test/javascript/tests/replicator_db_credential_delegation.js - couchdb - Git at Google

 // Licensed under the Apache License, Version 2.0 (the "License"); you may not
 // use this file except in compliance with the License. You may obtain a copy of
 // the License at
 //
 //   http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 // License for the specific language governing permissions and limitations under
 // the License.

 couchTests.replicator_db_credential_delegation = function(debug) {
   return console.log('TODO');

   if (debug) debugger;

   var populate_db = replicator_db.populate_db;
   var docs1 = replicator_db.docs1;
   var dbA = replicator_db.dbA;
   var dbB = replicator_db.dbB;
   var repDb = replicator_db.repDb;
   var usersDb = replicator_db.usersDb;
   var wait = replicator_db.wait;
   var waitForRep = replicator_db.waitForRep;
   var waitForSeq = replicator_db.waitForSeq;
   var wait_rep_doc = replicator_db.wait_rep_doc;

   function test_replication_credentials_delegation() {
     populate_db(usersDb, []);

     var joeUserDoc = CouchDB.prepareUserDoc({
       name: "joe",
       roles: ["god", "erlanger"]
     }, "erly");
     T(usersDb.save(joeUserDoc).ok);

     var ddoc = {
       _id: "_design/beer",
       language: "javascript"
     };
     populate_db(dbA, docs1.concat([ddoc]));
     populate_db(dbB, []);

     T(dbB.setSecObj({
       admins: {
         names: [],
         roles: ["god"]
       }
     }).ok);

     var server_admins_config = [
       {
         section: "couch_httpd_auth",
         key: "iterations",
         value: "1"
       },
       {
         section: "admins",
         key: "fdmanana",
         value: "qwerty"
       }
     ];

     run_on_modified_server(server_admins_config, function() {

       T(CouchDB.login("fdmanana", "qwerty").ok);
       T(CouchDB.session().userCtx.name === "fdmanana");
       T(CouchDB.session().userCtx.roles.indexOf("_admin") !== -1);

       var repDoc = {
         _id: "foo_rep_del_doc_1",
         source: dbA.name,
         target: dbB.name,
         user_ctx: {
           name: "joe",
           roles: ["erlanger"]
         }
       };

       T(repDb.save(repDoc).ok);

       waitForRep(repDb, repDoc, "completed");
       for (var i = 0; i < docs1.length; i++) {
         var doc = docs1[i];
         var copy = dbB.open(doc._id);
         T(copy !== null);
         T(copy.value === doc.value);
       }

       // design doc was not replicated, because joe is not an admin of db B
       var doc = dbB.open(ddoc._id);
       T(doc === null);

       // now test the same replication but putting the role "god" in the
       // delegation user context property
       var repDoc2 = {
         _id: "foo_rep_del_doc_2",
         source: dbA.name,
         target: dbB.name,
         user_ctx: {
           name: "joe",
           roles: ["erlanger", "god"]
         }
       };
       T(repDb.save(repDoc2).ok);

       waitForRep(repDb, repDoc2, "completed");
       for (var i = 0; i < docs1.length; i++) {
         var doc = docs1[i];
         var copy = dbB.open(doc._id);
         T(copy !== null);
         T(copy.value === doc.value);
       }

       // because anyone with a 'god' role is an admin of db B, a replication
       // that is delegated to a 'god' role can write design docs to db B
       doc = dbB.open(ddoc._id);
       T(doc !== null);
       T(doc.language === ddoc.language);
     });
   }

   var server_config = [
     {
       section: "couch_httpd_auth",
       key: "iterations",
       value: "1"
     },
     {
       section: "replicator",
       key: "db",
       value: repDb.name
     },
     {
       section: "couch_httpd_auth",
       key: "authentication_db",
       value: usersDb.name
     }
   ];

   repDb.deleteDb();
   run_on_modified_server(server_config, test_replication_credentials_delegation);

