8000 aql current_user in cpp, test by dothebart · Pull Request #5302 · arangodb/arangodb · GitHub
[go: up one dir, main page]
Skip to content

aql current_user in cpp, test #5302

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
May 19, 2018
Merged

aql current_user in cpp, test #5302

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
45c4045
aql current_user in cpp, test
mpoeter Oct 24, 2017
b2eae75
adjust to devel
dothebart May 8, 2018
72aabaa
Merge branch 'devel' of github.com:arangodb/ArangoDB into feature/dev…
dothebart May 18, 2018
e199109
Add tests for the aql CURRENT_USER() function:
dothebart May 18, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion arangod/Aql/AqlFunctionFeature.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -353,7 +353,7 @@ void AqlFunctionFeature::addMiscFunctions() {
add({"FIRST_DOCUMENT", ".|+", true, false, true, &Functions::FirstDocument});
add({"PARSE_IDENTIFIER", ".", true, false, true, &Functions::ParseIdentifier});
add({"IS_SAME_COLLECTION", ".h,.h", true, false, true, &Functions::IsSameCollection});
add({"CURRENT_USER", "", false, false, false });
add({"CURRENT_USER", "", false, false, false, &Functions::CurrentUser});
add({"CURRENT_DATABASE", "", false, false, false, &Functions::CurrentDatabase});
add({"COLLECTION_COUNT", ".h", false, true, false, &Functions::CollectionCount});
add({"ASSERT", ".,.", false, true, true, &Functions::Assert});
Expand Down
18 changes: 18 additions & 0 deletions arangod/Aql/Functions.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6305,6 +6305,24 @@ AqlValue Functions::CurrentDatabase(arangodb::aql::Query* query,
return AqlValue(query->vocbase()->name());
}

/// @brief function CURRENT_USER
AqlValue Functions::CurrentUser(
arangodb::aql::Query* query, transaction::Methods* trx,
VPackFunctionParameters const& parameters) {

if (ExecContext::CURRENT == nullptr) {
return AqlValue(AqlValueHintNull());
}

std::string const& username = ExecContext::CURRENT->user();

if (username.size() == 0) {
return AqlValue(AqlValueHintNull());
}

return AqlValue(username);
}

/// @brief function COLLECTION_COUNT
AqlValue Functions::CollectionCount(arangodb::aql::Query* query,
transaction::Methods* trx,
Expand Down
4 changes: 4 additions & 0 deletions arangod/Aql/Functions.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -457,6 +457,10 @@ struct Functions {
VPackFunctionParameters const&);
static AqlValue Fail(arangodb::aql::Query*, transaction::Methods*,
VPackFunctionParameters const&);

static AqlValue CurrentUser(arangodb::aql::Query*,
transaction::Methods*,
VPackFunctionParameters const&);
};

}
Expand Down
101 changes: 52 additions & 49 deletions js/client/tests/authentication/auth.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,8 @@ function AuthSuite() {
};

const jwtSecret = 'haxxmann';

const user = 'hackers@arangodb.com';

return {

////////////////////////////////////////////////////////////////////////////////
Expand All @@ -58,7 +59,7 @@ function AuthSuite() {
arango.reconnect(arango.getEndpoint(), db._name(), "root", "");

try {
users.remove("hackers@arangodb.com");
users.remove(user);
}
catch (err) {
}
Expand All @@ -70,7 +71,7 @@ function AuthSuite() {

tearDown: function () {
try {
users.remove("hackers@arangodb.com");
users.remove(user);
}
catch (err) {
}
Expand All @@ -81,29 +82,31 @@ function AuthSuite() {
////////////////////////////////////////////////////////////////////////////////

testNewUser: function () {
users.save("hackers@arangodb.com", "foobar");
users.grantDatabase('hackers@arangodb.com', db._name());
users.grantCollection('hackers@arangodb.com', db._name(), "*");
let expectUser = user;
users.save(user, "foobar");
users.grantDatabase(user, db._name());
users.grantCollection(user, db._name(), "*");
users.reload();

arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "foobar");
arango.reconnect(arango.getEndpoint(), db._name(), user, "foobar");

// this will issue a request using the new user
assertTrue(db._collections().length > 0);
assertTrue((db._query(`RETURN CURRENT_USER()`).toArray()[0] === expectUser))

// double check with wrong passwords
let isBroken;
isBroken = true;
try {
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "foobar2");
arango.reconnect(arango.getEndpoint(), db._name(), user, "foobar2");
}
catch (err1) {
isBroken = false;
}

isBroken = true;
try {
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "");
arango.reconnect(arango.getEndpoint(), db._name(), user, "");
}
catch (err2) {
isBroken = false;
Expand All @@ -115,12 +118,12 @@ function AuthSuite() {
////////////////////////////////////////////////////////////////////////////////

testEmptyPassword: function () {
users.save("hackers@arangodb.com", "");
users.grantDatabase('hackers@arangodb.com', db._name());
users.grantCollection('hackers@arangodb.com', db._name(), "*");
users.save(user, "");
users.grantDatabase(user, db._name());
users.grantCollection(user, db._name(), "*");
users.reload();

arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "");
arango.reconnect(arango.getEndpoint(), db._name(), user, "");

// this will issue a request using the new user
assertTrue(db._collections().length > 0);
Expand All @@ -129,29 +132,29 @@ function AuthSuite() {
let isBroken;
isBroken = true;
try {
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "foobar");
arango.reconnect(arango.getEndpoint(), db._name(), user, "foobar");
}
catch (err1) {
isBroken = false;
}
},

testPasswordChange: function () {
users.save("hackers@arangodb.com", "");
users.grantDatabase('hackers@arangodb.com', db._name());
users.grantCollection('hackers@arangodb.com', db._name(), "*");
users.save(user, "");
users.grantDatabase(user, db._name());
users.grantCollection(user, db._name(), "*");
users.reload();

arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "");
arango.reconnect(arango.getEndpoint(), db._name(), user, "");
// this will issue a request using the new user
assertTrue(db._collections().length > 0);

arango.reconnect(arango.getEndpoint(), db._name(), "root", "");
users.replace("hackers@arangodb.com", "foo"); // replace deletes grants
users.grantDatabase('hackers@arangodb.com', db._name());
users.grantCollection('hackers@arangodb.com', db._name(), "*");
users.replace(user, "foo"); // replace deletes grants
users.grantDatabase(user, db._name());
users.grantCollection(user, db._name(), "*");

arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "foo");
arango.reconnect(arango.getEndpoint(), db._name(), user, "foo");
assertTrue(db._collections().length > 0);
},

Expand All @@ -160,12 +163,12 @@ function AuthSuite() {
////////////////////////////////////////////////////////////////////////////////

testPasswordCase: function () {
users.save("hackers@arangodb.com", "FooBar");
users.grantDatabase('hackers@arangodb.com', db._name());
users.grantCollection('hackers@arangodb.com', db._name(), "*", "ro");
users.save(user, "FooBar");
users.grantDatabase(user, db._name());
users.grantCollection(user, db._name(), "*", "ro");
users.reload();

arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "FooBar");
arango.reconnect(arango.getEndpoint(), db._name(), user, "FooBar");

// this will issue a request using the new user
assertTrue(db._collections().length > 0);
Expand All @@ -174,7 +177,7 @@ function AuthSuite() {
let isBroken;
isBroken = true;
try {
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "Foobar");
arango.reconnect(arango.getEndpoint(), db._name(), user, "Foobar");
assertTrue(db._collections().length > 0);
}
catch (err1) {
Expand All @@ -186,7 +189,7 @@ function AuthSuite() {

isBroken = true;
try {
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "foobar");
arango.reconnect(arango.getEndpoint(), db._name(), user, "foobar");
}
catch (err2) {
isBroken = false;
Expand All @@ -197,7 +200,7 @@ function AuthSuite() {

isBroken = true;
try {
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "FOOBAR");
arango.reconnect(arango.getEndpoint(), db._name(), user, "FOOBAR");
}
catch (err3) {
isBroken = false;
Expand All @@ -212,12 +215,12 @@ function AuthSuite() {
////////////////////////////////////////////////////////////////////////////////

testColon: function () {
users.save("hackers@arangodb.com", "fuxx::bar");
users.grantDatabase('hackers@arangodb.com', db._name());
users.grantCollection('hackers@arangodb.com', db._name(), "*", "ro");
users.save(user, "fuxx::bar");
users.grantDatabase(user, db._name());
users.grantCollection(user, db._name(), "*", "ro");
users.reload();

arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "fuxx::bar");
arango.reconnect(arango.getEndpoint(), db._name(), user, "fuxx::bar");

// this will issue a request using the new user
assertTrue(db._collections().length > 0);
Expand All @@ -226,7 +229,7 @@ function AuthSuite() {
let isBroken;
isBroken = true;
try {
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "fuxx");
arango.reconnect(arango.getEndpoint(), db._name(), user, "fuxx");
}
catch (err1) {
isBroken = false;
Expand All @@ -237,7 +240,7 @@ function AuthSuite() {

isBroken = true;
try {
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "bar");
arango.reconnect(arango.getEndpoint(), db._name(), user, "bar");
}
catch (err2) {
isBroken = false;
Expand All @@ -248,7 +251,7 @@ function AuthSuite() {

isBroken = true;
try {
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "");
arango.reconnect(arango.getEndpoint(), db._name(), user, "");
}
catch (err3) {
isBroken = false;
Expand All @@ -263,12 +266,12 @@ function AuthSuite() {
////////////////////////////////////////////////////////////////////////////////

testSpecialChars: function () {
users.save("hackers@arangodb.com", ":\\abc'def:foobar@04. x-a");
users.grantDatabase('hackers@arangodb.com', db._name());
users.grantCollection('hackers@arangodb.com', db._name(), "*", "ro");
users.save(user, ":\\abc'def:foobar@04. x-a");
users.grantDatabase(user, db._name());
users.grantCollection(user, db._name(), "*", "ro");
users.reload();

arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", ":\\abc'def:foobar@04. x-a");
arango.reconnect(arango.getEndpoint(), db._name(), user, ":\\abc'def:foobar@04. x-a");

