Use a more suitable method of detecting if authentication is needed

stevenpost · stevenpost · commit d6284478a781 · 2024-03-27T10:57:10.000+01:00
The `db.serverCmdLineOpts()` method always requires authentication when
auth is enabled. It doesn't take the `enableLocalAuthBypass` parameter
into account, the subsequent authentication attempt always fails if a
user doesn't exists. This commit switches to the `rs.status()` method,
as that method does take the `enableLocalAuthBypass` parameter into
account and allows us to obtain a shell before with authentication
enabled, but before the user exists.
diff --git a/templates/mongoshrc.js.erb b/templates/mongoshrc.js.erb
@@ -19,13 +19,15 @@ function rsReconfigSettings(settings){
 <% if @auth and @store_creds -%>
 function authRequired() {
   try {
-    return db.serverCmdLineOpts().ok != 1;
+    return rs.status().ok != 1;
   } catch (err) {
     if (err.message.match(/requires authentication/) || err.message.match(/not authorized on admin/)) {
       return true
-    } else {
-      throw("Unknown error :" + err)
+    if (err.message.match(/not running with --replSet/)) {
+      return false
     }
+    throw("Unknown error :" + err)
+  }
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -19,13 +19,15 @@ function rsReconfigSettings(settings){`
`19`	`19`	`<% if @auth and @store_creds -%>`
`20`	`20`	`function authRequired() {`
`21`	`21`	`try {`
`22`		`- return db.serverCmdLineOpts().ok != 1;`
	`22`	`+ return rs.status().ok != 1;`
`23`	`23`	`} catch (err) {`
`24`	`24`	`if (err.message.match(/requires authentication/) \|\| err.message.match(/not authorized on admin/)) {`
`25`	`25`	`return true`
`26`		`- } else {`
`27`		`- throw("Unknown error :" + err)`
	`26`	`+ if (err.message.match(/not running with --replSet/)) {`
	`27`	`+ return false`
`28`	`28`	`}`
	`29`	`+ throw("Unknown error :" + err)`
	`30`	`+ }`
`29`	`31`	`}`
`30`	`32`	`}`
`31`	`33`