Revert "user tests use credentials for test runner"

This reverts commit b08beea.
FerretDB · Feb 19, 2024 · 287b728 · 287b728
1 parent 4286628
commit 287b728
Show file tree

Hide file tree

Showing 9 changed files with 77 additions and 35 deletions.
diff --git a/integration/users/connection_test.go b/integration/users/connection_test.go
@@ -35,8 +35,8 @@ func TestAuthentication(t *testing.T) {
 
 	s := setup.SetupWithOpts(t, nil)
 	ctx := s.Ctx
-
-	db, collection := createUserTestRunnerUser(t, s)
+	collection := s.Collection
+	db := collection.Database()
 
 	testCases := map[string]struct { //nolint:vet // for readability
 		username       string
@@ -228,7 +228,9 @@ func TestAuthenticationEnableNewAuthNoUserExists(t *testing.T) {
 	t.Parallel()
 
 	s := setup.SetupWithOpts(t, nil)
-	ctx, collection, db := s.Ctx, s.Collection, s.Collection.Database()
+	ctx := s.Ctx
+	collection := s.Collection
+	db := collection.Database()
 
 	testCases := map[string]struct { //nolint:vet // for readability
 		username  string
@@ -297,8 +299,8 @@ func TestAuthenticationEnableNewAuthWithExistingUser(t *testing.T) {
 
 	s := setup.SetupWithOpts(t, nil)
 	ctx := s.Ctx
-
-	db, collection := createUserTestRunnerUser(t, s)
+	collection := s.Collection
+	db := collection.Database()
 
 	err := db.RunCommand(ctx, bson.D{
 		{"createUser", "sha256-user"},
@@ -308,14 +310,45 @@ func TestAuthenticationEnableNewAuthWithExistingUser(t *testing.T) {
 	}).Err()
 	require.NoErrorf(t, err, "cannot create user")
 
+	t.Cleanup(func() {
+		// once the first user has been created use that user for any other action
+		// until local exception is implemented
+		opts := options.Client().ApplyURI(s.MongoDBURI).SetAuth(options.Credential{
+			AuthMechanism: "SCRAM-SHA-256",
+			AuthSource:    db.Name(),
+			Username:      "sha256-user",
+			Password:      "correct",
+		})
+
+		client, err := mongo.Connect(ctx, opts)
+		require.NoError(t, err, "cannot connect to MongoDB")
+
+		require.NoError(t, client.Database(db.Name()).RunCommand(ctx, bson.D{{"dropUser", "sha256-user"}}).Err())
+	})
+
 	if !setup.IsMongoDB(t) {
-		err = db.RunCommand(ctx, bson.D{
+		// once the first user has been created use that user for any other action
+		// until local exception is implemented
+		opts := options.Client().ApplyURI(s.MongoDBURI).SetAuth(options.Credential{
+			AuthMechanism: "SCRAM-SHA-256",
+			AuthSource:    db.Name(),
+			Username:      "sha256-user",
+			Password:      "correct",
+		})
+
+		client, err := mongo.Connect(ctx, opts)
+		require.NoError(t, err, "cannot connect to MongoDB")
+		err = client.Database(db.Name()).RunCommand(ctx, bson.D{
 			{"createUser", "plain-user"},
 			{"roles", bson.A{}},
 			{"pwd", "correct"},
 			{"mechanisms", bson.A{"PLAIN"}},
 		}).Err()
 		require.NoErrorf(t, err, "cannot create user")
+
+		t.Cleanup(func() {
+			require.NoError(t, client.Database(db.Name()).RunCommand(ctx, bson.D{{"dropUser", "plain-user"}}).Err())
+		})
 	}
 
 	testCases := map[string]struct { //nolint:vet // for readability

diff --git a/integration/users/create_user_test.go b/integration/users/create_user_test.go
@@ -15,6 +15,7 @@
 package users
 
 import (
+	"fmt"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
@@ -266,7 +267,7 @@ func TestCreateUser(t *testing.T) {
 			user.Remove("credentials")
 
