search

musacivak / rock-php

Automatically exported from code.google.com/p/rock-php
0 stars 0 forks source link

Auth propblem #161

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. Turn on mongo auth
2. Login with a normal user that has been added to a normal database and has no 
rights on anything else
3. Logout
4. Login with the admin user that has been added to the admin database of mongo
5. Logout
6. Log back with the normal user
7. keep refreshing the browser

What is the expected output? What do you see instead?
1. expected that i always see only the database that the user has been added to.
2. Instead of that when normal user first logs in, he can see only the database 
that he has been added to but after the admin user logged in and out, normal 
user sees the list of all database and can list users and even can create 
collection in a not authenticated database and get succesful message from 
rockmongo, however the created collection never listed so basicly it is not 
created for real.
After you refreshing the page it sometimes shows only the normal database, 
sometimes shows all database. 
And sometimes also give this error messages:

Execute failed:db assertion failure
function (){ return db.getCollectionNames(); }

RockMongo Version (1.0.1, ...)
RockMongo v1.1.0

Operation System (Windows/CentOS, ...)
Ubuntu LTS 10.04.3  x86_64

PHP Version (5.1.6, ...)
PHP 5.3.8-1~lucid+1
php5 5.3.2-1ubuntu4.9
same with both versions

php_mongo Version (1.0.1, ...)
PHP extension   mongo/1.2.4

MongoDB version (1.5.5, ...)
version     1.8.3

Please provide any additional information below.

Rockmongo conf
<?php
$MONGO = array();
$MONGO["features"]["log_query"] = "off";//log queries
$MONGO["features"]["theme"] = "default";//theme
$MONGO["features"]["plugins"] = "on";//plugins
$i = 0;
$MONGO["servers"][$i]["mongo_name"] = "Localhost";//mongo server name
$MONGO["servers"][$i]["mongo_host"] = "127.0.0.1";//mongo host
$MONGO["servers"][$i]["mongo_port"] = "27017";//mongo port
$MONGO["servers"][$i]["mongo_timeout"] = 30;//mongo connection timeout
$MONGO["servers"][$i]["mongo_auth"] = true;//enable mongo authentication?

$MONGO["servers"][$i]["control_auth"] = false;//enable control users, works 
only if mongo_auth=false
$MONGO["servers"][$i]["control_users"]["admin"] = "admin";//one of control 
users [USERNAME]=PASSWORD, works only if mongo_auth=false

$MONGO["servers"][$i]["ui_only_dbs"] = "";//databases to display
$MONGO["servers"][$i]["ui_hide_dbs"] = "";//databases to hide
$MONGO["servers"][$i]["ui_hide_collections"] = "";//collections to hide
$MONGO["servers"][$i]["ui_hide_system_collections"] = false;//if hide the 
system collections
$i ++;

?>

I hope my case description was understandable.

Attached pics shows the issue after 1,2,3 refresh in the browser.

If i log in with the normal user on pc1 and with admin user on pc2 and than i 
refresh the page on pc1 that also produce the propblem so i am pretty sure it 
is not browser cache problem.

Thank you
Peter

Original issue reported on code.google.com by peter.ho...@gmail.com on 5 Sep 2011 at 5:04

Attachments: