mirror of https://gitee.com/bigwinds/arangodb
aql current_user in cpp, test (#5302)
This commit is contained in:
Wilfried Goesgens
Jan
parent
379e848919
commit
7b8fce07a4
|
|
@ -352,7 +352,7 @@ void AqlFunctionFeature::addMiscFunctions() {
|
|||
add({"FIRST_DOCUMENT", ".|+", true, false, true, &Functions::FirstDocument});
|
||||
add({"PARSE_IDENTIFIER", ".", true, false, true, &Functions::ParseIdentifier});
|
||||
add({"IS_SAME_COLLECTION", ".h,.h", true, false, true, &Functions::IsSameCollection});
|
||||
add({"CURRENT_USER", "", false, false, false });
|
||||
add({"CURRENT_USER", "", false, false, false, &Functions::CurrentUser});
|
||||
add({"CURRENT_DATABASE", "", false, false, false, &Functions::CurrentDatabase});
|
||||
add({"COLLECTION_COUNT", ".h", false, true, false, &Functions::CollectionCount});
|
||||
add({"ASSERT", ".,.", false, true, true, &Functions::Assert});
|
||||
|
|
|
|||
|
|
@ -6304,6 +6304,24 @@ AqlValue Functions::CurrentDatabase(arangodb::aql::Query* query,
|
|||
return AqlValue(query->vocbase()->name());
|
||||
}
|
||||
|
||||
/// @brief function CURRENT_USER
|
||||
AqlValue Functions::CurrentUser(
|
||||
arangodb::aql::Query* query, transaction::Methods* trx,
|
||||
VPackFunctionParameters const& parameters) {
|
||||
|
||||
if (ExecContext::CURRENT == nullptr) {
|
||||
return AqlValue(AqlValueHintNull());
|
||||
}
|
||||
|
||||
std::string const& username = ExecContext::CURRENT->user();
|
||||
|
||||
if (username.size() == 0) {
|
||||
return AqlValue(AqlValueHintNull());
|
||||
}
|
||||
|
||||
return AqlValue(username);
|
||||
}
|
||||
|
||||
/// @brief function COLLECTION_COUNT
|
||||
AqlValue Functions::CollectionCount(arangodb::aql::Query* query,
|
||||
transaction::Methods* trx,
|
||||
|
|
|
|||
|
|
@ -457,6 +457,10 @@ struct Functions {
|
|||
VPackFunctionParameters const&);
|
||||
static AqlValue Fail(arangodb::aql::Query*, transaction::Methods*,
|
||||
VPackFunctionParameters const&);
|
||||
|
||||
static AqlValue CurrentUser(arangodb::aql::Query*,
|
||||
transaction::Methods*,
|
||||
VPackFunctionParameters const&);
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -47,7 +47,8 @@ function AuthSuite() {
|
|||
};
|
||||
|
||||
const jwtSecret = 'haxxmann';
|
||||
|
||||
const user = 'hackers@arangodb.com';
|
||||
|
||||
return {
|
||||
|
||||
////////////////////////////////////////////////////////////////////////////////
|
||||
|
|
@ -58,7 +59,7 @@ function AuthSuite() {
|
|||
arango.reconnect(arango.getEndpoint(), db._name(), "root", "");
|
||||
|
||||
try {
|
||||
users.remove("hackers@arangodb.com");
|
||||
users.remove(user);
|
||||
}
|
||||
catch (err) {
|
||||
}
|
||||
|
|
@ -70,7 +71,7 @@ function AuthSuite() {
|
|||
|
||||
tearDown: function () {
|
||||
try {
|
||||
users.remove("hackers@arangodb.com");
|
||||
users.remove(user);
|
||||
}
|
||||
catch (err) {
|
||||
}
|
||||
|
|
@ -81,21 +82,23 @@ function AuthSuite() {
|
|||
////////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
testNewUser: function () {
|
||||
users.save("hackers@arangodb.com", "foobar");
|
||||
users.grantDatabase('hackers@arangodb.com', db._name());
|
||||
users.grantCollection('hackers@arangodb.com', db._name(), "*");
|
||||
let expectUser = user;
|
||||
users.save(user, "foobar");
|
||||
users.grantDatabase(user, db._name());
|
||||
users.grantCollection(user, db._name(), "*");
