8000 aql current_user in cpp, test by dothebart · Pull Request #5302 · arangodb/arangodb · GitHub
[go: up one dir, main page]

Skip to content

aql current_user in cpp, test #5302

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
May 19, 2018
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion arangod/Aql/AqlFunctionFeature.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -353,7 +353,7 @@ void AqlFunctionFeature::addMiscFunctions() {
add({"FIRST_DOCUMENT", ".|+", true, false, true, &Functions::FirstDocument});
add({"PARSE_IDENTIFIER", ".", true, false, true, &Functions::ParseIdentifier});
add({"IS_SAME_COLLECTION", ".h,.h", true, false, true, &Functions::IsSameCollection});
add({"CURRENT_USER", "", false, false, false });
add({"CURRENT_USER", "", false, false, false, &Functions::CurrentUser});
add({"CURRENT_DATABASE", "", false, false, false, &Functions::CurrentDatabase});
add({"COLLECTION_COUNT", ".h", false, true, false, &Functions::CollectionCount});
add({"ASSERT", ".,.", false, true, true, &Functions::Assert});
Expand Down
18 changes: 18 additions & 0 deletions arangod/Aql/Functions.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -6305,6 +6305,24 @@ AqlValue Functions::CurrentDatabase(arangodb::aql::Query* query,
return AqlValue(query->vocbase()->name());
}

/// @brief function CURRENT_USER
AqlValue Functions::CurrentUser(
arangodb::aql::Query* query, transaction::Methods* trx,
VPackFunctionParameters const& parameters) {

if (ExecContext::CURRENT == nullptr) {
return AqlValue(AqlValueHintNull());
}

std::string const& username = ExecContext::CURRENT->user();

if (username.size() == 0) {
return AqlValue(AqlValueHintNull());
}

return AqlValue(username);
}

/// @brief function COLLECTION_COUNT
AqlValue Functions::CollectionCount(arangodb::aql::Query* query,
transaction::Methods* trx,
Expand Down
4 changes: 4 additions & 0 deletions arangod/Aql/Functions.h
Original file line number Diff line number Diff line change
Expand Up @@ -457,6 +457,10 @@ struct Functions {
VPackFunctionParameters const&);
static AqlValue Fail(arangodb::aql::Query*, transaction::Methods*,
VPackFunctionParameters const&);

static AqlValue CurrentUser(arangodb::aql::Query*,
transaction::Methods*,
VPackFunctionParameters const&);
};

}
Expand Down
101 changes: 52 additions & 49 deletions js/client/tests/authentication/auth.js
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,8 @@ function AuthSuite() {
};

const jwtSecret = 'haxxmann';

const user = 'hackers@arangodb.com';

return {

////////////////////////////////////////////////////////////////////////////////
Expand All @@ -58,7 +59,7 @@ function AuthSuite() {
arango.reconnect(arango.getEndpoint(), db._name(), "root", "");

try {
users.remove("hackers@arangodb.com");
users.remove(user);
}
catch (err) {
}
Expand All @@ -70,7 +71,7 @@ function AuthSuite() {

tearDown: function () {
try {
users.remove("hackers@arangodb.com");
users.remove(user);
}
catch (err) {
}
Expand All @@ -81,29 +82,31 @@ function AuthSuite() {
////////////////////////////////////////////////////////////////////////////////

testNewUser: function () {
users.save("hackers@arangodb.com", "foobar");
users.grantDatabase('hackers@arangodb.com', db._name());
users.grantCollection('hackers@arangodb.com', db._name(), "*");
let expectUser = user;
users.save(user, "foobar");
users.grantDatabase(user, db._name());
users.grantCollection(user, db._name(), "*");
users.reload();

arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "foobar");
arango.reconnect(arango.getEndpoint(), db._name(), user, "foobar");

// this will issue a request using the new user
assertTrue(db._collections().length > 0);
assertTrue((db._query(`RETURN CURRENT_USER()`).toArray()[0] === expectUser))

// double check with wrong passwords
let isBroken;
isBroken = true;
try {
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "foobar2");
arango.reconnect(arango.getEndpoint(), db._name(), user, "foobar2");
}
catch (err1) {
isBroken = false;
}

isBroken = true;
try {
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "");
arango.reconnect(arango.getEndpoint(), db._name(), user, "");
}
catch (err2) {
isBroken = false;
Expand All @@ -115,12 +118,12 @@ function AuthSuite() {
////////////////////////////////////////////////////////////////////////////////

testEmptyPassword: function () {
users.save("hackers@arangodb.com", "");
users.grantDatabase('hackers@arangodb.com', db._name());
users.grantCollection('hackers@arangodb.com', db._name(), "*");
users.save(user, "");
users.grantDatabase(user, db._name());
users.grantCollection(user, db._name(), "*");
users.reload();

arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "");
arango.reconnect(arango.getEndpoint(), db._name(), user, "");

