1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
// This test is a basic sanity check of the shell helpers for manipulating user objects
// It is not a comprehensive test of the functionality of the user manipulation commands
function assertHasRole(rolesArray, roleName, roleDB) {
for (i in rolesArray) {
var curRole = rolesArray[i];
if (curRole.role == roleName && curRole.db == roleDB) {
return;
}
}
assert(false, "role " + roleName + "@" + roleDB + " not found in array: " + tojson(rolesArray));
}
(function(db) {
var db = db.getSiblingDB("user_management_helpers");
db.dropDatabase();
db.dropAllUsers();
db.createUser({user: "spencer", pwd: "password", roles: ['readWrite']});
db.createUser({user: "andy", pwd: "password", roles: ['readWrite']});
// Test getUser
var userObj = db.getUser('spencer');
assert.eq(1, userObj.roles.length);
assertHasRole(userObj.roles, "readWrite", db.getName());
// Test getUsers
var users = db.getUsers();
assert.eq(2, users.length);
assert(users[0].user == 'spencer' || users[1].user == 'spencer');
assert(users[0].user == 'andy' || users[1].user == 'andy');
assert.eq(1, users[0].roles.length);
assert.eq(1, users[1].roles.length);
assertHasRole(users[0].roles, "readWrite", db.getName());
assertHasRole(users[1].roles, "readWrite", db.getName());
// Granting roles to nonexistent user fails
assert.throws(function() { db.grantRolesToUser("fakeUser", ['dbAdmin']); });
// Granting non-existant role fails
assert.throws(function() { db.grantRolesToUser("spencer", ['dbAdmin', 'fakeRole']); });
userObj = db.getUser('spencer');
assert.eq(1, userObj.roles.length);
assertHasRole(userObj.roles, "readWrite", db.getName());
// Granting a role you already have is no problem
db.grantRolesToUser("spencer", ['readWrite', 'dbAdmin']);
userObj = db.getUser('spencer');
assert.eq(2, userObj.roles.length);
assertHasRole(userObj.roles, "readWrite", db.getName());
assertHasRole(userObj.roles, "dbAdmin", db.getName());
// Revoking roles the user doesn't have is fine
db.revokeRolesFromUser("spencer", ['dbAdmin', 'read']);
userObj = db.getUser('spencer');
assert.eq(1, userObj.roles.length);
assertHasRole(userObj.roles, "readWrite", db.getName());
// Update user
db.updateUser("spencer", {customData: {hello: 'world'}, roles:['read']});
userObj = db.getUser('spencer');
assert.eq('world', userObj.customData.hello);
assert.eq(1, userObj.roles.length);
assertHasRole(userObj.roles, "read", db.getName());
// Test dropUser
db.dropUser('andy');
assert.throws(function() {printjson(db.getUser('andy'));});
// Test dropAllUsers
db.dropAllUsers()
assert.eq(0, db.getUsers().length);
// Test password digestion
assert.throws(function() {
db.createUser({user:'user1', pwd:'x', roles:[], digestPassword: true});});
assert.throws(function() {
db.createUser({user:'user1', pwd:'x', roles:[], digestPassword: false});});
assert.throws(function() {
db.createUser({user:'user1', pwd:'x', roles:[], passwordDigestor: 'foo'});});
db.createUser({user:'user1', pwd:'x', roles:[], passwordDigestor:"server"});
db.createUser({user:'user2', pwd:'x', roles:[], passwordDigestor:"client"});
assert(db.auth('user1', 'x'));
assert(db.auth('user2', 'x'));
assert.throws(function() { db.updateUser('user1', {pwd:'y', digestPassword: true});});
assert.throws(function() { db.updateUser('user1', {pwd:'y', digestPassword: false});});
assert.throws(function() { db.updateUser('user1', {pwd:'y', passwordDigestor: 'foo'});});
db.updateUser('user1', {pwd:'y', passwordDigestor: 'server'});
db.updateUser('user2', {pwd:'y', passwordDigestor: 'client'});
assert(db.auth('user1', 'y'));
assert(db.auth('user2', 'y'));
}(db));
|