|
||||
users.reload();
|
||||
|
||||
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "foobar");
|
||||
arango.reconnect(arango.getEndpoint(), db._name(), user, "foobar");
|
||||
|
||||
// this will issue a request using the new user
|
||||
assertTrue(db._collections().length > 0);
|
||||
assertTrue((db._query(`RETURN CURRENT_USER()`).toArray()[0] === expectUser))
|
||||
|
||||
// double check with wrong passwords
|
||||
let isBroken;
|
||||
isBroken = true;
|
||||
try {
|
||||
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "foobar2");
|
||||
arango.reconnect(arango.getEndpoint(), db._name(), user, "foobar2");
|
||||
}
|
||||
catch (err1) {
|
||||
isBroken = false;
|
||||
|
|
@ -103,7 +106,7 @@ function AuthSuite() {
|
|||
|
||||
isBroken = true;
|
||||
try {
|
||||
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "");
|
||||
arango.reconnect(arango.getEndpoint(), db._name(), user, "");
|
||||
}
|
||||
catch (err2) {
|
||||
isBroken = false;
|
||||
|
|
@ -115,12 +118,12 @@ function AuthSuite() {
|
|||
////////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
testEmptyPassword: function () {
|
||||
users.save("hackers@arangodb.com", "");
|
||||
users.grantDatabase('hackers@arangodb.com', db._name());
|
||||
users.grantCollection('hackers@arangodb.com', db._name(), "*");
|
||||
users.save(user, "");
|
||||
users.grantDatabase(user, db._name());
|
||||
users.grantCollection(user, db._name(), "*");
|
||||
users.reload();
|
||||
|
||||
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "");
|
||||
arango.reconnect(arango.getEndpoint(), db._name(), user, "");
|
||||
|
||||
// this will issue a request using the new user
|
||||
assertTrue(db._collections().length > 0);
|
||||
|
|
@ -129,7 +132,7 @@ function AuthSuite() {
|
|||
let isBroken;
|
||||
isBroken = true;
|
||||
try {
|
||||
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "foobar");
|
||||
arango.reconnect(arango.getEndpoint(), db._name(), user, "foobar");
|
||||
}
|
||||
catch (err1) {
|
||||
isBroken = false;
|
||||
|
|
@ -137,21 +140,21 @@ function AuthSuite() {
|
|||
},
|
||||
|
||||
testPasswordChange: function () {
|
||||
users.save("hackers@arangodb.com", "");
|
||||
users.grantDatabase('hackers@arangodb.com', db._name());
|
||||
users.grantCollection('hackers@arangodb.com', db._name(), "*");
|
||||
users.save(user, "");
|
||||
users.grantDatabase(user, db._name());
|
||||
users.grantCollection(user, db._name(), "*");
|
||||
users.reload();
|
||||
|
||||
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "");
|
||||
arango.reconnect(arango.getEndpoint(), db._name(), user, "");
|
||||
// this will issue a request using the new user
|
||||
assertTrue(db._collections().length > 0);
|
||||
|
||||
arango.reconnect(arango.getEndpoint(), db._name(), "root", "");
|
||||
users.replace("hackers@arangodb.com", "foo"); // replace deletes grants
|
||||
users.grantDatabase('hackers@arangodb.com', db._name());
|
||||
users.grantCollection('hackers@arangodb.com', db._name(), "*");
|
||||
users.replace(user, "foo"); // replace deletes grants
|
||||
users.grantDatabase(user, db._name());
|
||||
users.grantCollection(user, db._name(), "*");
|
||||
|
||||
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "foo");
|
||||
arango.reconnect(arango.getEndpoint(), db._name(), user, "foo");
|
||||