 			expectedRec := integration.ConvertDocument(t, bson.D{
-				{"_id", must.NotFail(payload.Get("createUser"))},
+				{"_id", fmt.Sprintf("%s.%s", db.Name(), must.NotFail(payload.Get("createUser")))},
 				{"user", must.NotFail(payload.Get("createUser"))},
 				{"db", db.Name()},
 				{"roles", bson.A{}},
@@ -316,7 +317,8 @@ func createUserTestRunnerUser(tb *testing.T, s *setup.SetupResult) (*mongo.Datab
 	}
 
 	username, pwd, mechanism := "user-test-runner", "password", "PLAIN"
-	err := s.Collection.Database().Client().Database("admin").RunCommand(s.Ctx, bson.D{
+
+	err := s.Collection.Database().RunCommand(s.Ctx, bson.D{
 		{"createUser", username},
 		{"roles", bson.A{}},
 		{"pwd", pwd},
@@ -340,7 +342,6 @@ func createUserTestRunnerUser(tb *testing.T, s *setup.SetupResult) (*mongo.Datab
 
 	tb.Cleanup(func() {
 		require.NoError(tb, db.RunCommand(s.Ctx, bson.D{{"dropAllUsersFromDatabase", 1}}).Err())
-		require.NoError(tb, client.Database("admin").RunCommand(s.Ctx, bson.D{{"dropAllUsersFromDatabase", 1}}).Err())
 	})
 
 	return db, collection

diff --git a/integration/users/drop_all_users_from_database_test.go b/integration/users/drop_all_users_from_database_test.go
@@ -34,9 +34,8 @@ import (
 func TestDropAllUsersFromDatabase(t *testing.T) {
 	t.Parallel()
 
-	s := setup.SetupWithOpts(t, nil)
-	ctx := s.Ctx
-	db, collection := createUserTestRunnerUser(t, s)
+	ctx, collection := setup.Setup(t)
+	db := collection.Database()
 	client := collection.Database().Client()
 
 	quantity := 5 // Add some users to the database.

diff --git a/integration/users/update_user_test.go b/integration/users/update_user_test.go
@@ -155,7 +155,7 @@ func TestUpdateUser(t *testing.T) {
 				{"pwd", "donotchange"},
 			},
 			expected: bson.D{
-				{"_id", "same_password_user"},
+				{"_id", "TestUpdateUser.same_password_user"},
 				{"user", "same_password_user"},
 				{"db", "TestUpdateUser"},
 				{"roles", bson.A{}},
@@ -172,7 +172,7 @@ func TestUpdateUser(t *testing.T) {
 				{"pwd", "anewpassword"},
 			},
 			expected: bson.D{
-				{"_id", "a_user"},
+				{"_id", "TestUpdateUser.a_user"},
 				{"user", "a_user"},
 				{"db", "TestUpdateUser"},
 				{"roles", bson.A{}},
@@ -190,7 +190,7 @@ func TestUpdateUser(t *testing.T) {
 				{"pwd", "anewpassword"},
 			},
 			expected: bson.D{
-				{"_id", "a_user_with_mechanism"},
+				{"_id", "TestUpdateUser.a_user_with_mechanism"},
 				{"user", "a_user_with_mechanism"},
 				{"db", "TestUpdateUser"},
 				{"roles", bson.A{}},
@@ -210,7 +210,7 @@ func TestUpdateUser(t *testing.T) {
 				{"mechanisms", bson.A{"SCRAM-SHA-256"}},
 			},
 			expected: bson.D{
-				{"_id", "a_user_with_scram_mechanism"},
+				{"_id", "TestUpdateUser.a_user_with_scram_mechanism"},
 				{"user", "a_user_with_scram_mechanism"},
 				{"db", "TestUpdateUser"},
 				{"roles", bson.A{}},
@@ -246,7 +246,7 @@ func TestUpdateUser(t *testing.T) {
 				{"pwd", "anewpassword"},
 			},
 			expected: bson.D{
-				{"_id", "a_user_with_no_roles"},
+				{"_id", "TestUpdateUser.a_user_with_no_roles"},
 				{"user", "a_user_with_no_roles"},
 				{"db", "TestUpdateUser"},
 				{"roles", bson.A{}},
@@ -264,7 +264,7 @@ func TestUpdateUser(t *testing.T) {
 				{"comment", "test string comment"},
 			},
 			expected: bson.D{
-				{"_id", "another_user"},
+				{"_id", "TestUpdateUser.another_user"},
 				{"user", "another_user"},
 				{"db", "TestUpdateUser"},
 				{"roles", bson.A{}},