// this will issue a request using the new user
assertTrue(db._collections().length > 0);
Expand All @@ -129,29 +132,29 @@ function AuthSuite() {
let isBroken;
isBroken = true;
try {
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "foobar");
arango.reconnect(arango.getEndpoint(), db._name(), user, "foobar");
}
catch (err1) {
isBroken = false;
}
},

testPasswordChange: function () {
users.save("hackers@arangodb.com", "");
users.grantDatabase('hackers@arangodb.com', db._name());
users.grantCollection('hackers@arangodb.com', db._name(), "*");
users.save(user, "");
users.grantDatabase(user, db._name());
users.grantCollection(user, db._name(), "*");
users.reload();

arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "");
arango.reconnect(arango.getEndpoint(), db._name(), user, "");
// this will issue a request using the new user
assertTrue(db._collections().length > 0);

arango.reconnect(arango.getEndpoint(), db._name(), "root", "");
users.replace("hackers@arangodb.com", "foo"); // replace deletes grants
users.grantDatabase('hackers@arangodb.com', db._name());
users.grantCollection('hackers@arangodb.com', db._name(), "*");
users.replace(user, "foo"); // replace deletes grants
users.grantDatabase(user, db._name());
users.grantCollection(user, db._name(), "*");

arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "foo");
arango.reconnect(arango.getEndpoint(), db._name(), user, "foo");
assertTrue(db._collections().length > 0);
},

Expand All @@ -160,12 +163,12 @@ function AuthSuite() {
////////////////////////////////////////////////////////////////////////////////

testPasswordCase: function () {
users.save("hackers@arangodb.com", "FooBar");
users.grantDatabase('hackers@arangodb.com', db._name());
users.grantCollection('hackers@arangodb.com', db._name(), "*", "ro");
users.save(user, "FooBar");
users.grantDatabase(user, db._name());
users.grantCollection(user, db._name(), "*", "ro");
users.reload();

arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "FooBar");
arango.reconnect(arango.getEndpoint(), db._name(), user, "FooBar");

// this will issue a request using the new user
assertTrue(db._collections().length > 0);
Expand All @@ -174,7 +177,7 @@ function AuthSuite() {
let isBroken;
isBroken = true;
try {
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "Foobar");
arango.reconnect(arango.getEndpoint(), db._name(), user, "Foobar");
assertTrue(db._collections().length > 0);
}
catch (err1) {
Expand All @@ -186,7 +189,7 @@ function AuthSuite() {

isBroken = true;
try {
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "foobar");
arango.reconnect(arango.getEndpoint(), db._name(), user, "foobar");
}
catch (err2) {
isBroken = false;
Expand All @@ -197,7 +200,7 @@ function AuthSuite() {

isBroken = true;
try {
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "FOOBAR");
arango.reconnect(arango.getEndpoint(), db._name(), user, "FOOBAR");
}
catch (err3) {
isBroken = false;
Expand All @@ -212,12 +215,12 @@ function AuthSuite() {
////////////////////////////////////////////////////////////////////////////////

testColon: function () {
users.save("hackers@arangodb.com", "fuxx::bar");
users.grantDatabase('hackers@arangodb.com', db._name());
users.grantCollection('hackers@arangodb.com', db._name(), "*", "ro");
users.save(user, "fuxx::bar");
users.grantDatabase(user, db._name());
users.grantCollection(user, db._name(), "*", "ro");
users.reload();

arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "fuxx::bar");
arango.reconnect(arango.getEndpoint(), db._name(), user, "fuxx::bar");

// this will issue a request using the new user
assertTrue(db._collections().length > 0);
Expand All @@ -226,7 +229,7 @@ function AuthSuite() {
let isBroken;
isBroken = true;
try {
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "fuxx");
arango.reconnect(arango.getEndpoint(), db._name(), user, "fuxx");
}
catch (err1) {
isBroken = false;
Expand All @@ -237,7 +240,7 @@ function AuthSuite() {

isBroken = true;
try {
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "bar");
arango.reconnect(arango.getEndpoint(), db._name(), user, "bar");
}
catch (err2) {
isBroken = false;
Expand All @@ -248,7 +251,7 @@ function AuthSuite() {

isBroken = true;
try {
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "");
arango.reconnect(arango.getEndpoint(), db._name(), user, "");
}
catch (err3) {
isBroken = false;
Expand All @@ -263,12 +266,12 @@ function AuthSuite() {
////////////////////////////////////////////////////////////////////////////////

testSpecialChars: function () {
users.save("hackers@arangodb.com", ":\\abc'def:foobar@04. x-a");
users.grantDatabase('hackers@arangodb.com', db._name());
users.grantCollection('hackers@arangodb.com', db._name(), "*", "ro");
users.save(user, ":\\abc'def:foobar@04. x-a");
users.grantDatabase(user, db._name());
users.grantCollection(user, db._name(), "*", "ro");
users.reload();

arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", ":\\abc'def:foobar@04. x-a");
arango.reconnect(arango.getEndpoint(), db._name(), user, ":\\abc'def:foobar@04. x-a");

