(self)
| 474 | |
| 475 | @async_client_context.require_no_fips |
| 476 | async def test_scram(self): |
| 477 | # Step 1: create users |
| 478 | await async_client_context.create_user( |
| 479 | "testscram", "sha1", "pwd", roles=["dbOwner"], mechanisms=["SCRAM-SHA-1"] |
| 480 | ) |
| 481 | await async_client_context.create_user( |
| 482 | "testscram", "sha256", "pwd", roles=["dbOwner"], mechanisms=["SCRAM-SHA-256"] |
| 483 | ) |
| 484 | await async_client_context.create_user( |
| 485 | "testscram", |
| 486 | "both", |
| 487 | "pwd", |
| 488 | roles=["dbOwner"], |
| 489 | mechanisms=["SCRAM-SHA-1", "SCRAM-SHA-256"], |
| 490 | ) |
| 491 | |
| 492 | # Step 2: verify auth success cases |
| 493 | client = await self.async_rs_or_single_client_noauth( |
| 494 | username="sha1", password="pwd", authSource="testscram" |
| 495 | ) |
| 496 | await client.testscram.command("dbstats") |
| 497 | |
| 498 | client = await self.async_rs_or_single_client_noauth( |
| 499 | username="sha1", password="pwd", authSource="testscram", authMechanism="SCRAM-SHA-1" |
| 500 | ) |
| 501 | await client.testscram.command("dbstats") |
| 502 | |
| 503 | client = await self.async_rs_or_single_client_noauth( |
| 504 | username="sha256", password="pwd", authSource="testscram" |
| 505 | ) |
| 506 | await client.testscram.command("dbstats") |
| 507 | |
| 508 | client = await self.async_rs_or_single_client_noauth( |
| 509 | username="sha256", password="pwd", authSource="testscram", authMechanism="SCRAM-SHA-256" |
| 510 | ) |
| 511 | await client.testscram.command("dbstats") |
| 512 | |
| 513 | # Step 2: SCRAM-SHA-1 and SCRAM-SHA-256 |
| 514 | client = await self.async_rs_or_single_client_noauth( |
| 515 | username="both", password="pwd", authSource="testscram", authMechanism="SCRAM-SHA-1" |
| 516 | ) |
| 517 | await client.testscram.command("dbstats") |
| 518 | client = await self.async_rs_or_single_client_noauth( |
| 519 | username="both", password="pwd", authSource="testscram", authMechanism="SCRAM-SHA-256" |
| 520 | ) |
| 521 | await client.testscram.command("dbstats") |
| 522 | |
| 523 | self.listener.reset() |
| 524 | client = await self.async_rs_or_single_client_noauth( |
| 525 | username="both", password="pwd", authSource="testscram", event_listeners=[self.listener] |
| 526 | ) |
| 527 | await client.testscram.command("dbstats") |
| 528 | if async_client_context.version.at_least(4, 4, -1): |
| 529 | # Speculative authentication in 4.4+ sends saslStart with the |
| 530 | # handshake. |
| 531 | self.assertEqual(self.listener.started_events, []) |
| 532 | else: |
| 533 | started = self.listener.started_events[0] |
nothing calls this directly
no test coverage detected