");
var output = myDB.runCommand("connectionStatus");
assert.commandWorked(output);
// Test that authenticated users are properly returned.
var users = output.authInfo.authenticatedUsers;
var matches = 0;
for (var i=0; i < users.length; i++) {
if (users[i].db != dbName)
continue;
assert.eq(users[i].user, userName);
matches++;
}
assert.eq(matches, 1);
// Test that authenticated roles are properly returned.
var roles = output.authInfo.authenticatedUserRoles;
matches = 0;
for (var i=0; i < roles.length; i++) {
if (roles[i].db != "admin")
continue;
assert.eq(roles[i].role, "root");
matches++;
}
assert(matches >= 1);
// Test roles/ privileges for a non-root user.
myDB.createUser({user: "foo", pwd: "weak password", roles: [{db: "foo", role: "read"}]});
myDB.logout();
myDB.auth("foo", "weak password");
output = myDB.runCommand({"connectionStatus": 1, "showPrivileges": 1});
assert.commandWorked(output);
var privileges = output.authInfo.authenticatedUserPrivileges;
matches = 0;
for (var i=0; i < privileges.length; i++) {
if (privileges[i].resource.anyResource) {
matches++;
}
}
assert(matches >= 1);
myDB.logout();
// Clean up.
myDB.auth(userName, "weak password");
myDB.dropAllUsers();
myDB.logout();
}
test("someone");
test("someone else");
|