// this will issue a request using the new user
assertTrue(db._collections().length > 0);
Expand All @@ -277,7 +280,7 @@ function AuthSuite() {
let isBroken;
isBroken = true;
try {
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "foobar");
arango.reconnect(arango.getEndpoint(), db._name(), user, "foobar");
}
catch (err1) {
isBroken = false;
Expand All @@ -288,7 +291,7 @@ function AuthSuite() {

isBroken = true;
try {
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "\\abc'def: x-a");
arango.reconnect(arango.getEndpoint(), db._name(), user, "\\abc'def: x-a");
}
catch (err2) {
isBroken = false;
Expand All @@ -299,7 +302,7 @@ function AuthSuite() {

isBroken = true;
try {
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "");
arango.reconnect(arango.getEndpoint(), db._name(), user, "");
}
catch (err3) {
isBroken = false;
Expand Down Expand Up @@ -332,12 +335,12 @@ function AuthSuite() {
},

testAuthNewUser: function () {
users.save("hackers@arangodb.com", "foobar");
users.save(user, "foobar");
users.reload();

var res = request.post({
url: baseUrl() + "/_open/auth",
body: JSON.stringify({ "username": "hackers@arangodb.com", "password": "foobar" })
body: JSON.stringify({ "username": user, "password": "foobar" })
});
expect(res).to.be.an.instanceof(request.Response);
expect(res).to.have.property('statusCode', 200);
Expand All @@ -349,12 +352,12 @@ function AuthSuite() {
},

testAuthNewWrongPassword: function () {
users.save("hackers@arangodb.com", "foobarJAJA");
users.save(user, "foobarJAJA");
users.reload();

var res = request.post({
url: baseUrl() + "/_open/auth",
body: JSON.stringify({ "username": "hackers@arangodb.com", "password": "foobar" })
body: JSON.stringify({ "username": user, "password": "foobar" })
});
expect(res).to.be.an.instanceof(request.Response);
expect(res).to.have.property('statusCode', 401);
Expand All @@ -363,7 +366,7 @@ function AuthSuite() {
testAuthNoPassword: function () {
var res = request.post({
url: baseUrl() + "/_open/auth",
body: JSON.stringify({ "username": "hackers@arangodb.com", "passwordaa": "foobar" }),
body: JSON.stringify({ "username": user, "passwordaa": "foobar" }),
});
expect(res).to.be.an.instanceof(request.Response);
expect(res).to.have.property('statusCode', 400);
Expand All @@ -372,7 +375,7 @@ function AuthSuite() {
testAuthNoUsername: function () {
var res = request.post({
url: baseUrl() + "/_open/auth",
body: JSON.stringify({ "usern": "hackers@arangodb.com", "password": "foobar" }),
body: JSON.stringify({ "usern": user, "password": "foobar" }),
});
expect(res).to.be.an.instanceof(request.Response);
expect(res).to.have.property('statusCode', 400);
Expand Down
9 changes: 6 additions & 3 deletions js/client/tests/authentication/user-access-right-foxx-spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -63,15 +63,15 @@ helper.generateAllUsers();
describe('User Rights Management', () => {
it('should check if all users are created', () => {
helper.switchUser('root', '_system');
expect(userSet.size).to.be.greaterThan(0);
expect(userSet.size).to.be.greaterThan(0);
expect(userSet.size).to.equal(helper.userCount);
for (let name of userSet) {
expect(users.document(name), `Could not find user: ${name}`).to.not.be.undefined;
}
});

it('should test rights for', () => {
expect(userSet.size).to.be.greaterThan(0);
expect(userSet.size).to.be.greaterThan(0);
for (let name of userSet) {
let canUse = false;
try {
Expand Down Expand Up @@ -106,6 +106,9 @@ describe('User Rights Management', () => {
RETURN service.checksum
`).toArray().length;
expect(size).to.equal(1, `${name} could not register foxx service with sufficient rights`);
// The service should return the user we acces it as:
let res = arango.PUT(mount, '');
expect(res.hello._documents[0]).to.be.equal(name);
} catch (e) {
if (e.errorNum === errors.ERROR_ARANGO_READ_ONLY.code ||
e.errorNum === errors.ERROR_FORBIDDEN.code) {
Expand All @@ -116,7 +119,7 @@ describe('User Rights Management', () => {
try {
foxxManager.install(fs.join(basePath, 'minimal-working-service'), mount);
} catch (e) {
//expect(e.errorNum).to.equal(errors.ERROR_ARANGO_READ_ONLY.code);
// expect(e.errorNum).to.equal(errors.ERROR_ARANGO_READ_ONLY.code);
// TODO should be forbidden rather than read only
// expect(e.errorNum).to.equal(errors.ERROR_FORBIDDEN.code);
}
Expand Down
4 changes: 4 additions & 0 deletions js/common/test-data/apps/minimal-working-service/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -5,3 +5,7 @@ router.get((req, res) => {
res.send({hello: 'world'});
});

router.put((req, res) => {
let db = require('internal').db;
res.send({hello: db._query('RETURN CURRENT_USER()')});
});
Loading
0