Rooba
/
perkeep
mirror of https://github.com/perkeep/perkeep.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity
perkeep/third_party/labix.org/v2/mgo/auth_test.go

518 lines
13 KiB
Go
Raw Blame History

// mgo - MongoDB driver for Go
//
// Copyright (c) 2010-2012 - Gustavo Niemeyer <gustavo@niemeyer.net>
//
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice, this
// list of conditions and the following disclaimer.
// 2. Redistributions in binary form must reproduce the above copyright notice,
// this list of conditions and the following disclaimer in the documentation
// and/or other materials provided with the distribution.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
// ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
// ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
package mgo_test
import (
. "camlistore.org/third_party/launchpad.net/gocheck"
"camlistore.org/third_party/labix.org/v2/mgo"
"sync"
)
func (s *S) TestAuthLogin(c *C) {
session, err := mgo.Dial("localhost:40002")
c.Assert(err, IsNil)
defer session.Close()
coll := session.DB("mydb").C("mycoll")
err = coll.Insert(M{"n": 1})
c.Assert(err, ErrorMatches, "unauthorized")
admindb := session.DB("admin")
err = admindb.Login("root", "wrong")
c.Assert(err, ErrorMatches, "auth fails")
err = admindb.Login("root", "rapadura")
c.Assert(err, IsNil)
err = coll.Insert(M{"n": 1})
c.Assert(err, IsNil)
}
func (s *S) TestAuthLoginLogout(c *C) {
session, err := mgo.Dial("localhost:40002")
c.Assert(err, IsNil)
defer session.Close()
admindb := session.DB("admin")
err = admindb.Login("root", "rapadura")
c.Assert(err, IsNil)
admindb.Logout()
coll := session.DB("mydb").C("mycoll")
err = coll.Insert(M{"n": 1})
c.Assert(err, ErrorMatches, "unauthorized")
// Must have dropped auth from the session too.
session = session.Copy()
defer session.Close()
coll = session.DB("mydb").C("mycoll")
err = coll.Insert(M{"n": 1})
c.Assert(err, ErrorMatches, "unauthorized")
}
func (s *S) TestAuthLoginLogoutAll(c *C) {
session, err := mgo.Dial("localhost:40002")
c.Assert(err, IsNil)
defer session.Close()
admindb := session.DB("admin")
err = admindb.Login("root", "rapadura")
c.Assert(err, IsNil)
session.LogoutAll()
coll := session.DB("mydb").C("mycoll")
err = coll.Insert(M{"n": 1})
c.Assert(err, ErrorMatches, "unauthorized")
// Must have dropped auth from the session too.
session = session.Copy()
defer session.Close()
coll = session.DB("mydb").C("mycoll")
err = coll.Insert(M{"n": 1})
c.Assert(err, ErrorMatches, "unauthorized")
}
func (s *S) TestAuthAddUser(c *C) {
session, err := mgo.Dial("localhost:40002")
c.Assert(err, IsNil)
defer session.Close()
admindb := session.DB("admin")
err = admindb.Login("root", "rapadura")
c.Assert(err, IsNil)
mydb := session.DB("mydb")
err = mydb.AddUser("myruser", "mypass", true)
c.Assert(err, IsNil)
err = mydb.AddUser("mywuser", "mypass", false)
c.Assert(err, IsNil)
err = mydb.Login("myruser", "mypass")
c.Assert(err, IsNil)
admindb.Logout()
coll := session.DB("mydb").C("mycoll")
err = coll.Insert(M{"n": 1})
c.Assert(err, ErrorMatches, "unauthorized")
err = mydb.Login("mywuser", "mypass")
c.Assert(err, IsNil)
err = coll.Insert(M{"n": 1})
c.Assert(err, IsNil)
}
func (s *S) TestAuthAddUserReplaces(c *C) {
session, err := mgo.Dial("localhost:40002")
c.Assert(err, IsNil)
defer session.Close()
admindb := session.DB("admin")
err = admindb.Login("root", "rapadura")
c.Assert(err, IsNil)
mydb := session.DB("mydb")
err = mydb.AddUser("myuser", "myoldpass", false)
c.Assert(err, IsNil)
err = mydb.AddUser("myuser", "mynewpass", true)
c.Assert(err, IsNil)
admindb.Logout()
err = mydb.Login("myuser", "myoldpass")
c.Assert(err, ErrorMatches, "auth fails")
err = mydb.Login("myuser", "mynewpass")
c.Assert(err, IsNil)
// ReadOnly flag was changed too.