   // cleanup
   repDb.deleteDb();
   dbA.deleteDb();
   dbB.deleteDb();
   usersDb.deleteDb();
 }
	// Licensed under the Apache License, Version 2.0 (the "License"); you may not
	// use this file except in compliance with the License. You may obtain a copy of
	// the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
	// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
	// License for the specific language governing permissions and limitations under
	// the License.

	couchTests.replicator_db_credential_delegation = function(debug) {
	return console.log('TODO');

	if (debug) debugger;

	var populate_db = replicator_db.populate_db;
	var docs1 = replicator_db.docs1;
	var dbA = replicator_db.dbA;
	var dbB = replicator_db.dbB;
	var repDb = replicator_db.repDb;
	var usersDb = replicator_db.usersDb;
	var wait = replicator_db.wait;
	var waitForRep = replicator_db.waitForRep;
	var waitForSeq = replicator_db.waitForSeq;
	var wait_rep_doc = replicator_db.wait_rep_doc;

	function test_replication_credentials_delegation() {
	populate_db(usersDb, []);

	var joeUserDoc = CouchDB.prepareUserDoc({
	name: "joe",
	roles: ["god", "erlanger"]
	}, "erly");
	T(usersDb.save(joeUserDoc).ok);

	var ddoc = {
	_id: "_design/beer",
	language: "javascript"
	};
	populate_db(dbA, docs1.concat([ddoc]));
	populate_db(dbB, []);

	T(dbB.setSecObj({
	admins: {
	names: [],
	roles: ["god"]
	}
	}).ok);

	var server_admins_config = [
	{
	section: "couch_httpd_auth",
	key: "iterations",
	value: "1"
	},
	{
	section: "admins",
	key: "fdmanana",
	value: "qwerty"
	}
	];

	run_on_modified_server(server_admins_config, function() {

	T(CouchDB.login("fdmanana", "qwerty").ok);
	T(CouchDB.session().userCtx.name === "fdmanana");
	T(CouchDB.session().userCtx.roles.indexOf("_admin") !== -1);

	var repDoc = {
	_id: "foo_rep_del_doc_1",
	source: dbA.name,
	target: dbB.name,
	user_ctx: {
	name: "joe",
	roles: ["erlanger"]
	}
	};

	T(repDb.save(repDoc).ok);

	waitForRep(repDb, repDoc, "completed");
	for (var i = 0; i < docs1.length; i++) {
	var doc = docs1[i];
	var copy = dbB.open(doc._id);
	T(copy !== null);
	T(copy.value === doc.value);
	}

	// design doc was not replicated, because joe is not an admin of db B
	var doc = dbB.open(ddoc._id);
	T(doc === null);

	// now test the same replication but putting the role "god" in the
	// delegation user context property
	var repDoc2 = {
	_id: "foo_rep_del_doc_2",
	source: dbA.name,
	target: dbB.name,
	user_ctx: {
	name: "joe",
	roles: ["erlanger", "god"]
	}
	};
	T(repDb.save(repDoc2).ok);

	waitForRep(repDb, repDoc2, "completed");
	for (var i = 0; i < docs1.length; i++) {
	var doc = docs1[i];
	var copy = dbB.open(doc._id);
	T(copy !== null);
	T(copy.value === doc.value);
	}

	// because anyone with a 'god' role is an admin of db B, a replication
	// that is delegated to a 'god' role can write design docs to db B
	doc = dbB.open(ddoc._id);
	T(doc !== null);
	T(doc.language === ddoc.language);
	});
	}

	var server_config = [
	{
	section: "couch_httpd_auth",
	key: "iterations",
	value: "1"
	},
	{
	section: "replicator",
	key: "db",
	value: repDb.name
	},
	{
	section: "couch_httpd_auth",
	key: "authentication_db",
	value: usersDb.name
	}
	];

	repDb.deleteDb();
	run_on_modified_server(server_config, test_replication_credentials_delegation);

	// cleanup
	repDb.deleteDb();
	dbA.deleteDb();
	dbB.deleteDb();
	usersDb.deleteDb();
	}