mongo 1.10.0-java

data/test/shared/authentication/basic_auth_shared.rb

@@ -0,0 +1,286 @@
+# Copyright (C) 2009-2013 MongoDB, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module BasicAuthTests
+
+  def init_auth_basic
+    # enable authentication by creating and logging in as admin user
+    @admin = @client['admin']
+    @admin.add_user('admin', 'password', nil, :roles => ['readAnyDatabase',
+                                                         'readWriteAnyDatabase',
+                                                         'userAdminAnyDatabase',
+                                                         'dbAdminAnyDatabase',
+                                                         'clusterAdmin'])
+    @admin.authenticate('admin', 'password')
+
+    # db user for cleanup (for pre-2.4)
+    @db.add_user('admin', 'cleanup', nil, :roles => [])
+  end
+
+  def teardown_basic
+    remove_all_users(@db, 'admin', 'cleanup')
+    remove_all_users(@admin, 'admin', 'password') if has_auth?(@admin.name)
+  end
+
+  def remove_all_users(database, username, password)
+    database.authenticate(username, password) unless has_auth?(database.name)
+    if @client.server_version < '2.5'
+      database['system.users'].remove
+    else
+      database.command(:dropAllUsersFromDatabase => 1)
+    end
+    database.logout
+  end
+
+  def has_auth?(db_name)
+    @client.auths.any? { |a| a[:source] == db_name }
+  end
+
+  def test_add_remove_user
+    init_auth_basic
+
+    # add user
+    silently { @db.add_user('bob','user') }
+    assert @db.authenticate('bob', 'user')
+
+    # remove user
+    assert @db.remove_user('bob')
+
+    teardown_basic
+  end
+
+  def test_update_user
+    init_auth_basic
+
+    # add user
+    silently { @db.add_user('bob', 'user') }
+    assert @db.authenticate('bob', 'user')
+    @db.logout
+
+    # update user
+    silently { @db.add_user('bob', 'updated') }
+    assert_raise Mongo::AuthenticationError do
+      @db.authenticate('bob', 'user')
+    end
+    assert @db.authenticate('bob', 'updated')
+
+    teardown_basic
+  end
+
+  def test_remove_non_existent_user
+    init_auth_basic
+
+    if @client.server_version < '2.5'
+      assert_equal false, @db.remove_user('joe')
+    else
+      assert_raise Mongo::OperationFailure do
+        assert @db.remove_user('joe')
+      end
+    end
+    teardown_basic
+  end
+
+  def test_authenticate
+    init_auth_basic
+    silently { @db.add_user('peggy', 'user') }
+    assert @db.authenticate('peggy', 'user')
+    @db.remove_user('peggy')
+    teardown_basic
+  end
+
+  def test_authenticate_non_existent_user
+    init_auth_basic
+    assert_raise Mongo::AuthenticationError do
+      @db.authenticate('frank', 'thetank')
+    end
+    teardown_basic
+  end
+
+  def test_logout
+    init_auth_basic
+    silently { @db.add_user('peggy', 'user') }
+    assert @db.authenticate('peggy', 'user')
+    assert @db.logout
+    teardown_basic
+  end
+
+  def test_authenticate_with_special_characters
+    init_auth_basic
+    silently { assert @db.add_user('foo:bar','@foo') }
+    assert @db.authenticate('foo:bar','@foo')
+    teardown_basic
+  end
+
+  def test_authenticate_read_only
+    init_auth_basic
+    silently { @db.add_user('randy', 'readonly', true) }
+    assert @db.authenticate('randy', 'readonly')
+    teardown_basic
+  end
+
+  def test_authenticate_with_connection_uri
+    init_auth_basic
+    silently { @db.add_user('eunice', 'uritest') }
+
+    uri    = "mongodb://eunice:uritest@#{@host_info}/#{@db.name}"
+    client = Mongo::URIParser.new(uri).connection
+
+    assert client
+    assert_equal client.auths.size, 1
+    assert client[TEST_DB]['auth_test'].count
+
+    auth = client.auths.first
+    assert_equal @db.name, auth[:db_name]
+    assert_equal 'eunice', auth[:username]
+    assert_equal 'uritest', auth[:password]
+    teardown_basic
+  end
+
+  def test_socket_auths
+    init_auth_basic
+    # setup
+    db_a = @client[TEST_DB + '_a']
+    silently { db_a.add_user('user_a', 'password') }
+    assert db_a.authenticate('user_a', 'password')
+
+    db_b = @client[TEST_DB + '_b']
