[DOCS-14886] [SERVER] Investigate changes in SERVER-59970: Fix return value from authenticate command Created: 20/Oct/21  Updated: 03/Nov/21  Resolved: 03/Nov/21

Status: Closed
Project: Documentation
Component/s: None
Affects Version/s: None
Fix Version/s: 5.0.4, 5.2.0, 5.1.0-rc2

Type: Task Priority: Major - P3
Reporter: Backlog - Core Eng Program Management Team Assignee: Unassigned
Resolution: Won't Fix Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Documented
documents SERVER-59970 Fix return value from authenticate co... Closed
Participants:
Days since reply: 2 years, 14 weeks ago
Epic Link: DOCSP-15042

 Description   
Downstream Change Summary

As a note for documentation, we may cite that from 5.0.0 through 5.0.3 (inclusive) the

Unknown macro: {authenticate}

command incorrectly swaps the values returned via user and dbname.

Description of Linked Ticket

Typed command conversion of the {authenticate: 1} command inadvertently swapped the user and db fields resulting in replies like:

 

$external> db.runCommand({authenticate: 1, mechanism: "MONGODB-X509"})
{
  dbname: 'OU=Widgets,O=Stuff Inc.,C=US,ST=New York,L=New York City,CN=widget-bob',
  user: '$external',
  ok: 1
}

This happens here: https://github.com/mongodb/mongo/blob/d5156d91a608a3b7cf30fbdb63a2d31783389a47/src/mongo/db/commands/authentication_commands.cpp#L367

return AuthenticateReply(session->getUserName().toString(),
                                            session->getDatabase().toString());

This initializes the reply through two string args to the constructor which inobviously are passed in the wrong order (DB comes first). We can fix this with a 2-line swap:

return AuthenticateReply(session->getDatabase().toString(),
                                            session->getUserName().toString());

But a more durable fix which doesn't reply on a generated constructor signature would be to construct by parts:

AuthenticateReply reply;
reply.setUser(session->getUserName());
reply.setDb(session->getDatabase());
return reply;

This way there's no ambiguity or hard to spot ordering issues.



 Comments   
Comment by Ian Fogelman [ 03/Nov/21 ]

 This does not have an impact on existing documentation.

  • The authenticate command is not documented in the manual only db.auth.
  • This change will be captured in the 5.0.4 release notes.
Comment by PM Bot [ 20/Oct/21 ]

Downstream changes updated for upstream SERVER-59970:
As a note for documentation, we may cite that from 5.0.0 through 5.0.3 (inclusive) the

{authenticate: 1}

command incorrectly swaps the values returned via user and dbname.

Generated at Thu Feb 08 08:11:26 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.