1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
|
# Copyright (C) 2014 MongoDB Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
module Mongo
module Auth
class CR
# Defines behaviour around a single MONGODB-CR conversation between the
# client and server.
#
# @since 2.0.0
class Conversation
# The login message base.
#
# @since 2.0.0
LOGIN = { authenticate: 1 }.freeze
# @return [ Protocol::Message ] reply The current reply in the
# conversation.
attr_reader :reply
# @return [ String ] database The database to authenticate against.
attr_reader :database
# @return [ String ] nonce The initial auth nonce.
attr_reader :nonce
# @return [ User ] user The user for the conversation.
attr_reader :user
# Continue the CR conversation. This sends the client final message
# to the server after setting the reply from the previous server
# communication.
#
# @example Continue the conversation.
# conversation.continue(reply)
#
# @param [ Protocol::Message ] reply The reply of the previous
# message.
# @param [ Mongo::Server::Connection ] connection The connection being authenticated.
#
# @return [ Protocol::Query ] The next message to send.
#
# @since 2.0.0
def continue(reply, connection = nil)
validate!(reply)
if connection && connection.features.op_msg_enabled?
selector = LOGIN.merge(user: user.name, nonce: nonce, key: user.auth_key(nonce))
selector[Protocol::Msg::DATABASE_IDENTIFIER] = user.auth_source
cluster_time = connection.mongos? && connection.cluster_time
selector[Operation::CLUSTER_TIME] = cluster_time if cluster_time
Protocol::Msg.new([:none], {}, selector)
else
Protocol::Query.new(
user.auth_source,
Database::COMMAND,
LOGIN.merge(user: user.name, nonce: nonce, key: user.auth_key(nonce)),
limit: -1
)
end
end
# Finalize the CR conversation. This is meant to be iterated until
# the provided reply indicates the conversation is finished.
#
# @example Finalize the conversation.
# conversation.finalize(reply)
#
# @param [ Protocol::Message ] reply The reply of the previous
# message.
#
# @return [ Protocol::Query ] The next message to send.
#
# @since 2.0.0
def finalize(reply, connection = nil)
validate!(reply)
end
# Start the CR conversation. This returns the first message that
# needs to be send to the server.
#
# @example Start the conversation.
# conversation.start
#
# @return [ Protocol::Query ] The first CR conversation message.
#
# @since 2.0.0
def start(connection = nil)
if connection && connection.features.op_msg_enabled?
selector = Auth::GET_NONCE.merge(Protocol::Msg::DATABASE_IDENTIFIER => user.auth_source)
cluster_time = connection.mongos? && connection.cluster_time
selector[Operation::CLUSTER_TIME] = cluster_time if cluster_time
Protocol::Msg.new([:none], {}, selector)
else
Protocol::Query.new(
user.auth_source,
Database::COMMAND,
Auth::GET_NONCE,
limit: -1)
end
end
# Create the new conversation.
#
# @example Create the new conversation.
# Conversation.new(user, "admin")
#
# @param [ Auth::User ] user The user to converse about.
#
# @since 2.0.0
def initialize(user)
@user = user
end
private
def validate!(reply)
raise Unauthorized.new(user) if reply.documents[0][Operation::Result::OK] != 1
@nonce = reply.documents[0][Auth::NONCE]
@reply = reply
end
end
end
end
end
|
