def test_uri_options(self): # Test default to admin host, port = client_context.host, client_context.port client = rs_or_single_client_noauth( 'mongodb://*****:*****@%s:%d' % (host, port)) self.assertTrue(client.admin.command('dbstats')) if client_context.is_rs: uri = ('mongodb://*****:*****@%s:%d/?replicaSet=%s' % ( host, port, client_context.replica_set_name)) client = single_client_noauth(uri) self.assertTrue(client.admin.command('dbstats')) db = client.get_database( 'admin', read_preference=ReadPreference.SECONDARY) self.assertTrue(db.command('dbstats')) # Test explicit database uri = 'mongodb://*****:*****@%s:%d/pymongo_test' % (host, port) client = rs_or_single_client_noauth(uri) self.assertRaises(OperationFailure, client.admin.command, 'dbstats') self.assertTrue(client.pymongo_test.command('dbstats')) if client_context.is_rs: uri = ('mongodb://*****:*****@%s:%d/pymongo_test?replicaSet=%s' % ( host, port, client_context.replica_set_name)) client = single_client_noauth(uri) self.assertRaises(OperationFailure, client.admin.command, 'dbstats') self.assertTrue(client.pymongo_test.command('dbstats')) db = client.get_database( 'pymongo_test', read_preference=ReadPreference.SECONDARY) self.assertTrue(db.command('dbstats')) # Test authSource uri = ('mongodb://*****:*****@%s:%d' '/pymongo_test2?authSource=pymongo_test' % (host, port)) client = rs_or_single_client_noauth(uri) self.assertRaises(OperationFailure, client.pymongo_test2.command, 'dbstats') self.assertTrue(client.pymongo_test.command('dbstats')) if client_context.is_rs: uri = ('mongodb://*****:*****@%s:%d/pymongo_test2?replicaSet=' '%s;authSource=pymongo_test' % ( host, port, client_context.replica_set_name)) client = single_client_noauth(uri) self.assertRaises(OperationFailure, client.pymongo_test2.command, 'dbstats') self.assertTrue(client.pymongo_test.command('dbstats')) db = client.get_database( 'pymongo_test', read_preference=ReadPreference.SECONDARY) self.assertTrue(db.command('dbstats'))
def test_uri_options(self): # Test default to admin host, port = client_context.host, client_context.port client = rs_or_single_client_noauth('mongodb://*****:*****@%s:%d' % (host, port)) self.assertTrue(client.admin.command('dbstats')) if client_context.is_rs: uri = ('mongodb://*****:*****@%s:%d/?replicaSet=%s' % (host, port, client_context.replica_set_name)) client = single_client_noauth(uri) self.assertTrue(client.admin.command('dbstats')) db = client.get_database('admin', read_preference=ReadPreference.SECONDARY) self.assertTrue(db.command('dbstats')) # Test explicit database uri = 'mongodb://*****:*****@%s:%d/pymongo_test' % (host, port) client = rs_or_single_client_noauth(uri) self.assertRaises(OperationFailure, client.admin.command, 'dbstats') self.assertTrue(client.pymongo_test.command('dbstats')) if client_context.is_rs: uri = ('mongodb://*****:*****@%s:%d/pymongo_test?replicaSet=%s' % (host, port, client_context.replica_set_name)) client = single_client_noauth(uri) self.assertRaises(OperationFailure, client.admin.command, 'dbstats') self.assertTrue(client.pymongo_test.command('dbstats')) db = client.get_database('pymongo_test', read_preference=ReadPreference.SECONDARY) self.assertTrue(db.command('dbstats')) # Test authSource uri = ('mongodb://*****:*****@%s:%d' '/pymongo_test2?authSource=pymongo_test' % (host, port)) client = rs_or_single_client_noauth(uri) self.assertRaises(OperationFailure, client.pymongo_test2.command, 'dbstats') self.assertTrue(client.pymongo_test.command('dbstats')) if client_context.is_rs: uri = ('mongodb://*****:*****@%s:%d/pymongo_test2?replicaSet=' '%s;authSource=pymongo_test' % (host, port, client_context.replica_set_name)) client = single_client_noauth(uri) self.assertRaises(OperationFailure, client.pymongo_test2.command, 'dbstats') self.assertTrue(client.pymongo_test.command('dbstats')) db = client.get_database('pymongo_test', read_preference=ReadPreference.SECONDARY) self.assertTrue(db.command('dbstats'))
