class Mongo::Auth::SaslConversationBase
Defines common behavior around SASL conversations between the client and the server.
@api private
Constants
- CLIENT_CONTINUE_MESSAGE
The base client continue message.
- CLIENT_FIRST_MESSAGE
The base client first message.
Public Instance Methods
start(connection)
click to toggle source
Start the SASL conversation. This returns the first message that needs to be sent to the server.
@param [ Server::Connection
] connection The connection being authenticated.
@return [ Protocol::Message
] The first SASL conversation message.
# File lib/mongo/auth/sasl_conversation_base.rb, line 36 def start(connection) selector = client_first_document if connection && connection.features.op_msg_enabled? selector[Protocol::Msg::DATABASE_IDENTIFIER] = user.auth_source cluster_time = connection.mongos? && connection.cluster_time selector[Operation::CLUSTER_TIME] = cluster_time if cluster_time Protocol::Msg.new([], {}, selector) else Protocol::Query.new( user.auth_source, Database::COMMAND, selector, limit: -1, ) end end
Private Instance Methods
auth_mechanism_name()
click to toggle source
Gets the auth mechanism name for the conversation class.
Example return: SCRAM-SHA-1.
@return [ String ] Auth
mechanism name.
# File lib/mongo/auth/sasl_conversation_base.rb, line 60 def auth_mechanism_name # self.class.name is e.g. Mongo::Auth::Scram256::Mechanism. # We need Mongo::Auth::Scram::MECHANISM. # Pull out the Scram256 part, get that class off of Auth, # then get the value of MECHANISM constant in Scram256. # With ActiveSupport, this method would be: # self.class.module_parent.const_get(:MECHANISM) parts = self.class.name.split('::') parts.pop Auth.const_get(parts.last).const_get(:MECHANISM) end
client_first_document()
click to toggle source
# File lib/mongo/auth/sasl_conversation_base.rb, line 76 def client_first_document payload = client_first_payload if Lint.enabled? unless payload.is_a?(String) raise Error::LintError, "Payload must be a string but is a #{payload.class}: #{payload}" end end doc = CLIENT_FIRST_MESSAGE.merge( mechanism: auth_mechanism_name, payload: BSON::Binary.new(payload), ) if options = client_first_message_options # Short SCRAM conversation, # https://jira.mongodb.org/browse/DRIVERS-707 doc[:options] = options end doc end
client_first_message_options()
click to toggle source
# File lib/mongo/auth/sasl_conversation_base.rb, line 72 def client_first_message_options nil end
validate_server_nonce!()
click to toggle source
Helper method to validate that server nonce starts with the client nonce.
Note that this class does not define the client_nonce or server_nonce attributes - derived classes must do so.
# File lib/mongo/auth/sasl_conversation_base.rb, line 100 def validate_server_nonce! if client_nonce.nil? || client_nonce.empty? raise ArgumentError, 'Cannot validate server nonce when client nonce is nil or empty' end unless server_nonce.start_with?(client_nonce) raise Error::InvalidNonce.new(client_nonce, server_nonce) end end