[SERVER-29862] Command auth checks behave differently on bad status vs exception Created: 26/Jun/17  Updated: 27/Oct/23  Resolved: 15/May/18

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Mathias Stearn Assignee: Mathias Stearn
Resolution: Gone away Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Operating System: ALL
Sprint: Platforms 2018-04-09, Platforms 2018-04-23, Platforms 2018-05-07, Platforms 2018-05-21
Participants:

 Description   

In particular, if an exception is thrown from Command::checkAuthForOperation(), we won't log or audit the failure. It seems like the auth code should unify error handling by either converting all statuses to exceptions or vice-versa to ensure uniform handling of failures.



 Comments   
Comment by Mathias Stearn [ 15/May/18 ]

Resolved by the work on SERVER-33881

Comment by Githook User [ 10/May/18 ]

Author:

{'name': 'Billy Donahue', 'email': 'billy.donahue@mongodb.com', 'username': 'BillyDonahue'}

Message: SERVER-34653 linearize control flow in Command::_checkAuthorizationImpl.

Also relevant to SERVER-29862.
Branch: master
https://github.com/mongodb/mongo/commit/e2ff0151038bc01a4e8992169ed37c63de1d5a6a

Generated at Thu Feb 08 04:22:00 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.