def test_scram_sha1(self): host, port = client_context.host, client_context.port with ignore_deprecations(): client = rs_or_single_client_noauth() self.assertTrue( client.pymongo_test.authenticate('user', 'pass', mechanism='SCRAM-SHA-1')) client.pymongo_test.command('dbstats') client = rs_or_single_client_noauth( 'mongodb://*****:*****@%s:%d/pymongo_test?authMechanism=SCRAM-SHA-1' % (host, port)) client.pymongo_test.command('dbstats') if client_context.is_rs: uri = ('mongodb://*****:*****@%s:%d/pymongo_test?authMechanism=SCRAM-SHA-1' '&replicaSet=%s' % (host, port, client_context.replica_set_name)) client = single_client_noauth(uri) client.pymongo_test.command('dbstats') db = client.get_database('pymongo_test', read_preference=ReadPreference.SECONDARY) db.command('dbstats')
def test_5_check_out_fails_auth_error(self): listener = CMAPListener() client = single_client_noauth( username="******", password="******", event_listeners=[listener]) self.addCleanup(client.close) # Attempt to create a new connection. with self.assertRaisesRegex(OperationFailure, 'failed'): client.admin.command('ping') self.assertIsInstance(listener.events[0], PoolCreatedEvent) self.assertIsInstance(listener.events[1], PoolReadyEvent) self.assertIsInstance(listener.events[2], ConnectionCheckOutStartedEvent) self.assertIsInstance(listener.events[3], ConnectionCreatedEvent) # Error happens here. self.assertIsInstance(listener.events[4], ConnectionClosedEvent) self.assertIsInstance(listener.events[5], ConnectionCheckOutFailedEvent) self.assertEqual(listener.events[5].reason, ConnectionCheckOutFailedReason.CONN_ERROR)
def test_scram_sha1(self): host, port = client_context.host, client_context.port client = rs_or_single_client_noauth() self.assertTrue(client.pymongo_test.authenticate( 'user', 'pass', mechanism='SCRAM-SHA-1')) client.pymongo_test.command('dbstats') client = rs_or_single_client_noauth( 'mongodb://*****:*****@%s:%d/pymongo_test?authMechanism=SCRAM-SHA-1' % (host, port)) client.pymongo_test.command('dbstats') if client_context.is_rs: uri = ('mongodb://*****:*****@%s:%d/pymongo_test?authMechanism=SCRAM-SHA-1' '&replicaSet=%s' % (host, port, client_context.replica_set_name)) client = single_client_noauth(uri) client.pymongo_test.command('dbstats') db = client.get_database( 'pymongo_test', read_preference=ReadPreference.SECONDARY) db.command('dbstats')
def test_scram(self): host, port = client_context.host, client_context.port client_context.create_user('testscram', 'sha1', 'pwd', roles=['dbOwner'], mechanisms=['SCRAM-SHA-1']) client_context.create_user('testscram', 'sha256', 'pwd', roles=['dbOwner'], mechanisms=['SCRAM-SHA-256']) client_context.create_user('testscram', 'both', 'pwd', roles=['dbOwner'], mechanisms=['SCRAM-SHA-1', 'SCRAM-SHA-256']) client = rs_or_single_client_noauth(event_listeners=[self.listener]) self.assertTrue(client.testscram.authenticate('sha1', 'pwd')) client.testscram.command('dbstats') client.testscram.logout() self.assertTrue( client.testscram.authenticate('sha1', 'pwd', mechanism='SCRAM-SHA-1')) client.testscram.command('dbstats') client.testscram.logout() self.assertRaises(OperationFailure, client.testscram.authenticate, 'sha1', 'pwd', mechanism='SCRAM-SHA-256') self.assertTrue(client.testscram.authenticate('sha256', 'pwd')) client.testscram.command('dbstats') client.testscram.logout() self.assertTrue( client.testscram.authenticate('sha256', 