Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-8944

bypassDocumentValidation authentication error

XMLWordPrintableJSON

    • Type: Icon: Task Task
    • Resolution: Won't Do
    • Priority: Icon: Major - P3 Major - P3
    • Server_Docs_20231030
    • Affects Version/s: None
    • Component/s: Server
    • Labels:
      None

      I can consistently reproduce the following:

      $ mongod --version
db version v3.2.0-rc3-89-g3a8aab6
git version: 3a8aab65a494f6e5b31ea0358a517b103e1cbcb6

      -bash-4.2$ rm -rf /data/db/*
-bash-4.2$ mongod -vvvv --smallfiles --logpath=/data/db/mongod.log --auth --dbpath=/data/db --fork
about to fork child process, waiting until server is ready for connections.
forked process: 20505
child process started successfully, parent exiting

      -bash-4.2$ mongo
MongoDB shell version: 3.2.0-rc3-89-g3a8aab6
connecting to: test
> use admin
switched to db admin
> db.runCommand({createUser: "example", "pwd": "password", roles: [                    
... {'role': 'userAdminAnyDatabase', 'db': 'admin'},                                         
... {'role': 'clusterAdmin', 'db': 'admin'},                                                 
... {'role': 'dbAdminAnyDatabase', 'db': 'admin'},                                           
... {'role': 'readWriteAnyDatabase', 'db': 'admin'}                                          
... ]})
{ "ok" : 1 }
> 
bye

      Then. Using the latest master of mongo-c-driver:

      • Create new client using "mongodb://example:password@localhost:27017/admin"
      • Create a schema validator: {"validator": {"number": {"$gte": 5, "validationAction": "error"}}}
      • Bulk insert 3 document that fail the validation, and get "Document failed validation" error back
      • Bulk insert 3 documents that fail the validation, passing bypassDocumentValidation: true

      Now, what happens depends on the following:

      • If I have an active shell session logged in with the same username and password, the bypassDocumentValidation succeeds
      • If I have no active shell session the bypassDocumentValidation fails with authentication error.
      "bypass.c"
      #include <bcon.h>
#include <mongoc.h>

int main(void)
{
   mongoc_collection_t *collection;
   bson_t reply = BSON_INITIALIZER;
   mongoc_bulk_operation_t *bulk;
   mongoc_database_t *database;
   mongoc_write_concern_t *wr;
   mongoc_client_t *client;
   bson_error_t error;
   bson_t *options;
   int r;
   int i;

   client = mongoc_client_new ("mongodb://example:password@localhost:27017/admin");

   database = mongoc_client_get_database (client, "databaseName");
   collection = mongoc_database_get_collection (database, "collectionName");
   mongoc_collection_drop (collection, NULL);

   options = bson_new_from_json ("{\"validator\": {\"number\": {\"$gte\": 5}}, \"validationAction\": \"error\"}", -1, NULL);
   if (!mongoc_database_create_collection (database, "collectionName", options, &error)) {
      fprintf(stderr, "Got error %s on line %d\n", error.message, __LINE__);
      fprintf(stderr, "\nFAILED\n");
      return 1;
   }

   /* {{{ Default fails validation */
   bulk = mongoc_collection_create_bulk_operation (collection, true, NULL);
   for (i = 0; i < 3; i++) {
      bson_t *doc = bson_new_from_json ("{\"number\": 3 }", -1, NULL);
      mongoc_bulk_operation_insert (bulk, doc);
      bson_destroy (doc);
   }
   r = mongoc_bulk_operation_execute (bulk, &reply, &error);
   if (r) {
      fprintf(stderr, "Should have got error line %d\n", __LINE__);
      fprintf(stderr, "\nFAILED\n");
      return 1;
   } else {
      fprintf(stdout, "Correctly failed validation (%s) on line %d\n", error.message, __LINE__);
   }
   mongoc_bulk_operation_destroy (bulk);
   /* }}} */

   /* {{{ bypass_document_validation=true ignores validation */
   bulk = mongoc_collection_create_bulk_operation (collection, true, NULL);
   mongoc_bulk_operation_set_bypass_document_validation (bulk, true);
   for (i = 0; i < 3; i++) {
      bson_t *doc = bson_new_from_json ("{\"number\": 3 }", -1, NULL);
      mongoc_bulk_operation_insert (bulk, doc);
      bson_destroy (doc);
   }
   r = mongoc_bulk_operation_execute (bulk, &reply, &error);
   if (r) {
      fprintf(stdout, "Correctly bypassed document validation on line %d\n", __LINE__);
   } else {
      fprintf(stderr, "Got error %s on line %d\n", error.message, __LINE__);
      fprintf(stderr, "\nFAILED\n");
      return 1;
   }
   mongoc_bulk_operation_destroy (bulk);
   /* }}} */

   bson_destroy (options);
   mongoc_database_destroy (database);
   mongoc_collection_destroy (collection);
   mongoc_client_destroy (client);
}


      EDIT: This was originally noticed on Solaris spawnhost that had nightly deployed on it. It was later confirmed on Linux too.

            Assignee:
            Unassigned Unassigned
            Reporter:
            emily.hall Emily Hall
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              1 year, 27 weeks ago