+    silently { db_b.add_user('user_b', 'password') }
+    assert db_b.authenticate('user_b', 'password')
+
+    db_c = @client[TEST_DB + '_c']
+    silently { db_c.add_user('user_c', 'password') }
+    assert db_c.authenticate('user_c', 'password')
+
+    # client auths should be applied to socket on checkout
+    socket = @client.checkout_reader(:mode => :primary)
+    assert_equal 4, socket.auths.size
+    assert_equal @client.auths, socket.auths
+    @client.checkin(socket)
+
+    # logout should remove saved auth on socket and client
+    assert db_b.logout
+    socket = @client.checkout_reader(:mode => :primary)
+    assert_equal 3, socket.auths.size
+    assert_equal @client.auths, socket.auths
+    @client.checkin(socket)
+
+    # clean-up
+    db_b.authenticate('user_b', 'password')
+    remove_all_users(db_a, 'user_a', 'password')
+    remove_all_users(db_b, 'user_b', 'password')
+    remove_all_users(db_c, 'user_c', 'password')
+    teardown_basic
+  end
+
+  def test_default_roles_non_admin
+    return unless @client.server_version >= '2.5.3'
+    init_auth_basic
+    silently { @db.add_user('user', 'pass') }
+    silently { @db.authenticate('user', 'pass') }
+    info = @db.command(:usersInfo => 'user')['users'].first
+    assert_equal 'dbOwner', info['roles'].first['role']
+
+    # read-only
+    silently { @db.add_user('ro-user', 'pass', true) }
+    @db.logout
+    @db.authenticate('ro-user', 'pass')
+    info = @db.command(:usersInfo => 'ro-user')['users'].first
+    assert_equal 'read', info['roles'].first['role']
+    @db.logout
+    teardown_basic
+  end
+
+  def test_delegated_authentication
+    return unless @client.server_version >= '2.4' && @client.server_version < '2.5'
+    with_auth(@client) do
+      init_auth_basic
+      # create user in test databases
+      accounts = @client[TEST_DB + '_accounts']
+      silently do
+        accounts.add_user('debbie', 'delegate')
+        @db.add_user('debbie', nil, nil, :roles => ['read'], :userSource => accounts.name)
+      end
+      @admin.logout
+
+      # validate that direct authentication is not allowed
+      assert_raise Mongo::AuthenticationError do
+        @db.authenticate('debbie', 'delegate')
+      end
+
+      # validate delegated authentication
+      assert accounts.authenticate('debbie', 'delegate')
+      assert @db.collection_names
+      accounts.logout
+      assert_raise Mongo::OperationFailure do
+        @db.collection_names
+      end
+
+      # validate auth using source database
+      @db.authenticate('debbie', 'delegate', nil, accounts.name)
+      assert @db.collection_names
+      accounts.logout
+      assert_raise Mongo::OperationFailure do
+        @db.collection_names
+      end
+
+      # clean-up
+      @admin.authenticate('admin', 'password')
+      remove_all_users(accounts, 'debbie', 'delegate')
+      teardown_basic
+    end
+  end
+
+  def test_non_admin_default_roles
+    return if @client.server_version < '2.5'
+    init_auth_basic
+
+    # add read-only user and verify that role is 'read'
+    @db.add_user('randy', 'password', nil, :roles => ['read'])
+    @db.authenticate('randy', 'password')
+    users = @db.command(:usersInfo => 'randy')['users']
+    assert_equal 'read', users.first['roles'].first['role']
+    @db.logout
+
+    # add dbOwner (default) user and verify role
+    silently { @db.add_user('emily', 'password') }
+    @db.authenticate('emily', 'password')
+    users = @db.command(:usersInfo => 'emily')['users']
+    assert_equal 'dbOwner', users.first['roles'].first['role']
+    teardown_basic
+  end
+
+  def test_update_user_to_read_only
+    with_auth(@client) do
+      init_auth_basic
+      silently { @db.add_user('emily', 'password') }
+      @admin.logout
+      @db.authenticate('emily', 'password')
+      @db['test'].insert({})
+      @db.logout
+
+      @admin.authenticate('admin', 'password')
+      silently { @db.add_user('emily', 'password', true) }
+      @admin.logout
+
+      silently { @db.authenticate('emily', 'password') }
+      assert_raise Mongo::OperationFailure do
+        @db['test'].insert({})