'pwd', mechanism='SCRAM-SHA-256')) client.testscram.command('dbstats') client.testscram.logout() self.assertRaises(OperationFailure, client.testscram.authenticate, 'sha256', 'pwd', mechanism='SCRAM-SHA-1') self.listener.results.clear() self.assertTrue(client.testscram.authenticate('both', 'pwd')) started = self.listener.results['started'][0] self.assertEqual(started.command.get('mechanism'), 'SCRAM-SHA-256') client.testscram.command('dbstats') client.testscram.logout() self.assertTrue( client.testscram.authenticate('both', 'pwd', mechanism='SCRAM-SHA-256')) client.testscram.command('dbstats') client.testscram.logout() self.assertTrue( client.testscram.authenticate('both', 'pwd', mechanism='SCRAM-SHA-1')) client.testscram.command('dbstats') client.testscram.logout() self.assertRaises(OperationFailure, client.testscram.authenticate, 'not-a-user', 'pwd') if HAVE_STRINGPREP: # Test the use of SASLprep on passwords. For example, # saslprep(u'\u2136') becomes u'IV' and saslprep(u'I\u00ADX') # becomes u'IX'. SASLprep is only supported when the standard # library provides stringprep. client_context.create_user('testscram', u'\u2168', u'\u2163', roles=['dbOwner'], mechanisms=['SCRAM-SHA-256']) client_context.create_user('testscram', u'IX', u'IX', roles=['dbOwner'], mechanisms=['SCRAM-SHA-256']) self.assertTrue(client.testscram.authenticate( u'\u2168', u'\u2163')) client.testscram.command('dbstats') client.testscram.logout() self.assertTrue( client.testscram.authenticate(u'\u2168', u'\u2163', mechanism='SCRAM-SHA-256')) client.testscram.command('dbstats') client.testscram.logout() self.assertTrue(client.testscram.authenticate(u'\u2168', u'IV')) client.testscram.command('dbstats') client.testscram.logout() self.assertTrue(client.testscram.authenticate(u'IX', u'I\u00ADX')) client.testscram.command('dbstats') client.testscram.logout() self.assertTrue( client.testscram.authenticate(u'IX', u'I\u00ADX', mechanism='SCRAM-SHA-256')) client.testscram.command('dbstats') client.testscram.logout() self.assertTrue(client.testscram.authenticate(u'IX', u'IX')) client.testscram.command('dbstats') client.testscram.logout() client = rs_or_single_client_noauth( u'mongodb://\u2168:\u2163@%s:%d/testscram' % (host, port)) client.testscram.command('dbstats') client = rs_or_single_client_noauth( u'mongodb://\u2168:IV@%s:%d/testscram' % (host, port)) client.testscram.command('dbstats') client = rs_or_single_client_noauth( u'mongodb://*****:*****@%s:%d/testscram' % (host, port)) client.testscram.command('dbstats') client = rs_or_single_client_noauth( u'mongodb://*****:*****@%s:%d/testscram' % (host, port)) client.testscram.command('dbstats') self.listener.results.clear() client = rs_or_single_client_noauth( 'mongodb://*****:*****@%s:%d/testscram' % (host, port), event_listeners=[self.listener]) client.testscram.command('dbstats') if client_context.version.at_least(4, 4, -1): # Speculative authentication in 4.4+ sends saslStart with the # handshake. self.assertEqual(self.listener.results['started'], []) else: started = self.listener.results['started'][0] self.assertEqual(started.command.get('mechanism'), 'SCRAM-SHA-256') client = rs_or_single_client_noauth( 'mongodb://*****:*****@%s:%d/testscram?authMechanism=SCRAM-SHA-1' % (host, port)) client.testscram.command('dbstats') client = rs_or_single_client_noauth( 'mongodb://*****:*****@%s:%d/testscram?authMechanism=SCRAM-SHA-256' % (host, port)) client.testscram.command('dbstats') if client_context.is_rs: uri = ('mongodb://*****:*****@%s:%d/testscram' '?replicaSet=%s' % (host, port, client_context.replica_set_name)) client = single_client_noauth(uri) client.testscram.command('dbstats') db = client.get_database('testscram', read_preference=ReadPreference.SECONDARY) db.command('dbstats')
