[DOCS-8944] bypassDocumentValidation authentication error Created: 28/Sep/16  Updated: 30/Oct/23

Status: Closed
Project: Documentation
Component/s: Server
Affects Version/s: None
Fix Version/s: Server_Docs_20231030

Type: Task Priority: Major - P3
Reporter: Emily Hall Assignee: Unassigned
Resolution: Won't Do Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Documented
documents SERVER-21659 bypassDocumentValidation authenticati... Closed
Participants:
Days since reply: 1 year, 14 weeks, 2 days ago
Epic Link: DOCSP-1769

 Description   

I can consistently reproduce the following:

$ mongod --version
db version v3.2.0-rc3-89-g3a8aab6
git version: 3a8aab65a494f6e5b31ea0358a517b103e1cbcb6

-bash-4.2$ rm -rf /data/db/*
-bash-4.2$ mongod -vvvv --smallfiles --logpath=/data/db/mongod.log --auth --dbpath=/data/db --fork
about to fork child process, waiting until server is ready for connections.
forked process: 20505
child process started successfully, parent exiting

-bash-4.2$ mongo
MongoDB shell version: 3.2.0-rc3-89-g3a8aab6
connecting to: test
> use admin
switched to db admin
> db.runCommand({createUser: "example", "pwd": "password", roles: [                    
... {'role': 'userAdminAnyDatabase', 'db': 'admin'},                                         
... {'role': 'clusterAdmin', 'db': 'admin'},                                                 
... {'role': 'dbAdminAnyDatabase', 'db': 'admin'},                                           
... {'role': 'readWriteAnyDatabase', 'db': 'admin'}                                          
... ]})
{ "ok" : 1 }
> 
bye

Then. Using the latest master of mongo-c-driver:

  • Create new client using "mongodb://example:password@localhost:27017/admin"
  • Create a schema validator: {"validator": {"number": {"$gte": 5, "validationAction": "error"}}}
  • Bulk insert 3 document that fail the validation, and get "Document failed validation" error back
  • Bulk insert 3 documents that fail the validation, passing bypassDocumentValidation: true

Now, what happens depends on the following:

  • If I have an active shell session logged in with the same username and password, the bypassDocumentValidation succeeds
  • If I have no active shell session the bypassDocumentValidation fails with authentication error.

"bypass.c"

#include <bcon.h>
#include <mongoc.h>
 
int main(void)
{
   mongoc_collection_t *collection;
   bson_t reply = BSON_INITIALIZER;
   mongoc_bulk_operation_t *bulk;
   mongoc_database_t *database;
   mongoc_write_concern_t *wr;
   mongoc_client_t *client;
   bson_error_t error;
   bson_t *options;
   int r;
   int i;
 
   client = mongoc_client_new ("mongodb://example:password@localhost:27017/admin");
 
   database = mongoc_client_get_database (client, "databaseName");
   collection = mongoc_database_get_collection (database, "collectionName");
   mongoc_collection_drop (collection, NULL);
 
   options = bson_new_from_json ("{\"validator\": {\"number\": {\"$gte\": 5}}, \"validationAction\": \"error\"}", -1, NULL);
   if (!mongoc_database_create_collection (database, "collectionName", options, &error)) {
      fprintf(stderr, "Got error %s on line %d\n", error.message, __LINE__);
      fprintf(stderr, "\nFAILED\n");
      return 1;
   }
 
   /* {{{ Default fails validation */
   bulk = mongoc_collection_create_bulk_operation (collection, true, NULL);
   for (i = 0; i < 3; i++) {
      bson_t *doc = bson_new_from_json ("{\"number\": 3 }", -1, NULL);
      mongoc_bulk_operation_insert (bulk, doc);
      bson_destroy (doc);
   }
   r = mongoc_bulk_operation_execute (bulk, &reply, &error);
   if (r) {
      fprintf(stderr, "Should have got error line %d\n", __LINE__);
      fprintf(stderr, "\nFAILED\n");
      return 1;
   } else {
      fprintf(stdout, "Correctly failed validation (%s) on line %d\n", error.message, __LINE__);
   }
   mongoc_bulk_operation_destroy (bulk);
   /* }}} */
 
   /* {{{ bypass_document_validation=true ignores validation */
   bulk = mongoc_collection_create_bulk_operation (collection, true, NULL);
   mongoc_bulk_operation_set_bypass_document_validation (bulk, true);
   for (i = 0; i < 3; i++) {
      bson_t *doc = bson_new_from_json ("{\"number\": 3 }", -1, NULL);
      mongoc_bulk_operation_insert (bulk, doc);
      bson_destroy (doc);
   }
   r = mongoc_bulk_operation_execute (bulk, &reply, &error);
   if (r) {
      fprintf(stdout, "Correctly bypassed document validation on line %d\n", __LINE__);
   } else {
      fprintf(stderr, "Got error %s on line %d\n", error.message, __LINE__);
      fprintf(stderr, "\nFAILED\n");
      return 1;
   }
   mongoc_bulk_operation_destroy (bulk);
   /* }}} */
 
   bson_destroy (options);
   mongoc_database_destroy (database);
   mongoc_collection_destroy (collection);
   mongoc_client_destroy (client);
}


EDIT: This was originally noticed on Solaris spawnhost that had nightly deployed on it. It was later confirmed on Linux too.



 Comments   
Comment by Education Bot [ 31/Oct/22 ]

Hello! This ticket has been closed due to inactivity. If you believe this ticket is still important, please reopen it and leave a comment to explain why. Thank you!

Generated at Thu Feb 08 07:57:17 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.