mongo 1.9.2 → 1.10.0.rc0

data/lib/mongo/db.rb

@@ -1,4 +1,4 @@
-# Copyright (C) 2013 10gen Inc.
+# Copyright (C) 2009-2013 MongoDB, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,9 +12,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require 'socket'
-require 'thread'
-
 module Mongo
 
   # A MongoDB database.
@@ -27,6 +24,7 @@ module Mongo
     SYSTEM_USER_COLLECTION      = 'system.users'
     SYSTEM_JS_COLLECTION        = 'system.js'
     SYSTEM_COMMAND_COLLECTION   = '$cmd'
+    MAX_TIME_MS_CODE      = 50
 
     PROFILE_LEVEL = {
       :off       => 0,
@@ -63,7 +61,10 @@ module Mongo
     attr_reader :name, :write_concern
 
     # The Mongo::MongoClient instance connecting to the MongoDB server.
-    attr_reader :connection
+    attr_reader :client
+
+    # for backward compatibility
+    alias_method :connection, :client
 
     # The length of time that Collection.ensure_index should cache index calls
     attr_accessor :cache_time
@@ -99,81 +100,66 @@ module Mongo
     #     on initialization or at the time of an operation.
     #
     # @option opts [Integer] :cache_time (300) Set the time that all ensure_index calls should cache the command.
-    #
-    # @core databases constructor_details
+
     def initialize(name, client, opts={})
-      @name       = Mongo::Support.validate_db_name(name)
-      @connection = client
+      # A database name of '$external' is permitted for some auth types
+      Support.validate_db_name(name) unless name == '$external'
+
+      @name       = name
+      @client     = client
       @strict     = opts[:strict]
       @pk_factory = opts[:pk]
 
       @write_concern = get_write_concern(opts, client)
 
-      @read = opts[:read] || @connection.read
-      Mongo::ReadPreference::validate(@read)
-      @tag_sets = opts.fetch(:tag_sets, @connection.tag_sets)
-      @acceptable_latency = opts.fetch(:acceptable_latency, @connection.acceptable_latency)
-      @cache_time = opts[:cache_time] || 300 #5 minutes.
-    end
+      @read = opts[:read] || @client.read
+      ReadPreference::validate(@read)
 
-    # Authenticate with the given username and password. Note that mongod
-    # must be started with the --auth option for authentication to be enabled.
-    #
-    # @param [String] username
-    # @param [String] password
-    # @param [Boolean] save_auth
-    #   Save this authentication to the client object using MongoClient#add_auth. This
-    #   will ensure that the authentication will be applied to all sockets and upon
-    #   database reconnect.
-    # @param source [String] Database with user credentials. This should be used to
-    #   authenticate against a database when the credentials exist elsewhere.
-    #
-    # @note save_auth must be true when using connection pooling or providing a source
-    #   for credentials.
-    #
-    # @return [Boolean]
-    #
-    # @raise [AuthenticationError]
-    #
-    # @core authenticate authenticate-instance_method
-    def authenticate(username, password=nil, save_auth=true, source=nil)
-      if (@connection.pool_size > 1 || source) && !save_auth
-        raise MongoArgumentError, "If using connection pooling or delegated auth, " +
-          ":save_auth must be set to true."
-      end
+      @tag_sets = opts.fetch(:tag_sets, @client.tag_sets)
+      @acceptable_latency = opts.fetch(:acceptable_latency,
+                                       @client.acceptable_latency)
 
-      begin
-        socket = @connection.checkout_reader(:mode => :primary_preferred)
-        issue_authentication(username, password, save_auth,
-          :socket => socket, :source => source)
-      ensure
-        socket.checkin if socket
-      end
+      @cache_time = opts[:cache_time] || 300 #5 minutes.
+    end
 