def test_scram(self): # Step 1: create users client_context.create_user('testscram', 'sha1', 'pwd', roles=['dbOwner'], mechanisms=['SCRAM-SHA-1']) client_context.create_user('testscram', 'sha256', 'pwd', roles=['dbOwner'], mechanisms=['SCRAM-SHA-256']) client_context.create_user('testscram', 'both', 'pwd', roles=['dbOwner'], mechanisms=['SCRAM-SHA-1', 'SCRAM-SHA-256']) # Step 2: verify auth success cases client = rs_or_single_client_noauth(username='******', password='******', authSource='testscram') client.testscram.command('dbstats') client = rs_or_single_client_noauth(username='******', password='******', authSource='testscram', authMechanism='SCRAM-SHA-1') client.testscram.command('dbstats') client = rs_or_single_client_noauth(username='******', password='******', authSource='testscram') client.testscram.command('dbstats') client = rs_or_single_client_noauth(username='******', password='******', authSource='testscram', authMechanism='SCRAM-SHA-256') client.testscram.command('dbstats') # Step 2: SCRAM-SHA-1 and SCRAM-SHA-256 client = rs_or_single_client_noauth(username='******', password='******', authSource='testscram', authMechanism='SCRAM-SHA-1') client.testscram.command('dbstats') client = rs_or_single_client_noauth(username='******', password='******', authSource='testscram', authMechanism='SCRAM-SHA-256') client.testscram.command('dbstats') self.listener.results.clear() client = rs_or_single_client_noauth(username='******', password='******', authSource='testscram', event_listeners=[self.listener]) client.testscram.command('dbstats') if client_context.version.at_least(4, 4, -1): # Speculative authentication in 4.4+ sends saslStart with the # handshake. self.assertEqual(self.listener.results['started'], []) else: started = self.listener.results['started'][0] self.assertEqual(started.command.get('mechanism'), 'SCRAM-SHA-256') # Step 3: verify auth failure conditions client = rs_or_single_client_noauth(username='******', password='******', authSource='testscram', authMechanism='SCRAM-SHA-256') with self.assertRaises(OperationFailure): client.testscram.command('dbstats') client = rs_or_single_client_noauth(username='******', password='******', authSource='testscram', authMechanism='SCRAM-SHA-1') with self.assertRaises(OperationFailure): client.testscram.command('dbstats') client = rs_or_single_client_noauth(username='******', password='******', authSource='testscram') with self.assertRaises(OperationFailure): client.testscram.command('dbstats') if client_context.is_rs: host, port = client_context.host, client_context.port uri = ('mongodb://*****:*****@%s:%d/testscram' '?replicaSet=%s' % (host, port, client_context.replica_set_name)) client = single_client_noauth(uri) client.testscram.command('dbstats') db = client.get_database('testscram', read_preference=ReadPreference.SECONDARY) db.command('dbstats')
def test_scram(self): host, port = client_context.host, client_context.port client_context.create_user( 'testscram', 'sha1', 'pwd', roles=['dbOwner'], mechanisms=['SCRAM-SHA-1']) client_context.create_user( 'testscram', 'sha256', 'pwd', roles=['dbOwner'], mechanisms=['SCRAM-SHA-256']) client_context.create_user( 'testscram', 'both', 'pwd', roles=['dbOwner'], mechanisms=['SCRAM-SHA-1', 'SCRAM-SHA-256']) client = rs_or_single_client_noauth( event_listeners=[self.listener]) self.assertTrue( client.testscram.authenticate('sha1', 'pwd')) client.testscram.command('dbstats') client.testscram.logout() self.assertTrue( client.testscram.authenticate( 'sha1', 'pwd', mechanism='SCRAM-SHA-1')) client.testscram.command('dbstats') client.testscram.logout() self.assertRaises( OperationFailure, client.testscram.authenticate, 