protected override void ModifyStore(FilesStore store)
{
FactIfWindowsAuthenticationIsAvailable.LoadCredentials();
ConfigurationHelper.ApplySettingsToConventions(store.Conventions);
base.ModifyStore(store);
}
public void CanUseWindowsAuthentication()
{
FactIfWindowsAuthenticationIsAvailable.LoadCredentials();
Raven.Database.Server.Security.Authentication.EnableOnce();
this.Server.Configuration.AnonymousUserAccessMode = AnonymousUserAccessMode.None;
this.Server.SystemDatabase.Documents.Put(
"Raven/Authorization/WindowsSettings",
null,
RavenJObject.FromObject(new WindowsAuthDocument
{
RequiredUsers = new List <WindowsAuthData>
{
new WindowsAuthData
{
Name = string.Format("{0}\\{1}", FactIfWindowsAuthenticationIsAvailable.Admin.Domain, FactIfWindowsAuthenticationIsAvailable.Admin.UserName),
Enabled = true,
Databases = new List <ResourceAccess>
{
new ResourceAccess {
TenantId = "*"
},
new ResourceAccess {
TenantId = Constants.SystemDatabase
}
}
}
}
}), new RavenJObject(), null);
using (var store = new DocumentStore
{
Credentials = new NetworkCredential(FactIfWindowsAuthenticationIsAvailable.User.UserName, FactIfWindowsAuthenticationIsAvailable.User.Password, FactIfWindowsAuthenticationIsAvailable.User.Domain),
Url = this.Server.SystemDatabase.ServerUrl
})
{
ConfigurationHelper.ApplySettingsToConventions(store.Conventions);
store.Initialize();
Assert.Throws <Raven.Abstractions.Connection.ErrorResponseException>(() => store.DatabaseCommands.Put("users/1", null, RavenJObject.FromObject(new User {
}), new RavenJObject()));
}
using (var store = new DocumentStore
{
Credentials = new NetworkCredential(FactIfWindowsAuthenticationIsAvailable.Admin.UserName, FactIfWindowsAuthenticationIsAvailable.Admin.Password, FactIfWindowsAuthenticationIsAvailable.Admin.Domain),
Url = this.Server.SystemDatabase.ServerUrl
})
{
ConfigurationHelper.ApplySettingsToConventions(store.Conventions);
store.Initialize();
store.DatabaseCommands.Put("users/1", null, RavenJObject.FromObject(new User {
}), new RavenJObject());
var result = store.DatabaseCommands.Get("users/1");
Assert.NotNull(result);
}
}
protected override void ModifyStore(DocumentStore store)
{
FactIfWindowsAuthenticationIsAvailable.LoadCredentials();
var isApiStore = _storeCounter % 2 == 0;
store.Conventions.FailoverBehavior = FailoverBehavior.AllowReadsFromSecondaries;
if (isApiStore)
{
store.Credentials = null;
store.ApiKey = apiKey;
}
else
{
store.Credentials = new NetworkCredential(FactIfWindowsAuthenticationIsAvailable.Admin.UserName, FactIfWindowsAuthenticationIsAvailable.Admin.Password, FactIfWindowsAuthenticationIsAvailable.Admin.Domain);
store.ApiKey = null;
}
ConfigurationHelper.ApplySettingsToConventions(store.Conventions);
_storeCounter++;
}
public void GetUserInfoAndPermissionsWindowsAuthentication()
{
Raven.Database.Server.Security.Authentication.EnableOnce();
Server.Configuration.AnonymousUserAccessMode = AnonymousUserAccessMode.None;
Server.SystemDatabase.Documents.Put(
"Raven/Authorization/WindowsSettings",
null,
RavenJObject.FromObject(new WindowsAuthDocument
{
RequiredUsers = new List <WindowsAuthData>
{
new WindowsAuthData
{
Name = string.Format("{0}\\{1}", FactIfWindowsAuthenticationIsAvailable.Admin.Domain, FactIfWindowsAuthenticationIsAvailable.Admin.UserName),
Enabled = true,
Databases = new List <ResourceAccess>
{
new ResourceAccess {
TenantId = "Foo", Admin = true
},
new ResourceAccess {
TenantId = "db2", ReadOnly = true
},
new ResourceAccess {
TenantId = "db3", Admin = false
},
}
}
}
}), new RavenJObject(), null);
using (var store = new DocumentStore
{
Credentials = new NetworkCredential(FactIfWindowsAuthenticationIsAvailable.Admin.UserName, FactIfWindowsAuthenticationIsAvailable.Admin.Password, FactIfWindowsAuthenticationIsAvailable.Admin.Domain),
Url = Server.SystemDatabase.ServerUrl
})
{
ConfigurationHelper.ApplySettingsToConventions(store.Conventions);
store.Initialize();
store
.DatabaseCommands
.GlobalAdmin
.CreateDatabase(new DatabaseDocument
{
Id = "Foo",
Settings =
{
{ "Raven/DataDir", "Foo" }
}
});
store.DatabaseCommands.EnsureDatabaseExists("Foo");
var info = store.DatabaseCommands.GetUserInfo();
Assert.Equal(3, info.Databases.Count);
Assert.Equal("Foo", info.Databases[0].Database);
Assert.Equal("db2", info.Databases[1].Database);
Assert.Equal("db3", info.Databases[2].Database);
Assert.True(info.Databases[0].IsAdmin);
Assert.False(info.Databases[1].IsAdmin);
Assert.False(info.Databases[2].IsAdmin);
Assert.Equal(1, info.ReadOnlyDatabases.Count);
var per = store.DatabaseCommands.GetUserPermission("Foo", readOnly: false);
var isGrant = per.IsGranted;
var res = per.Reason;
Assert.True(isGrant);
Assert.Equal("PUT allowed on " + "Foo" + " because user " + info.User + " has admin permissions", res);
var per2 = store.DatabaseCommands.GetUserPermission("db2", readOnly: false);
var isGrant2 = per2.IsGranted;
var res2 = per2.Reason;
Assert.False(isGrant2);
Assert.Equal("PUT rejected on" + "db2" + "because user" + info.User + "has ReadOnly permissions", res2);
var per3 = store.DatabaseCommands.GetUserPermission("db3", readOnly: false);
var isGrant3 = per3.IsGranted;
var res3 = per3.Reason;
Assert.True(isGrant3);
Assert.Equal("PUT allowed on " + "db3" + " because user " + info.User + "has ReadWrite permissions", res3);
}
}