// this will issue a request using the new user
assertTrue(db._collections().length > 0);
Expand All @@ -277,7 +280,7 @@ function AuthSuite() {
let isBroken;
isBroken = true;
try {
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "foobar");
arango.reconnect(arango.getEndpoint(), db._name(), user, "foobar");
}
catch (err1) {
isBroken = false;
Expand All @@ -288,7 +291,7 @@ function AuthSuite() {

isBroken = true;
try {
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "\\abc'def: x-a");
arango.reconnect(arango.getEndpoint(), db._name(), user, "\\abc'def: x-a");
}
catch (err2) {
isBroken = false;
Expand All @@ -299,7 +302,7 @@ function AuthSuite() {

isBroken = true;
try {
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "");
arango.reconnect(arango.getEndpoint(), db._name(), user, "");
}
catch (err3) {
isBroken = false;
Expand Down Expand Up @@ -332,12 +335,12 @@ function AuthSuite() {
},

testAuthNewUser: function () {
users.save("hackers@arangodb.com", "foobar");
users.save(user, "foobar");
users.reload();

var res = request.post({
url: baseUrl() + "/_open/auth",
body: JSON.stringify({ "username": "hackers@arangodb.com", "password": "foobar" })
body: JSON.stringify({ "username": user, "password": "foobar" })
});
expect(res).to.be.an.instanceof(request.Response);
expect(res).to.have.property('statusCode', 200);
Expand All @@ -349,12 +352,12 @@ function AuthSuite() {
},

testAuthNewWrongPassword: function () {
users.save("hackers@arangodb.com", "foobarJAJA");
users.save(user, "foobarJAJA");
users.reload();

var res = request.post({
url: baseUrl() + "/_open/auth",
body: JSON.stringify({ "username": "hackers@arangodb.com", "password": "foobar" })
body: JSON.stringify({ "username": user, "password": "foobar" })
});
expect(res).to.be.an.instanceof(request.Response);
expect(res).to.have.property('statusCode', 401);
Expand All @@ -363,7 +366,7 @@ function AuthSuite() {
testAuthNoPassword: function () {
var res = request.post({
url: baseUrl() + "/_open/auth",
body: JSON.stringify({ "username": "hackers@arangodb.com", "passwordaa": "foobar" }),
body: JSON.stringify({ "username": user, "passwordaa": "foobar" }),
});
expect(res).to.be.an.instanceof(request.Response);
expect(res).to.have.property('statusCode', 400);
Expand All @@ -372,7 +375,7 @@ function AuthSuite() {
testAuthNoUsername: function () {
var res = request.post({
url: baseUrl() + "/_open/auth",
body: JSON.stringify({ "usern": "hackers@arangodb.com", "password": "foobar" }),
body: JSON.stringify({ "usern": user, "password": "foobar" }),
});
expect(res).to.be.an.instanceof(request.Response);
expect(res).to.have.property('statusCode', 400);
Expand Down
9 changes: 6 additions & 3 deletions js/client/tests/authentication/user-access-right-foxx-spec.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,15 +63,15 @@ helper.generateAllUsers();
describe('User Rights Management', () => {
it('should check if all users are created', () => {
helper.switchUser('root', '_system');
expect(userSet.size).to.be.greaterThan(0);
expect(userSet.size).to.be.greaterThan(0);
expect(userSet.size).to.equal(helper.userCount);
for (let name of userSet) {
expect(users.document(name), `Could not find user: ${name}`).to.not.be.undefined;
}
});

it('should test rights for', () => {
expect(userSet.size).to.be.greaterThan(0);
expect(userSet.size).to.be.greaterThan(0);
for (let name of userSet) {
let canUse = false;
try {
Expand Down Expand Up @@ -106,6 +106,9 @@ describe('User Rights Management', () => {
RETURN service.checksum
`).toArray().length;
expect(size).to.equal(1, `${name} could not register foxx service with sufficient rights`);
// The service should return the user we acces it as:
let res = arango.PUT(mount, '');
expect(res.hello._documents[0]).to.be.equal(name);
} catch (e) {
if (e.errorNum === errors.ERROR_ARANGO_READ_ONLY.code ||
e.errorNum === errors.ERROR_FORBIDDEN.code) {
Expand All @@ -116,7 +119,7 @@ describe('User Rights Management', () => {
try {
foxxManager.install(fs.join(basePath, 'minimal-working-service'), mount);
} catch (e) {
//expect(e.errorNum).to.equal(errors.ERROR_ARANGO_READ_ONLY.code);
// expect(e.errorNum).to.equal(errors.ERROR_ARANGO_READ_ONLY.code);
// TODO should be forbidden rather than read only
// expect(e.errorNum).to.equal(errors.ERROR_FORBIDDEN.code);
}
Expand Down
4 changes: 4 additions & 0 deletions js/common/test-data/apps/minimal-working-service/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,3 +5,7 @@ router.get((req, res) => {
res.send({hello: 'world'});
});

router.put((req, res) => {
let db = require('internal').db;
res.send({hello: db._query('RETURN CURRENT_USER()')});
});
Loading
0