'sha1', 'pwd', mechanism='SCRAM-SHA-256') self.assertTrue( client.testscram.authenticate('sha256', 'pwd')) client.testscram.command('dbstats') client.testscram.logout() self.assertTrue( client.testscram.authenticate( 'sha256', 'pwd', mechanism='SCRAM-SHA-256')) client.testscram.command('dbstats') client.testscram.logout() self.assertRaises( OperationFailure, client.testscram.authenticate, 'sha256', 'pwd', mechanism='SCRAM-SHA-1') self.listener.results.clear() self.assertTrue( client.testscram.authenticate('both', 'pwd')) started = self.listener.results['started'][0] self.assertEqual(started.command.get('mechanism'), 'SCRAM-SHA-256') client.testscram.command('dbstats') client.testscram.logout() self.assertTrue( client.testscram.authenticate( 'both', 'pwd', mechanism='SCRAM-SHA-256')) client.testscram.command('dbstats') client.testscram.logout() self.assertTrue( client.testscram.authenticate( 'both', 'pwd', mechanism='SCRAM-SHA-1')) client.testscram.command('dbstats') client.testscram.logout() self.assertRaises( OperationFailure, client.testscram.authenticate, 'not-a-user', 'pwd') if HAVE_STRINGPREP: # Test the use of SASLprep on passwords. For example, # saslprep(u'\u2136') becomes u'IV' and saslprep(u'I\u00ADX') # becomes u'IX'. SASLprep is only supported when the standard # library provides stringprep. client_context.create_user( 'testscram', u'\u2168', u'\u2163', roles=['dbOwner'], mechanisms=['SCRAM-SHA-256']) client_context.create_user( 'testscram', u'IX', u'IX', roles=['dbOwner'], mechanisms=['SCRAM-SHA-256']) self.assertTrue( client.testscram.authenticate(u'\u2168', u'\u2163')) client.testscram.command('dbstats') client.testscram.logout() self.assertTrue( client.testscram.authenticate( u'\u2168', u'\u2163', mechanism='SCRAM-SHA-256')) client.testscram.command('dbstats') client.testscram.logout() self.assertTrue( client.testscram.authenticate(u'\u2168', u'IV')) client.testscram.command('dbstats') client.testscram.logout() self.assertTrue( client.testscram.authenticate(u'IX', u'I\u00ADX')) client.testscram.command('dbstats') client.testscram.logout() self.assertTrue( client.testscram.authenticate( u'IX', u'I\u00ADX', mechanism='SCRAM-SHA-256')) client.testscram.command('dbstats') client.testscram.logout() self.assertTrue( client.testscram.authenticate(u'IX', u'IX')) client.testscram.command('dbstats') client.testscram.logout() client = rs_or_single_client_noauth( u'mongodb://\u2168:\u2163@%s:%d/testscram' % (host, port)) client.testscram.command('dbstats') client = rs_or_single_client_noauth( u'mongodb://\u2168:IV@%s:%d/testscram' % (host, port)) client.testscram.command('dbstats') client = rs_or_single_client_noauth( u'mongodb://*****:*****@%s:%d/testscram' % (host, port)) client.testscram.command('dbstats') client = rs_or_single_client_noauth( u'mongodb://*****:*****@%s:%d/testscram' % (host, port)) client.testscram.command('dbstats') self.listener.results.clear() client = rs_or_single_client_noauth( 'mongodb://*****:*****@%s:%d/testscram' % (host, port), event_listeners=[self.listener]) client.testscram.command('dbstats') started = self.listener.results['started'][0] self.assertEqual(started.command.get('mechanism'), 'SCRAM-SHA-256') client = rs_or_single_client_noauth( 'mongodb://*****:*****@%s:%d/testscram?authMechanism=SCRAM-SHA-1' % (host, port)) client.testscram.command('dbstats') client = rs_or_single_client_noauth( 'mongodb://*****:*****@%s:%d/testscram?authMechanism=SCRAM-SHA-256' % (host, port)) client.testscram.command('dbstats') if client_context.is_rs: uri = ('mongodb://*****:*****@%s:%d/testscram' '?replicaSet=%s' % (host, port, client_context.replica_set_name)) client = single_client_noauth(uri) client.testscram.command('dbstats') db = client.get_database( 'testscram', read_preference=ReadPreference.SECONDARY) db.command('dbstats')
