1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
// This test is a basic sanity check of the shell helpers for manipulating user objects
// It is not a comprehensive test of the functionality of the user manipulation commands
function assertHasRole(rolesArray, roleName, roleDB) {
for (i in rolesArray) {
var curRole = rolesArray[i];
if (curRole.role == roleName && curRole.db == roleDB) {
return;
}
}
assert(false, "role " + roleName + "@" + roleDB + " not found in array: " + tojson(rolesArray));
}
function runTest(db) {
var db = db.getSiblingDB("user_management_helpers");
db.dropDatabase();
db.dropAllUsers();
db.createUser({user: "spencer", pwd: "password", roles: ['readWrite']});
db.createUser({user: "andy", pwd: "password", roles: ['readWrite']});
// Test getUser
var userObj = db.getUser('spencer');
assert.eq(1, userObj.roles.length);
assertHasRole(userObj.roles, "readWrite", db.getName());
// Test getUsers
var users = db.getUsers();
assert.eq(2, users.length);
assert(users[0].user == 'spencer' || users[1].user == 'spencer');
assert(users[0].user == 'andy' || users[1].user == 'andy');
assert.eq(1, users[0].roles.length);
assert.eq(1, users[1].roles.length);
assertHasRole(users[0].roles, "readWrite", db.getName());
assertHasRole(users[1].roles, "readWrite", db.getName());
// Granting roles to nonexistent user fails
assert.throws(function() {
db.grantRolesToUser("fakeUser", ['dbAdmin']);
});
// Granting non-existant role fails
assert.throws(function() {
db.grantRolesToUser("spencer", ['dbAdmin', 'fakeRole']);
});
userObj = db.getUser('spencer');
assert.eq(1, userObj.roles.length);
assertHasRole(userObj.roles, "readWrite", db.getName());
// Granting a role you already have is no problem
db.grantRolesToUser("spencer", ['readWrite', 'dbAdmin']);
userObj = db.getUser('spencer');
assert.eq(2, userObj.roles.length);
assertHasRole(userObj.roles, "readWrite", db.getName());
assertHasRole(userObj.roles, "dbAdmin", db.getName());
// Revoking roles the user doesn't have is fine
db.revokeRolesFromUser("spencer", ['dbAdmin', 'read']);
userObj = db.getUser('spencer');
assert.eq(1, userObj.roles.length);
assertHasRole(userObj.roles, "readWrite", db.getName());
// Update user
db.updateUser("spencer", {customData: {hello: 'world'}, roles: ['read']});
userObj = db.getUser('spencer');
assert.eq('world', userObj.customData.hello);
assert.eq(1, userObj.roles.length);
assertHasRole(userObj.roles, "read", db.getName());
// Test dropUser
db.dropUser('andy');
assert.eq(null, db.getUser('andy'));
// Test dropAllUsers
db.dropAllUsers();
assert.eq(0, db.getUsers().length);
// Test password digestion
assert.throws(function() {
db.createUser({user: 'user1', pwd: 'x', roles: [], digestPassword: true});
});
assert.throws(function() {
db.createUser({user: 'user1', pwd: 'x', roles: [], digestPassword: false});
});
assert.throws(function() {
db.createUser({user: 'user1', pwd: 'x', roles: [], passwordDigestor: 'foo'});
});
db.createUser({user: 'user1', pwd: 'x', roles: [], passwordDigestor: "server"});
db.createUser({user: 'user2', pwd: 'x', roles: [], passwordDigestor: "client"});
assert(db.auth('user1', 'x'));
assert(db.auth('user2', 'x'));
assert.throws(function() {
db.updateUser('user1', {pwd: 'y', digestPassword: true});
});
assert.throws(function() {
db.updateUser('user1', {pwd: 'y', digestPassword: false});
});
assert.throws(function() {
db.updateUser('user1', {pwd: 'y', passwordDigestor: 'foo'});
});
db.updateUser('user1', {pwd: 'y', passwordDigestor: 'server'});
db.updateUser('user2', {pwd: 'y', passwordDigestor: 'client'});
assert(db.auth('user1', 'y'));
assert(db.auth('user2', 'y'));
// Test createUser requires 'user' field
assert.throws(function() {
db.createUser({pwd: 'x', roles: ['dbAdmin']});
});
// Test createUser disallows 'createUser' field
assert.throws(function() {
db.createUser({createUser: 'ben', pwd: 'x', roles: ['dbAdmin']});
});
}
try {
runTest(db);
} catch (x) {
// BF-836 Print current users on failure to aid debugging
db.getSiblingDB('admin').system.users.find().forEach(printjson);
throw x;
}
|