+      end
+      @db.logout
+      @admin.authenticate('admin', 'password')
+      teardown_basic
+    end
+  end
+
+end

data/test/shared/authentication/bulk_api_auth_shared.rb

@@ -0,0 +1,259 @@
+# Copyright (C) 2009-2013 MongoDB, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License")
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0x
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module BulkAPIAuthTests
+
+  include Mongo
+
+  def init_auth_bulk
+    # enable authentication
+    @admin = @client["admin"]
+    @admin.add_user('admin', 'password', nil, :roles => ['readWriteAnyDatabase',
+                                                         'userAdminAnyDatabase',
+                                                         'dbAdminAnyDatabase'])
+    @admin.authenticate('admin', 'password')
+
+    # Set up the test db
+    @collection = @db["bulk-api-auth-tests"]
+
+    # db user can insert but not remove
+    res = BSON::OrderedHash.new
+    res[:db] = TEST_DB
+    res[:collection] = ""
+
+    cmd = BSON::OrderedHash.new
+    cmd[:createRole] = "insertOnly"
+    cmd[:privileges] = [{:resource => res, :actions => [ "insert", "find" ]}]
+    cmd[:roles] = []
+    @db.command(cmd)
+    @db.add_user('insertOnly', 'password', nil, :roles => ['insertOnly'])
+
+    # db user can insert and remove
+    cmd = BSON::OrderedHash.new
+    cmd[:createRole] = "insertAndRemove"
+    cmd[:privileges] = [{:resource => res, :actions => [ "insert", "remove", "find" ]}]
+    cmd[:roles] = []
+    @db.command(cmd)
+    @db.add_user('insertAndRemove', 'password', nil, :roles => ['insertAndRemove'])
+
+    # for 2.4 cleanup etc.
+    @db.add_user('admin', 'password', nil, :roles => ['readWrite',
+                                                      'userAdmin',
+                                                      'dbAdmin'])
+    @admin.logout
+  end
+
+  def teardown_bulk
+    remove_all_users_and_roles(@db, 'admin', 'password')
+    remove_all_users_and_roles(@admin, 'admin', 'password')
+  end
+
+  def clear_collection(collection)
+    @admin.authenticate('admin', 'password')
+    collection.remove
+    @admin.logout
+  end
+
+  def remove_all_users_and_roles(database, username, password)
+    @admin.authenticate('admin', 'password')
+    if @version < '2.5.3'
+      database['system.users'].remove
+    else
+      database.command({:dropAllRolesFromDatabase => 1})
+      database.command({:dropAllUsersFromDatabase => 1})
+    end
+    @admin.logout
+  end
+
+  def test_auth_no_error
+    return unless @version >= '2.5.3'
+    init_auth_bulk
+    with_write_commands_and_operations(@db.connection) do |wire_version|
+      clear_collection(@collection)
+      @db.authenticate('insertAndRemove', 'password')
+      bulk = @collection.initialize_ordered_bulk_op
+      bulk.insert({:a => 1})
+      bulk.find({:a => 1}).remove_one
+
+      result = bulk.execute
+      assert_match_document(
+          {
+              "ok" => 1,
+              "nInserted" => 1,
+              "nRemoved" => 1
+          }, result, "wire_version:#{wire_version}")
+      assert_equal 0, @collection.count
+      @db.logout
+    end
+    teardown_bulk
+  end
+
+  def test_auth_error
+    return unless @version >= '2.5.3'
+    init_auth_bulk
+    with_write_commands_and_operations(@db.connection) do |wire_version|
+      clear_collection(@collection)
+      @db.authenticate('insertOnly', 'password')
+      bulk = @collection.initialize_ordered_bulk_op
+      bulk.insert({:a => 1})
+      bulk.find({:a => 1}).remove
+      bulk.insert({:a => 2})
+
+      ex = assert_raise Mongo::BulkWriteError do
+        bulk.execute
+      end
+      result = ex.result
+      assert_match_document(
+          {
+              "ok" => 1,
+              "n" => 1,
+              "writeErrors" =>
+                  [{
+                       "index" => 1,
+                       "code" => 13,
+                       "errmsg" => /not authorized/
+                  }],
+              "code" => 65,
+              "errmsg" => "batch item errors occurred",
+              "nInserted" => 1