-      @connection.authenticate_pools
+    # Authenticate with the given username and password.
+    #
+    # @param username [String] The username.
+    # @param password [String] The user's password. This is not required for
+    #   some authentication mechanisms.
+    # @param save_auth [Boolean]
+    #   Save this authentication to the client object using
+    #   MongoClient#add_auth. This will ensure that the authentication will
+    #   be applied to all sockets and upon database reconnect.
+    # @param source [String] Database with user credentials. This should be
+    #   used to authenticate against a database when the credentials exist
+    #   elsewhere.
+    # @param mechanism [String] The authentication mechanism to be used.
+    #
+    # @note The ability to disable the save_auth option has been deprecated.
+    #   With save_auth=false specified, driver authentication behavior during
+    #   failovers and reconnections becomes unreliable. This option still
+    #   exists for API compatibility, but it no longer has any effect if
+    #   disabled and now always uses the default behavior (safe_auth=true).
+    #
+    # @raise [AuthenticationError] Raised if authentication fails.
+    # @return [Boolean] The result of the authentication operation.
+    def authenticate(username, password=nil, save_auth=nil, source=nil, mechanism=nil)
+      warn "[DEPRECATED] Disabling the 'save_auth' option no longer has " +
+           "any effect. Please see the API documentation for more details " +
+           "on this change." unless save_auth.nil?
+
+      @client.add_auth(self.name, username, password, source, mechanism)
       true
     end
 
-    def issue_authentication(username, password, save_auth=true, opts={})
-      doc = command({:getnonce => 1}, :check_response => false, :socket => opts[:socket])
-      raise MongoDBError, "Error retrieving nonce: #{doc}" unless ok?(doc)
-      nonce = doc['nonce']
-
-      # issue authentication against this database if source option not provided
-      source = opts[:source]
-      db = source ? @connection[source] : self
-
-      auth = BSON::OrderedHash.new
-      auth['authenticate'] = 1
-      auth['user'] = username
-      auth['nonce'] = nonce
-      auth['key'] = Mongo::Support.auth_key(username, password, nonce)
-      if ok?(doc = db.command(auth, :check_response => false, :socket => opts[:socket]))
-        @connection.add_auth(name, username, password, source) if save_auth
-      else
-        message = "Failed to authenticate user '#{username}' on db '#{db.name}'"
-        raise Mongo::AuthenticationError.new(message, doc['code'], doc)
-      end
+    # Deauthorizes use for this database for this client connection. Also removes
+    # the saved authentication in the MongoClient class associated with this
+    # database.
+    #
+    # @return [Boolean]
+    def logout(opts={})
+      @client.remove_auth(self.name)
       true
     end
 
@@ -224,18 +210,22 @@ module Mongo
     #
     # @return [Hash] an object representing the user.
     def add_user(username, password=nil, read_only=false, opts={})
-      users = self[SYSTEM_USER_COLLECTION]
-      user  = users.find_one({:user => username}) || {:user => username}
-      user['pwd'] = Mongo::Support.hash_password(username, password) if password
-      user['readOnly'] = true if read_only
-      user.merge!(opts)
       begin
-        users.save(user)
+        user_info = command(:usersInfo => username)
+      # MongoDB >= 2.5.3 requires the use of commands to manage users.
+      # "Command not found" error didn't return an error code (59) before
+      # MongoDB 2.4.7 so we assume that a nil error code means the usersInfo
+      # command doesn't exist and we should fall back to the legacy add user code.
       rescue OperationFailure => ex
-        # adding first admin user fails GLE in MongoDB 2.2
-        raise ex unless ex.message =~ /login/
+        raise ex unless ex.error_code == Mongo::ErrorCode::COMMAND_NOT_FOUND || ex.error_code.nil?
+        return legacy_add_user(username, password, read_only, opts)
+      end
+
+      if user_info.key?('users') && !user_info['users'].empty?
+        update_user(username, password, opts)
+      else
+        create_user(username, password, read_only, opts)
       end
-      user
     end
 
     # Remove the given user from this database. Returns false if the user
@@ -245,32 +235,13 @@ module Mongo
     #
     # @return [Boolean]
     def remove_user(username)
-      if self[SYSTEM_USER_COLLECTION].find_one({:user => username})
-        self[SYSTEM_USER_COLLECTION].remove({:user => username}, :w => 1)
-      else
-        false
-      end
-    end
-
-    # Deauthorizes use for this database for this client connection. Also removes
-    # any saved authentication in the MongoClient class associated with this
-    # database.
-    #
-    # @raise [MongoDBError] if logging out fails.
-    #
-    # @return [Boolean]
-    def logout(opts={})
-      auth = @connection.auths.find { |a| a[:db_name] == name }
-      db = auth && auth[:source] ? @connection[auth[:source]] : self
-      auth ? @connection.logout_pools(db.name) : db.issue_logout(opts)
-      @connection.remove_auth(db.name)
-    end
-
-    def issue_logout(opts={})
-      unless ok?(doc = command({:logout => 1}, :socket => opts[:socket]))
-        raise MongoDBError, "Error logging out: #{doc.inspect}"
+      begin
+        command(:dropUser => username)
+      rescue OperationFailure => ex
+        raise ex unless ex.error_code == Mongo::ErrorCode::COMMAND_NOT_FOUND || ex.error_code.nil?
+        response = self[SYSTEM_USER_COLLECTION].remove({:user => username}, :w => 1)
+        response.key?('n') && response['n'] > 0 ? response : false
       end
-      true
     end
 