assertTrue(db._collections().length > 0);
|
||||
},
|
||||
|
||||
|
|
@ -160,12 +163,12 @@ function AuthSuite() {
|
|||
////////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
testPasswordCase: function () {
|
||||
users.save("hackers@arangodb.com", "FooBar");
|
||||
users.grantDatabase('hackers@arangodb.com', db._name());
|
||||
users.grantCollection('hackers@arangodb.com', db._name(), "*", "ro");
|
||||
users.save(user, "FooBar");
|
||||
users.grantDatabase(user, db._name());
|
||||
users.grantCollection(user, db._name(), "*", "ro");
|
||||
users.reload();
|
||||
|
||||
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "FooBar");
|
||||
arango.reconnect(arango.getEndpoint(), db._name(), user, "FooBar");
|
||||
|
||||
// this will issue a request using the new user
|
||||
assertTrue(db._collections().length > 0);
|
||||
|
|
@ -174,7 +177,7 @@ function AuthSuite() {
|
|||
let isBroken;
|
||||
isBroken = true;
|
||||
try {
|
||||
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "Foobar");
|
||||
arango.reconnect(arango.getEndpoint(), db._name(), user, "Foobar");
|
||||
assertTrue(db._collections().length > 0);
|
||||
}
|
||||
catch (err1) {
|
||||
|
|
@ -186,7 +189,7 @@ function AuthSuite() {
|
|||
|
||||
isBroken = true;
|
||||
try {
|
||||
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "foobar");
|
||||
arango.reconnect(arango.getEndpoint(), db._name(), user, "foobar");
|
||||
}
|
||||
catch (err2) {
|
||||
isBroken = false;
|
||||
|
|
@ -197,7 +200,7 @@ function AuthSuite() {
|
|||
|
||||
isBroken = true;
|
||||
try {
|
||||
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "FOOBAR");
|
||||
arango.reconnect(arango.getEndpoint(), db._name(), user, "FOOBAR");
|
||||
}
|
||||
catch (err3) {
|
||||
isBroken = false;
|
||||
|
|
@ -212,12 +215,12 @@ function AuthSuite() {
|
|||
////////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
testColon: function () {
|
||||
users.save("hackers@arangodb.com", "fuxx::bar");
|
||||
users.grantDatabase('hackers@arangodb.com', db._name());
|
||||
users.grantCollection('hackers@arangodb.com', db._name(), "*", "ro");
|
||||
users.save(user, "fuxx::bar");
|
||||
users.grantDatabase(user, db._name());
|
||||
users.grantCollection(user, db._name(), "*", "ro");
|
||||
users.reload();
|
||||
|
||||
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "fuxx::bar");
|
||||
arango.reconnect(arango.getEndpoint(), db._name(), user, "fuxx::bar");
|
||||
|
||||
// this will issue a request using the new user
|
||||
assertTrue(db._collections().length > 0);
|
||||
|
|
@ -226,7 +229,7 @@ function AuthSuite() {
|
|||
let isBroken;
|
||||
isBroken = true;
|
||||
try {
|
||||
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "fuxx");
|
||||
arango.reconnect(arango.getEndpoint(), db._name(), user, "fuxx");
|
||||
}
|
||||
catch (err1) {
|
||||
isBroken = false;
|
||||
|
|
@ -237,7 +240,7 @@ function AuthSuite() {
|
|||
|
||||
isBroken = true;
|
||||
try {
|
||||
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "bar");
|
||||
arango.reconnect(arango.getEndpoint(), db._name(), user, "bar");
|
||||
}
|
||||
catch (err2) {
|
||||
isBroken = false;
|
||||
|
|
@ -248,7 +251,7 @@ function AuthSuite() {
|
|||
|
||||
isBroken = true;
|
||||
try {
|
||||
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "");
|
||||
arango.reconnect(arango.getEndpoint(), db._name(), user, "");