+           }, result, "wire_version:#{wire_version}")
+      assert_equal 1, @collection.count
+      @db.logout
+    end
+    teardown_bulk
+  end
+
+  def test_auth_error_unordered
+    return unless @version >= '2.5.3'
+    init_auth_bulk
+    with_write_commands_and_operations(@db.connection) do |wire_version|
+      clear_collection(@collection)
+      @db.authenticate('insertOnly', 'password')
+      bulk = @collection.initialize_unordered_bulk_op
+      bulk.insert({:a => 1})
+      bulk.find({:a => 1}).remove_one
+      bulk.insert({:a => 2})
+
+      ex = assert_raise Mongo::BulkWriteError do
+        bulk.execute
+      end
+      result = ex.result
+      assert_equal 1, result["writeErrors"].length
+      assert_equal 2, result["n"]
+      assert_equal 2, result["nInserted"]
+      assert_equal 2, @collection.count
+      @db.logout
+    end
+    teardown_bulk
+  end
+
+  def test_duplicate_key_with_auth_error
+    return unless @version >= '2.5.3'
+    init_auth_bulk
+    with_write_commands_and_operations(@db.connection) do |wire_version|
+      clear_collection(@collection)
+      @db.authenticate('insertOnly', 'password')
+      bulk = @collection.initialize_ordered_bulk_op
+      bulk.insert({:_id => 1, :a => 1})
+      bulk.insert({:_id => 1, :a => 2})
+      bulk.find({:a => 1}).remove_one
+
+      ex = assert_raise Mongo::BulkWriteError do
+        bulk.execute
+      end
+      result = ex.result
+      assert_match_document(
+          {
+              "ok" => 1,
+              "n" => 1,
+              "writeErrors" =>
+                  [{
+                       "index" => 1,
+                       "code" => 11000,
+                       "errmsg" => /duplicate key error/
+                  }],
+              "code" => 65,
+              "errmsg" => "batch item errors occurred",
+              "nInserted" => 1
+           }, result, "wire_version:#{wire_version}")
+      assert_equal 1, @collection.count
+      @db.logout
+    end
+    teardown_bulk
+  end
+
+  def test_duplicate_key_with_auth_error_unordered
+    return unless @version >= '2.5.3'
+    init_auth_bulk
+    with_write_commands_and_operations(@db.connection) do |wire_version|
+      clear_collection(@collection)
+      @db.authenticate('insertOnly', 'password')
+      bulk = @collection.initialize_unordered_bulk_op
+      bulk.insert({:_id => 1, :a => 1})
+      bulk.insert({:_id => 1, :a => 1})
+      bulk.find({:a => 1}).remove_one
+
+      ex = assert_raise Mongo::BulkWriteError do
+        bulk.execute
+      end
+      result = ex.result
+      assert_equal 2, result["writeErrors"].length
+      assert_equal 1, result["n"]
+      assert_equal 1, result["nInserted"]
+      assert_equal 1, @collection.count
+      @db.logout
+    end
+    teardown_bulk
+  end
+
+  def test_write_concern_error_with_auth_error
+    with_no_replication(@db.connection) do
+      return unless @version >= '2.5.3'
+      init_auth_bulk
+      with_write_commands_and_operations(@db.connection) do |wire_version|
+        clear_collection(@collection)
+        @db.authenticate('insertOnly', 'password')
+        bulk = @collection.initialize_ordered_bulk_op
+        bulk.insert({:_id => 1, :a => 1})
+        bulk.insert({:_id => 2, :a => 1})
+        bulk.find({:a => 1}).remove_one
+        
+        ex = assert_raise Mongo::BulkWriteError do
+          bulk.execute({:w => 2})
+        end
+        result = ex.result
+        
+        assert_match_document(
+            {
+                "ok" => 0,
+                "n" => 0,
+                "nInserted" => 0,
+                "writeErrors" =>
+                    [{
+                         "index" => 0,
+                         "code" => 2,
+                         "errmsg" => /'w' > 1/
+                    }],
+                "code" => 65,
+                "errmsg" => "batch item errors occurred"
+             }, result, "wire_version#{wire_version}")
+# Re-visit this when RUBY-731 is resolved:
+        assert (@collection.count == batch_commands?(wire_version) ? 0 : 1)
+        @db.logout
+      end
+      teardown_bulk
+    end
+  end
+
+end