err = mydb.C("mycoll").Insert(M{"n": 1})
c.Assert(err, ErrorMatches, "unauthorized")
}
func (s *S) TestAuthRemoveUser(c *C) {
session, err := mgo.Dial("localhost:40002")
c.Assert(err, IsNil)
defer session.Close()
admindb := session.DB("admin")
err = admindb.Login("root", "rapadura")
c.Assert(err, IsNil)
mydb := session.DB("mydb")
err = mydb.AddUser("myuser", "mypass", true)
c.Assert(err, IsNil)
err = mydb.RemoveUser("myuser")
c.Assert(err, IsNil)
err = mydb.Login("myuser", "mypass")
c.Assert(err, ErrorMatches, "auth fails")
}
func (s *S) TestAuthLoginTwiceDoesNothing(c *C) {
session, err := mgo.Dial("localhost:40002")
c.Assert(err, IsNil)
defer session.Close()
admindb := session.DB("admin")
err = admindb.Login("root", "rapadura")
c.Assert(err, IsNil)
oldStats := mgo.GetStats()
err = admindb.Login("root", "rapadura")
c.Assert(err, IsNil)
newStats := mgo.GetStats()
c.Assert(newStats.SentOps, Equals, oldStats.SentOps)
}
func (s *S) TestAuthLoginLogoutLoginDoesNothing(c *C) {
session, err := mgo.Dial("localhost:40002")
c.Assert(err, IsNil)
defer session.Close()
admindb := session.DB("admin")
err = admindb.Login("root", "rapadura")
c.Assert(err, IsNil)
oldStats := mgo.GetStats()
admindb.Logout()
err = admindb.Login("root", "rapadura")
c.Assert(err, IsNil)
newStats := mgo.GetStats()
c.Assert(newStats.SentOps, Equals, oldStats.SentOps)
}
func (s *S) TestAuthLoginSwitchUser(c *C) {
session, err := mgo.Dial("localhost:40002")
c.Assert(err, IsNil)
defer session.Close()
admindb := session.DB("admin")
err = admindb.Login("root", "rapadura")
c.Assert(err, IsNil)
coll := session.DB("mydb").C("mycoll")
err = coll.Insert(M{"n": 1})
c.Assert(err, IsNil)
err = admindb.Login("reader", "rapadura")
c.Assert(err, IsNil)
// Can't write.
err = coll.Insert(M{"n": 1})
c.Assert(err, ErrorMatches, "unauthorized")
// But can read.
result := struct{ N int }{}
err = coll.Find(nil).One(&result)
c.Assert(err, IsNil)
c.Assert(result.N, Equals, 1)
}
func (s *S) TestAuthLoginChangePassword(c *C) {
session, err := mgo.Dial("localhost:40002")
c.Assert(err, IsNil)
defer session.Close()
admindb := session.DB("admin")
err = admindb.Login("root", "rapadura")
c.Assert(err, IsNil)
mydb := session.DB("mydb")
err = mydb.AddUser("myuser", "myoldpass", false)
c.Assert(err, IsNil)
err = mydb.Login("myuser", "myoldpass")
c.Assert(err, IsNil)
err = mydb.AddUser("myuser", "mynewpass", true)
c.Assert(err, IsNil)
err = mydb.Login("myuser", "mynewpass")
c.Assert(err, IsNil)
admindb.Logout()
// The second login must be in effect, which means read-only.
err = mydb.C("mycoll").Insert(M{"n": 1})
c.Assert(err, ErrorMatches, "unauthorized")
}
func (s *S) TestAuthLoginCachingWithSessionRefresh(c *C) {
session, err := mgo.Dial("localhost:40002")
c.Assert(err, IsNil)
defer session.Close()
admindb := session.DB("admin")
err = admindb.Login("root", "rapadura")
c.Assert(err, IsNil)
session.Refresh()
coll := session.DB("mydb").C("mycoll")
err = coll.Insert(M{"n": 1})
c.Assert(err, IsNil)
}
func (s *S) TestAuthLoginCachingWithSessionCopy(c *C) {
session, err := mgo.Dial("localhost:40002")
c.Assert(err, IsNil)
defer session.Close()
admindb := session.DB("admin")
err = admindb.Login("root", "rapadura")
c.Assert(err, IsNil)
session = session.Copy()
defer session.Close()
coll := session.DB("mydb").C("mycoll")
err = coll.Insert(M{"n": 1})
c.Assert(err, IsNil)
}
func (s *S) TestAuthLoginCachingWithSessionClone(c *C) {
session, err := mgo.Dial("localhost:40002")
c.Assert(err, IsNil)
defer session.Close()
admindb := session.DB("admin")
err = admindb.Login("root", "rapadura")
c.Assert(err, IsNil)
session = session.Clone()
defer session.Close()
coll := session.DB("mydb").C("mycoll")
err = coll.Insert(M{"n": 1})
c.Assert(err, IsNil)
}
func (s *S) TestAuthLoginCachingWithNewSession(c *C) {
session, err := mgo.Dial("localhost:40002")
c.Assert(err, IsNil)
defer session.Close()
admindb := session.DB("admin")
err = admindb.Login("root", "rapadura")
c.Assert(err, IsNil)
session = session.New()
defer session.Close()
coll := session.DB("mydb").C("mycoll")
err = coll.Insert(M{"n": 1})
c.Assert(err, ErrorMatches, "unauthorized")
}
func (s *S) TestAuthLoginCachingAcrossPool(c *C) {
// Logins are cached even when the conenction goes back
// into the pool.