def test_scram(self): host, port = client_context.host, client_context.port client_context.create_user('testscram', 'sha1', 'pwd', roles=['dbOwner'], mechanisms=['SCRAM-SHA-1']) client_context.create_user('testscram', 'sha256', 'pwd', roles=['dbOwner'], mechanisms=['SCRAM-SHA-256']) client_context.create_user('testscram', 'both', 'pwd', roles=['dbOwner'], mechanisms=['SCRAM-SHA-1', 'SCRAM-SHA-256']) client = rs_or_single_client_noauth(event_listeners=[self.listener]) self.assertTrue(client.testscram.authenticate('sha1', 'pwd')) client.testscram.command('dbstats') client.testscram.logout() self.assertTrue( client.testscram.authenticate('sha1', 'pwd', mechanism='SCRAM-SHA-1')) client.testscram.command('dbstats') client.testscram.logout() self.assertRaises(OperationFailure, client.testscram.authenticate, 'sha1', 'pwd', mechanism='SCRAM-SHA-256') self.assertTrue(client.testscram.authenticate('sha256', 'pwd')) client.testscram.command('dbstats') client.testscram.logout() self.assertTrue( client.testscram.authenticate('sha256', 'pwd', mechanism='SCRAM-SHA-256')) client.testscram.command('dbstats') client.testscram.logout() self.assertRaises(OperationFailure, client.testscram.authenticate, 'sha256', 'pwd', mechanism='SCRAM-SHA-1') self.listener.results.clear() self.assertTrue(client.testscram.authenticate('both', 'pwd')) started = self.listener.results['started'][0] self.assertEqual(started.command.get('mechanism'), 'SCRAM-SHA-256') client.testscram.command('dbstats') client.testscram.logout() self.assertTrue( client.testscram.authenticate('both', 'pwd', mechanism='SCRAM-SHA-256')) client.testscram.command('dbstats') client.testscram.logout() self.assertTrue( client.testscram.authenticate('both', 'pwd', mechanism='SCRAM-SHA-1')) client.testscram.command('dbstats') client.testscram.logout() self.assertRaises(OperationFailure, client.testscram.authenticate, 'not-a-user', 'pwd') if HAVE_STRINGPREP: client_context.create_user('testscram', saslprep(u'\u2168'), u'\u2168', roles=['dbOwner'], mechanisms=['SCRAM-SHA-256']) self.assertTrue(client.testscram.authenticate( u'\u2168', u'\u2168')) client.testscram.command('dbstats') client.testscram.logout() self.assertTrue( client.testscram.authenticate(u'\u2168', u'\u2168', mechanism='SCRAM-SHA-256')) client.testscram.command('dbstats') client.testscram.logout() self.assertRaises(OperationFailure, client.testscram.authenticate, u'\u2168', u'\u2168', mechanism='SCRAM-SHA-1') client = rs_or_single_client_noauth( u'mongodb://\u2168:\u2168@%s:%d/testscram' % (host, port)) client.testscram.command('dbstats') self.listener.results.clear() client = rs_or_single_client_noauth( 'mongodb://*****:*****@%s:%d/testscram' % (host, port), event_listeners=[self.listener]) client.testscram.command('dbstats') started = self.listener.results['started'][0] self.assertEqual(started.command.get('mechanism'), 'SCRAM-SHA-256') client = rs_or_single_client_noauth( 'mongodb://*****:*****@%s:%d/testscram?authMechanism=SCRAM-SHA-1' % (host, port)) client.testscram.command('dbstats') client = rs_or_single_client_noauth( 'mongodb://*****:*****@%s:%d/testscram?authMechanism=SCRAM-SHA-256' % (host, port)) client.testscram.command('dbstats') if client_context.is_rs: uri = ('mongodb://*****:*****@%s:%d/testscram' '?replicaSet=%s' % (host, port, client_context.replica_set_name)) client = single_client_noauth(uri) client.testscram.command('dbstats') db = client.get_database('testscram', read_preference=ReadPreference.SECONDARY) db.command('dbstats')