1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
/**
* Tests that apiStrict forbids authentication as multiple users.
* @tags: [requires_auth]
*/
(function() {
"use strict";
load("jstests/libs/fail_point_util.js");
load("jstests/libs/parallel_shell_helpers.js");
function runTest(conn) {
const db1 = "foo";
const user1 = "alice";
const db2 = "bar";
const user2 = "bob";
const db3 = "foo";
const user3 = "carol";
const pass = "pwd";
conn.getDB(db1).createUser({user: user1, pwd: pass, roles: []});
conn.getDB(db2).createUser({user: user2, pwd: pass, roles: []});
conn.getDB(db3).createUser({user: user3, pwd: pass, roles: []});
{
jsTest.log("Testing the rainbow of auth with a vanilla connection");
const vanillaConn = new Mongo(conn.host);
assert(vanillaConn.getDB(db1).auth(user1, pass), "Initial authN should succeed");
assert(!vanillaConn.getDB(db2).auth(user2, pass), "AuthN on another db should not succeed");
assert(vanillaConn.getDB(db1).auth(user1, pass), "Re-authN as first user should succeed");
assert(!vanillaConn.getDB(db3).auth(user3, pass),
"AuthN as a new user on the first database should not succeed");
vanillaConn.getDB(db1).logout();
}
{
jsTest.log("Testing the rainbow of auth with an { apiStrict: false } connection");
const laxConn = new Mongo(conn.host, undefined, {api: {version: '1', strict: false}});
assert(laxConn.getDB(db1).auth(user1, pass), "Initial authN should succeed");
assert(!laxConn.getDB(db2).auth(user2, pass), "AuthN on another db should not succeed");
assert(laxConn.getDB(db1).auth(user1, pass), "Re-authN as first user should succeed");
assert(!laxConn.getDB(db3).auth(user3, pass),
"AuthN as a new user on the first database should not succeed");
laxConn.getDB(db1).logout();
}
{
jsTest.log("Testing the rainbow of auth with an { apiStrict: true } connection");
const strictConn = new Mongo(conn.host, undefined, {api: {version: '1', strict: true}});
assert(strictConn.getDB(db1).auth(user1, pass), "Initial authN should succeed");
assert(!strictConn.getDB(db2).auth(user2, pass), "AuthN on another db should fail");
assert(!strictConn.getDB(db1).auth(user1, pass), "Re-authN as first user should fail");
assert(!strictConn.getDB(db3).auth(user3, pass),
"AuthN as a new user on the first database should fail");
strictConn.getDB(db1).logout();
}
{
jsTest.log("Testing the rainbow of auth with an { apiStrict: true } connection " +
"and the allowMultipleUsersWithApiStrict fail point");
const fp = configureFailPoint(conn, "allowMultipleUsersWithApiStrict");
const strictishConn = new Mongo(conn.host, undefined, {api: {version: '1', strict: true}});
assert(strictishConn.getDB(db1).auth(user1, pass), "Initial authN should succeed");
assert(!strictishConn.getDB(db2).auth(user2, pass),
"AuthN on another db should not succeed");
assert(strictishConn.getDB(db1).auth(user1, pass), "Re-authN as first user should succeed");
assert(!strictishConn.getDB(db3).auth(user3, pass),
"AuthN as a new user on the first database should not succeed");
strictishConn.getDB(db1).logout();
fp.off();
}
}
{
const conn = MongoRunner.runMongod();
runTest(conn);
MongoRunner.stopMongod(conn);
}
})();
|
