// Tests that a client will auto-discover a user's supported SASL mechanisms during auth(). // @tags: [requires_sharding] import {ShardingTest} from "jstests/libs/shardingtest.js"; function runTest(conn) { const admin = conn.getDB("admin"); const test = conn.getDB("test"); admin.createUser({user: 'admin', pwd: 'pass', roles: jsTest.adminUserRoles}); // Verify user mechanism discovery. function checkUser(username, mechanism) { const createUser = {createUser: username, pwd: 'pwd', roles: []}; if (mechanism !== undefined) { createUser.mechanisms = [mechanism]; } else { // Create both variants, expect to prefer 256. mechanism = 'SCRAM-SHA-256'; } assert(admin.auth('admin', 'pass')); assert.commandWorked(test.runCommand(createUser)); admin.logout(); assert.eq(test._getDefaultAuthenticationMechanism(username, test.getName()), mechanism); assert(test.auth(username, 'pwd')); test.logout(); } checkUser('userSha1', 'SCRAM-SHA-1'); checkUser('userSha256', 'SCRAM-SHA-256'); checkUser('userAll'); // Verify override of mechanism discovery. // Depends on 'userAll' user created above. assert.eq(test._getDefaultAuthenticationMechanism('userAll', test.getName()), 'SCRAM-SHA-256'); test._defaultAuthenticationMechanism = 'SCRAM-SHA-1'; assert.eq(test._getDefaultAuthenticationMechanism('userAll', test.getName()), 'SCRAM-SHA-1'); test._defaultAuthenticationMechanism = 'NO-SUCH-MECHANISM'; assert.eq(test._getDefaultAuthenticationMechanism('userAll', test.getName()), 'SCRAM-SHA-256'); } // Test standalone. const m = MongoRunner.runMongod({auth: ""}); runTest(m); MongoRunner.stopMongod(m); // Test sharded. const st = new ShardingTest({shards: 1, mongos: 1, config: 1, other: {keyFile: 'jstests/libs/key1'}}); runTest(st.s0); st.stop();