|
||||
}
|
||||
catch (err3) {
|
||||
isBroken = false;
|
||||
|
|
@ -263,12 +266,12 @@ function AuthSuite() {
|
|||
////////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
testSpecialChars: function () {
|
||||
users.save("hackers@arangodb.com", ":\\abc'def:foobar@04. x-a");
|
||||
users.grantDatabase('hackers@arangodb.com', db._name());
|
||||
users.grantCollection('hackers@arangodb.com', db._name(), "*", "ro");
|
||||
users.save(user, ":\\abc'def:foobar@04. x-a");
|
||||
users.grantDatabase(user, db._name());
|
||||
users.grantCollection(user, db._name(), "*", "ro");
|
||||
users.reload();
|
||||
|
||||
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", ":\\abc'def:foobar@04. x-a");
|
||||
arango.reconnect(arango.getEndpoint(), db._name(), user, ":\\abc'def:foobar@04. x-a");
|
||||
|
||||
// this will issue a request using the new user
|
||||
assertTrue(db._collections().length > 0);
|
||||
|
|
@ -277,7 +280,7 @@ function AuthSuite() {
|
|||
let isBroken;
|
||||
isBroken = true;
|
||||
try {
|
||||
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "foobar");
|
||||
arango.reconnect(arango.getEndpoint(), db._name(), user, "foobar");
|
||||
}
|
||||
catch (err1) {
|
||||
isBroken = false;
|
||||
|
|
@ -288,7 +291,7 @@ function AuthSuite() {
|
|||
|
||||
isBroken = true;
|
||||
try {
|
||||
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "\\abc'def: x-a");
|
||||
arango.reconnect(arango.getEndpoint(), db._name(), user, "\\abc'def: x-a");
|
||||
}
|
||||
catch (err2) {
|
||||
isBroken = false;
|
||||
|
|
@ -299,7 +302,7 @@ function AuthSuite() {
|
|||
|
||||
isBroken = true;
|
||||
try {
|
||||
arango.reconnect(arango.getEndpoint(), db._name(), "hackers@arangodb.com", "");
|
||||
arango.reconnect(arango.getEndpoint(), db._name(), user, "");
|
||||
}
|
||||
catch (err3) {
|
||||
isBroken = false;
|
||||
|
|
@ -332,12 +335,12 @@ function AuthSuite() {
|
|||
},
|
||||
|
||||
testAuthNewUser: function () {
|
||||
users.save("hackers@arangodb.com", "foobar");
|
||||
users.save(user, "foobar");
|
||||
users.reload();
|
||||
|
||||
var res = request.post({
|
||||
url: baseUrl() + "/_open/auth",
|
||||
body: JSON.stringify({ "username": "hackers@arangodb.com", "password": "foobar" })
|
||||
body: JSON.stringify({ "username": user, "password": "foobar" })
|
||||
});
|
||||
expect(res).to.be.an.instanceof(request.Response);
|
||||
expect(res).to.have.property('statusCode', 200);
|
||||
|
|
@ -349,12 +352,12 @@ function AuthSuite() {
|
|||
},
|
||||
|
||||
testAuthNewWrongPassword: function () {
|
||||
users.save("hackers@arangodb.com", "foobarJAJA");
|
||||
users.save(user, "foobarJAJA");
|
||||
users.reload();
|
||||
|
||||
var res = request.post({
|
||||
url: baseUrl() + "/_open/auth",
|
||||
body: JSON.stringify({ "username": "hackers@arangodb.com", "password": "foobar" })
|
||||
body: JSON.stringify({ "username": user, "password": "foobar" })
|
||||
});
|
||||
expect(res).to.be.an.instanceof(request.Response);
|
||||
expect(res).to.have.property('statusCode', 401);
|
||||
|
|
@ -363,7 +366,7 @@ function AuthSuite() {
|
|||
testAuthNoPassword: function () {
|
||||
var res = request.post({
|
||||
url: baseUrl() + "/_open/auth",
|
||||
body: JSON.stringify({ "username": "hackers@arangodb.com", "passwordaa": "foobar" }),
|
||||
body: JSON.stringify({ "username": user, "passwordaa": "foobar" }),
|
||||
});
|
||||
expect(res).to.be.an.instanceof(request.Response);
|
||||
expect(res).to.have.property('statusCode', 400);
|
||||
|
|
@ -372,7 +375,7 @@ function AuthSuite() {
|
|||
testAuthNoUsername: function () {
|
||||
var res = request.post({
|
||||
url: baseUrl() + "/_open/auth",
|
||||
body: JSON.stringify({ "usern": "hackers@arangodb.com", "password": "foobar" }),
|
||||
body: JSON.stringify({ "usern": user, "password": "foobar" }),
|
||||
});
|
||||
expect(res).to.be.an.instanceof(request.Response);
|
||||
expect(res).to.have.property('statusCode', 400);
|
||||
|
|
|
|||
|
|
@ -63,7 +63,7 @@ helper.generateAllUsers();
|
|||
describe('User Rights Management', () => {
|
||||
it('should check if all users are created', () => {
|
||||
helper.switchUser('root', '_system');
|
||||
expect(userSet.size).to.be.greaterThan(0);
|
||||
expect(userSet.size).to.be.greaterThan(0);
|
||||
expect(userSet.size).to.equal(helper.userCount);
|
||||
for (let name of userSet) {
|
||||
expect(users.document(name), `Could not find user: ${name}`).to.not.be.undefined;
|
||||
|
|
@ -71,7 +71,7 @@ describe('User Rights Management', () => {
|
|||
});
|
||||
|
||||
it('should test rights for', () => {
|
||||
expect(userSet.size).to.be.greaterThan(0);
|
||||
expect(userSet.size).to.be.greaterThan(0);
|
||||
for (let name of userSet) {
|
||||
let canUse = false;
|
||||
try {
|
||||
|
|
@ -106,6 +106,9 @@ describe('User Rights Management', () => {
|
|||
RETURN service.checksum
|
||||
`).toArray().length;
|
||||
expect(size).to.equal(1, `${name} could not register foxx service with sufficient rights`);
|
||||
// The service should return the user we acces it as:
|
||||
let res = arango.PUT(mount, '');
|
||||
expect(res.hello._documents[0]).to.be.equal(name);
|
||||
} catch (e) {
|
||||
if (e.errorNum === errors.ERROR_ARANGO_READ_ONLY.code ||
|
||||
e.errorNum === errors.ERROR_FORBIDDEN.code) {
|
||||
|
|
@ -116,7 +119,7 @@ describe('User Rights Management', () => {
|
|||
try {
|
||||
foxxManager.install(fs.join(basePath, 'minimal-working-service'), mount);
|
||||
} catch (e) {
|
||||
//expect(e.errorNum).to.equal(errors.ERROR_ARANGO_READ_ONLY.code);
|
||||
// expect(e.errorNum).to.equal(errors.ERROR_ARANGO_READ_ONLY.code);
|
||||
// TODO should be forbidden rather than read only
|
||||
// expect(e.errorNum).to.equal(errors.ERROR_FORBIDDEN.code);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,3 +5,7 @@ router.get((req, res) => {
|
|||
res.send({hello: 'world'});
|
||||
});
|
||||
|
||||
router.put((req, res) => {
|
||||
let db = require('internal').db;
|
||||
res.send({hello: db._query('RETURN CURRENT_USER()')});
|
||||
});
|
||||
|
|
|
|||
|
|
@ -497,9 +497,9 @@ function ahuacatlMiscFunctionsTestSuite () { return {
|
|||
}
|
||||
}
|
||||
|
||||
var actual = getQueryResults("RETURN CURRENT_USER()");
|
||||
// there is no current user in the non-request context
|
||||
assertEqual([ expected ], actual);
|
||||
// there is no current user in the non-request context
|
||||
assertEqual([ expected ], getQueryResults("RETURN NOOPT(CURRENT_USER())"));
|
||||
assertEqual([ expected ], getQueryResults("RETURN NOOPT(V8(CURRENT_USER()))"));
|
||||
},
|
||||
|
||||
////////////////////////////////////////////////////////////////////////////////
|
||||
|
|
|
|||
Loading…
Reference in New Issue