SERVER-20558 Use unambiguous name in JS scope identifier

Author: sgolemon-corp

src/mongo/db/auth/authorization_session.h

@@ -166,10 +166,6 @@ class AuthorizationSession {
     // Gets an iterator over the roles of all authenticated users stored in this manager.
     virtual RoleNameIterator getAuthenticatedRoleNames() = 0;
 
-    // Returns a std::string representing all logged-in users on the current session.
-    // WARNING: this std::string will contain NUL bytes so don't call c_str()!
-    virtual std::string getAuthenticatedUserNamesToken() = 0;
-
     // Removes any authenticated principals whose authorization credentials came from the given
     // database, and revokes any privileges that were granted via that principal. This function
     // modifies state. Synchronizes with the Client lock.

src/mongo/db/auth/authorization_session_impl.cpp

@@ -184,17 +184,6 @@ RoleNameIterator AuthorizationSessionImpl::getAuthenticatedRoleNames() {
     return makeRoleNameIterator(_authenticatedRoleNames.begin(), _authenticatedRoleNames.end());
 }
 
-std::string AuthorizationSessionImpl::getAuthenticatedUserNamesToken() {
-    std::string ret;
-    for (UserNameIterator nameIter = getAuthenticatedUserNames(); nameIter.more();
-         nameIter.next()) {
-        ret += '\0';  // Using a NUL byte which isn't valid in usernames to separate them.
-        ret += nameIter->getFullName();
-    }
-
-    return ret;
-}
-
 void AuthorizationSessionImpl::grantInternalAuthorization(Client* client) {
     stdx::lock_guard<Client> lk(*client);
     _authenticatedUsers.add(internalSecurity.user);

src/mongo/db/auth/authorization_session_impl.h

@@ -91,8 +91,6 @@ class AuthorizationSessionImpl : public AuthorizationSession {
 
     RoleNameIterator getAuthenticatedRoleNames() override;
 
-    std::string getAuthenticatedUserNamesToken() override;
-
     void logoutDatabase(OperationContext* opCtx, StringData dbname) override;
 
     void grantInternalAuthorization(Client* client) override;

src/mongo/db/commands/mr.cpp

@@ -948,8 +948,6 @@ State::~State() {
  */
 void State::init() {
     // setup js
-    const string userToken =
-        AuthorizationSession::get(Client::getCurrent())->getAuthenticatedUserNamesToken();
     _scope.reset(getGlobalScriptEngine()->newScopeForCurrentThread());
     _scope->requireOwnedObjects();
     _scope->registerOperation(_opCtx);

src/mongo/db/matcher/expression_where.cpp

@@ -50,6 +50,20 @@ using std::string;
 using std::stringstream;
 using std::unique_ptr;
 
+namespace {
+std::string getAuthenticatedUserNamesToken(Client* client) {
+    StringBuilder sb;
+
+    auto as = AuthorizationSession::get(client);
+    for (auto nameIter = as->getAuthenticatedUserNames(); nameIter.more(); nameIter.next()) {
+        // Using a NUL byte which isn't valid in usernames to separate them.
+        sb << '\0' << nameIter->getUnambiguousName();
+    }
+
+    return sb.str();
+}
+}  // namespace
+
 WhereMatchExpression::WhereMatchExpression(OperationContext* opCtx,
                                            WhereParams params,
                                            StringData dbName)
@@ -61,9 +75,7 @@ WhereMatchExpression::WhereMatchExpression(OperationContext* opCtx,
 
     uassert(ErrorCodes::BadValue, "ns for $where cannot be empty", dbName.size() != 0);
 
-    const string userToken =
-        AuthorizationSession::get(Client::getCurrent())->getAuthenticatedUserNamesToken();
-
+    const auto userToken = getAuthenticatedUserNamesToken(opCtx->getClient());
     _scope = getGlobalScriptEngine()->getPooledScope(_opCtx, _dbName, "where" + userToken);
     const auto guard = makeGuard([&] { _scope->unregisterOperation(); });
 

src/mongo/embedded/embedded_auth_session.cpp

@@ -93,10 +93,6 @@ class AuthorizationSession : public mongo::AuthorizationSession {
         UASSERT_NOT_IMPLEMENTED;
     }
 
-    std::string getAuthenticatedUserNamesToken() override {
-        UASSERT_NOT_IMPLEMENTED;
-    }
-
     void grantInternalAuthorization(Client* client) override {
         // Always okay to do something, on embedded.
     }