forked from virtix/cfmongodb
/
AuthenticationTest.cfc
90 lines (62 loc) · 2.63 KB
/
AuthenticationTest.cfc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
<!---
Original Author: Ciarán Archer
Desc: Set of MXUnit tests to verify Mongo.cfc authentication functionality
works.
Note: presumes that mongod was started with --auth, BUT we don't run tests against an authenticated mongod. Consequently,
we have to mock these behaviors and test that *our* code responds against what we currently know to be MongoDB's behavior
when running a DB in auth mode
If you run these tests with --auth, they will no doubt fail
More info here: http://www.mongodb.org/display/DOCS/Security+and+Authentication
--->
<!---
WHERE I AM with these tests
1) need to add a user to admin.system.users or do whatever it takes to see what actually happens when an authenticated attempt fails due to not being authed
2) spoof the query() function to throw a similar error
3) have mongo.init() check for authentication required and work that into authenticate()
4) get these tests testing that behavior.
NOTE: to get this working:
use admin
db.addUser("one","one")
then attempted to query against it
--->
<cfcomponent output="false" extends="BaseTestCase">
<cfscript>
import cfmongodb.core.*;
variables.testDatabase = "cfmongodb_auth_tests";
variables.testCollection = "authtests";
function beforeTests(){
mongoConfig = getMongoConfig( variables.testDatabase );
mongo = createObject('component','cfmongodb.core.Mongo').init(mongoConfig);
}
function authentication_should_error_when_authentication_fails() {
var mongo = createObject('component','cfmongodb.core.Mongo');
//we entirely spoof the authentication internals
injectMethod(mongo, this, "authenticateOverride", "authenticate");
expectException("com.mongodb.CommandResult$CommandFailure");
mongo.init(mongoConfig);
var authResult = mongo.authenticate( "username", "verysecurepassword!" );
//debug(authResult);
}
function authentication_should_not_error_when_authentication_passes() {
var mongo = createObject('component','cfmongodb.core.Mongo');
injectMethod(mongo, this, "authenticateSuccessOverride", "authenticate");
mongo.init(mongoConfig);
mongo.authenticate( "username", "verysecurepassword!" );
}
function tearDown(){
var mongo = createObject('component','cfmongodb.core.Mongo').init(mongoConfig);
try{
mongo.dropDatabase();
}catch(any e){
debug("error dropping database");
debug(e);
}
//close connection
mongo.close();
}
private function authenticateOverride(){
throw(message='command failed [command failed [authenticate] { "errmsg" : "auth fails" , "ok" : 0.0}', type="com.mongodb.CommandResult$CommandFailure");
}
private function authenticateSuccessOverride(){ }
</cfscript>
</cfcomponent>