diff --git a/integration/users/usersinfo_test.go b/integration/users/usersinfo_test.go
@@ -41,11 +41,8 @@ func createUser(username, password string) bson.D {
 func TestUsersinfo(t *testing.T) {
 	t.Parallel()
 
-	s := setup.SetupWithOpts(t, nil)
-	ctx := s.Ctx
-
-	db, _ := createUserTestRunnerUser(t, s)
-	client := db.Client()
+	ctx, collection := setup.Setup(t)
+	client := collection.Database().Client()
 
 	dbToUsers := []struct {
 		dbSuffix string
@@ -459,14 +456,14 @@ func TestUsersinfo(t *testing.T) {
 				},
 			}},
 			hasUser: map[string]struct{}{
-				"one":        {},
-				"two":        {},
-				"a":          {},
-				"b":          {},
-				"c":          {},
-				"i":          {},
-				"j":          {},
-				"singleuser": {},
+				"TestUsersinfo.one":                {},
+				"TestUsersinfo.two":                {},
+				"TestUsersinfo_example.a":          {},
+				"TestUsersinfo_example.b":          {},
+				"TestUsersinfo_example.c":          {},
+				"TestUsersinfo_few.i":              {},
+				"TestUsersinfo_few.j":              {},
+				"TestUsersinfo_another.singleuser": {},
 			},
 		},
 	}

diff --git a/internal/handler/authenticate.go b/internal/handler/authenticate.go
@@ -54,9 +54,21 @@ func (h *Handler) authenticate(ctx context.Context, msg *wire.OpMsg) error {
 		return lazyerrors.Error(err)
 	}
 
+	document, err := msg.Document()
+	if err != nil {
+		return lazyerrors.Error(err)
+	}
+
+	var dbName string
+
+	if dbName, err = common.GetRequiredParam[string](document, "$db"); err != nil {
+		return err
+	}
+
 	username, pwd := conninfo.Get(ctx).Auth()
 
-	filter := must.NotFail(types.NewDocument("_id", username))
+	// NOTE: how does a user with access to all database look like?
+	filter := must.NotFail(types.NewDocument("_id", dbName+"."+username))
 
 	qr, err := usersCol.Query(ctx, nil)
 	if err != nil {

diff --git a/internal/handler/msg_createuser.go b/internal/handler/msg_createuser.go
@@ -145,7 +145,7 @@ func (h *Handler) MsgCreateUser(ctx context.Context, msg *wire.OpMsg) (*wire.OpM
 
 	id := uuid.New()
 	saved := must.NotFail(types.NewDocument(
-		"_id", username,
+		"_id", dbName+"."+username,
 		"credentials", credentials,
 		"user", username,
 		"db", dbName,

diff --git a/internal/handler/msg_dropuser.go b/internal/handler/msg_dropuser.go
@@ -61,7 +61,7 @@ func (h *Handler) MsgDropUser(ctx context.Context, msg *wire.OpMsg) (*wire.OpMsg
 	}
 
 	res, err := users.DeleteAll(ctx, &backends.DeleteAllParams{
-		IDs: []any{username},
+		IDs: []any{dbName + "." + username},
 	})
 	if err != nil {
 		return nil, lazyerrors.Error(err)

diff --git a/internal/handler/msg_usersinfo.go b/internal/handler/msg_usersinfo.go
@@ -281,7 +281,7 @@ func usersInfoFilter(allDBs, singleDB bool, dbName string, pairs []usersInfoPair
 
 	ps := []any{}
 	for _, p := range pairs {
-		ps = append(ps, p.username)
+		ps = append(ps, p.db+"."+p.username)
 	}
 
 	ids, err := types.NewArray(ps...)