File: SCRAM.pm

package info (click to toggle)
libmango-perl 1.30-2
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, bullseye, forky, sid, trixie
  • size: 448 kB
  • sloc: perl: 1,513; makefile: 2
file content (107 lines) | stat: -rw-r--r-- 2,445 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
 
package Mango::Auth::SCRAM;

use Mojo::Base 'Mango::Auth';
use Mojo::Util qw(dumper md5_sum encode b64_encode b64_decode);
use Mango::BSON 'bson_doc';

EVAL: {
  local $@;
  die "Authen::SCRAM is required to use SCRAM-SHA-1\n"
    unless eval { require Authen::SCRAM::Client; 1 };
}

sub _credentials {
  my ($self, $creds) = @_;

  # [db, user, pass]
  $creds->[2]
    = md5_sum(encode("UTF-8", $creds->[1] . ":mongo:" . $creds->[2]));
  $self->{credentials} = $creds;
}

sub _authenticate {
  my ($self, $id) = @_;

  my $mango = $self->mango;
  my $cnx   = $self->mango->{connections}{$id};
  my $creds = $self->{credentials};

  my ($db, $user, $pass) = @$creds;

  my $scram_client = Authen::SCRAM::Client->new(
    skip_saslprep => 1,
    username      => $user,
    password      => $pass
  );

  my $delay = Mojo::IOLoop::Delay->new;
  my $conv_id;

  $delay->steps(
    sub {
      my ($d, $mango, $err, $doc) = @_;
      $conv_id = $doc->{conversationId};
      my $final_msg = $scram_client->final_msg(b64_decode $doc->{payload});

      my $command = $self->_cmd_sasl_continue($conv_id, $final_msg);
      $mango->_fast($id, $db, $command, $d->begin(0));
    },
    sub {
      my ($d, $mango, $err, $doc) = @_;
      $scram_client->validate(b64_decode $doc->{payload});

      my $command = $self->_cmd_sasl_continue($conv_id, '');
      $mango->_fast($id, $db, $command, $d->begin(0));
    },
    sub {
      my ($d, $mango, $err, $doc) = @_;
      $mango->emit(connection => $id)->_next;
    }
  );

  my $command = $self->_cmd_sasl_start($scram_client->first_msg);
  $mango->_fast($id, $db, $command, $delay->begin(0));

  $delay->wait;
  $delay->ioloop->one_tick unless $delay->ioloop->is_running;
}

sub _cmd_sasl_start {
  my ($self, $first_msg) = @_;

  bson_doc(
    'saslStart'     => 1,
    'mechanism'     => 'SCRAM-SHA-1',
    'payload'       => b64_encode($first_msg, ''),
    'autoAuthorize' => 1,
  );
}

sub _cmd_sasl_continue {
  my ($self, $conv_id, $final_msg) = @_;

  bson_doc(
    'saslContinue'   => 1,
    'conversationId' => $conv_id,
    'payload'        => $final_msg ? b64_encode($final_msg, '') : ''
  );
}

1;

=encoding utf8

=head1 NAME

Mango::Auth::SCRAM - SCRAM-SHA-1 Authentication

=head1 DESCRIPTION

The default authentication backend for L<Mango> using the SCRAM-SHA-1 algorithm.
It requires L<Authen::SCRAM>.

=head1 SEE ALSO

L<Mango>, L<Mojolicious::Guides>, L<http://mojolicio.us>.

=cut