session, err := mgo.Dial("localhost:40002")
c.Assert(err, IsNil)
defer session.Close()
admindb := session.DB("admin")
err = admindb.Login("root", "rapadura")
c.Assert(err, IsNil)
// Add another user to test the logout case at the same time.
mydb := session.DB("mydb")
err = mydb.AddUser("myuser", "mypass", false)
c.Assert(err, IsNil)
err = mydb.Login("myuser", "mypass")
c.Assert(err, IsNil)
// Logout root explicitly, to test both cases.
admindb.Logout()
// Give socket back to pool.
session.Refresh()
// Brand new session, should use socket from the pool.
other := session.New()
defer other.Close()
oldStats := mgo.GetStats()
err = other.DB("admin").Login("root", "rapadura")
c.Assert(err, IsNil)
err = other.DB("mydb").Login("myuser", "mypass")
c.Assert(err, IsNil)
// Both logins were cached, so no ops.
newStats := mgo.GetStats()
c.Assert(newStats.SentOps, Equals, oldStats.SentOps)
// And they actually worked.
err = other.DB("mydb").C("mycoll").Insert(M{"n": 1})
c.Assert(err, IsNil)
other.DB("admin").Logout()
err = other.DB("mydb").C("mycoll").Insert(M{"n": 1})
c.Assert(err, IsNil)
}
func (s *S) TestAuthLoginCachingAcrossPoolWithLogout(c *C) {
// Now verify that logouts are properly flushed if they
// are not revalidated after leaving the pool.
session, err := mgo.Dial("localhost:40002")
c.Assert(err, IsNil)
defer session.Close()
admindb := session.DB("admin")
err = admindb.Login("root", "rapadura")
c.Assert(err, IsNil)
// Add another user to test the logout case at the same time.
mydb := session.DB("mydb")
err = mydb.AddUser("myuser", "mypass", true)
c.Assert(err, IsNil)
err = mydb.Login("myuser", "mypass")
c.Assert(err, IsNil)
// Just some data to query later.
err = session.DB("mydb").C("mycoll").Insert(M{"n": 1})
c.Assert(err, IsNil)
// Give socket back to pool.
session.Refresh()
// Brand new session, should use socket from the pool.
other := session.New()
defer other.Close()
oldStats := mgo.GetStats()
err = other.DB("mydb").Login("myuser", "mypass")
c.Assert(err, IsNil)
// Login was cached, so no ops.
newStats := mgo.GetStats()
c.Assert(newStats.SentOps, Equals, oldStats.SentOps)
// Can't write, since root has been implicitly logged out
// when the collection went into the pool, and not revalidated.
err = other.DB("mydb").C("mycoll").Insert(M{"n": 1})
c.Assert(err, ErrorMatches, "unauthorized")
// But can read due to the revalidated myuser login.
result := struct{ N int }{}
err = other.DB("mydb").C("mycoll").Find(nil).One(&result)
c.Assert(err, IsNil)
c.Assert(result.N, Equals, 1)
}
func (s *S) TestAuthEventual(c *C) {
// Eventual sessions don't keep sockets around, so they are
// an interesting test case.
session, err := mgo.Dial("localhost:40002")
c.Assert(err, IsNil)
defer session.Close()
admindb := session.DB("admin")
err = admindb.Login("root", "rapadura")
c.Assert(err, IsNil)
err = session.DB("mydb").C("mycoll").Insert(M{"n": 1})
c.Assert(err, IsNil)
var wg sync.WaitGroup
wg.Add(20)
for i := 0; i != 10; i++ {
go func() {
defer wg.Done()
var result struct{ N int }
err := session.DB("mydb").C("mycoll").Find(nil).One(&result)
c.Assert(err, IsNil)
c.Assert(result.N, Equals, 1)
}()
}
for i := 0; i != 10; i++ {
go func() {
defer wg.Done()
err := session.DB("mydb").C("mycoll").Insert(M{"n": 1})
c.Assert(err, IsNil)
}()
}
wg.Wait()
}
func (s *S) TestAuthURL(c *C) {
session, err := mgo.Dial("mongodb://root:rapadura@localhost:40002/")
c.Assert(err, IsNil)
defer session.Close()
err = session.DB("mydb").C("mycoll").Insert(M{"n": 1})
c.Assert(err, IsNil)
}
func (s *S) TestAuthURLWrongCredentials(c *C) {
session, err := mgo.Dial("mongodb://root:wrong@localhost:40002/")
if session != nil {
session.Close()
}
c.Assert(err, ErrorMatches, "auth fails")
c.Assert(session, IsNil)
}
func (s *S) TestAuthURLWithNewSession(c *C) {
// When authentication is in the URL, the new session will
// actually carry it on as well, even if logged out explicitly.
session, err := mgo.Dial("mongodb://root:rapadura@localhost:40002/")
c.Assert(err, IsNil)
defer session.Close()
session.DB("admin").Logout()
// Do it twice to ensure it passes the needed data on.
session = session.New()
defer session.Close()
session = session.New()
defer session.Close()
err = session.DB("mydb").C("mycoll").Insert(M{"n": 1})
c.Assert(err, IsNil)
}
Reference in New Issue View Git Blame Copy Permalink