Fix RUBY-2055 Driver sends null pwd field in createUser when password is not specified (#1609)

p-mongo · p · p · commit 7e19e61f0ba4 · 2019-12-20T18:20:21.000-05:00
* Shorten lines to 79 columns * RUBY-2055 fix user creation without password * Use dashes for second level headings * Give an example for creating an x.509 user Co-authored-by: Oleg Pudeyev <p@users.noreply.github.com>
diff --git a/lib/mongo/auth/user.rb b/lib/mongo/auth/user.rb
@@ -151,6 +151,8 @@ def sasl_prepped_password
       #   authorized for.
       # @option options [ String ] :user The user name.
       # @option options [ String ] :password The user's password.
+      # @option options [ String ] :pwd Legacy option for the user's password.
+      #   If :password and :pwd are both specified, :password takes precedence.
       # @option options [ Symbol ] :auth_mech The authorization mechanism.
       # @option options [ Array<String>, Array<Hash> ] roles The user roles.
       # @option options [ String ] :client_key The user's client key cached from a previous
@@ -196,7 +198,11 @@ def initialize(options)
       #
       # @since 2.0.0
       def spec
-        { pwd: password, roles: roles }
+        {roles: roles}.tap do |spec|
+          if password
+            spec[:pwd] = password
+          end
+        end
       end
 
       private
diff --git a/spec/mongo/auth/user/view_spec.rb b/spec/mongo/auth/user/view_spec.rb
@@ -2,8 +2,10 @@
 
 describe Mongo::Auth::User::View do
 
+  let(:database) { root_authorized_client.database }
+
   let(:view) do
-    described_class.new(root_authorized_client.database)
+    described_class.new(database)
   end
 
   before do
@@ -12,6 +14,39 @@
 
   describe '#create' do
 
+    context 'when password is not provided' do
+
+      let(:database) { root_authorized_client.use('$external').database }
+
+      let(:username) { 'passwordless-user' }
+
+      let(:response) do
+        view.create(
+          username,
+          # https://stackoverflow.com/questions/55939832/mongodb-external-database-cannot-create-new-user-with-user-defined-role
+          roles: [{role: 'read', db: 'admin'}],
+        )
+      end
+
+      before do
+        begin
+          view.remove(username)
+        rescue Mongo::Error::OperationFailure
+          # can be user not found, ignore
+        end
+      end
+
+      it 'creates the user' do
+        view.info(username).should == []
+
+        lambda do
+          response
+        end.should_not raise_error
+
+        view.info(username).first['user'].should == username
+      end
+    end
+
     context 'when a session is not used' do
 
       let!(:response) do
diff --git a/spec/mongo/auth/user_spec.rb b/spec/mongo/auth/user_spec.rb
@@ -284,4 +284,16 @@
       end
     end
   end
+
+  describe '#spec' do
+    context 'when no password and no roles are set' do
+      let(:user) do
+        described_class.new(user: 'foo')
+      end
+
+      it 'is a hash with empty roles' do
+        user.spec.should == {roles: []}
+      end
+    end
+  end
 end