     # Get an array of collection names in this database.
@@ -451,6 +422,7 @@ module Mongo
 
       cmd = BSON::OrderedHash.new
       cmd[:$eval] = code
+      cmd.merge!(args.pop) if args.last.respond_to?(:keys) && args.last.key?(:nolock)
       cmd[:args] = args
       doc = command(cmd)
       doc['retval']
@@ -468,7 +440,7 @@ module Mongo
       cmd = BSON::OrderedHash.new
       cmd[:renameCollection] = "#{@name}.#{from}"
       cmd[:to] = "#{@name}.#{to}"
-      doc = DB.new('admin', @connection).command(cmd, :check_response => false)
+      doc = DB.new('admin', @client).command(cmd, :check_response => false)
       ok?(doc) || raise(MongoDBError, "Error renaming collection: #{doc.inspect}")
     end
 
@@ -509,7 +481,7 @@ module Mongo
     #
     # @return [Hash]
     def stats
-      self.command({:dbstats => 1})
+      self.command(:dbstats => 1)
     end
 
     # Return +true+ if the supplied +doc+ contains an 'ok' field with the value 1.
@@ -531,8 +503,8 @@ module Mongo
     # to see how it works.
     #
     # @param [OrderedHash, Hash] selector an OrderedHash, or a standard Hash with just one
-    # key, specifying the command to be performed. In Ruby 1.9, OrderedHash isn't necessary since
-    # hashes are ordered by default.
+    # key, specifying the command to be performed. In Ruby 1.9 and above, OrderedHash isn't necessary
+    # because hashes are ordered by default.
     #
     # @option opts [Boolean] :check_response (true) If +true+, raises an exception if the
     #   command fails.
@@ -540,48 +512,59 @@ module Mongo
     # @option opts [:primary, :secondary] :read Read preference for this command. See Collection#find for
     #   more details.
     # @option opts [String]  :comment (nil) a comment to include in profiling logs
+    # @option opts [Boolean] :compile_regex (true) whether BSON regex objects should be compiled into Ruby regexes.
+    #   If false, a BSON::Regex object will be returned instead.
     #
     # @return [Hash]
-    #
-    # @core commands command_instance-method
     def command(selector, opts={})
-      check_response = opts.fetch(:check_response, true)
-      socket = opts[:socket]
-      raise MongoArgumentError, "Command must be given a selector" unless selector.is_a?(Hash) && !selector.empty?
-
-      if selector.keys.length > 1 && RUBY_VERSION < '1.9' && selector.class != BSON::OrderedHash
-        raise MongoArgumentError, "DB#command requires an OrderedHash when hash contains multiple keys"
-      end
-
-      if read_pref = opts[:read]
-        Mongo::ReadPreference::validate(read_pref)
-        unless read_pref == :primary || Mongo::Support::secondary_ok?(selector)
-          raise MongoArgumentError, "Command is not supported on secondaries: #{selector.keys.first}"
+      raise MongoArgumentError, "Command must be given a selector" unless selector.respond_to?(:keys) && !selector.empty?
+
+      opts = opts.dup
+      # deletes :check_response and returns the value, if nil defaults to the block result
+      check_response = opts.delete(:check_response) { true }
+
+      # build up the command hash
+      command = opts.key?(:socket) ? { :socket => opts.delete(:socket) } : {}
+      command.merge!(:comment => opts.delete(:comment)) if opts.key?(:comment)
+      command.merge!(:compile_regex => opts.delete(:compile_regex)) if opts.key?(:compile_regex)
+      command[:limit] = -1
+      command[:read] = Mongo::ReadPreference::cmd_read_pref(opts.delete(:read), selector) if opts.key?(:read)
+
+      if RUBY_VERSION < '1.9' && selector.class != BSON::OrderedHash
+        if selector.keys.length > 1
+          raise MongoArgumentError, "DB#command requires an OrderedHash when hash contains multiple keys"
+        end
+        if opts.keys.size > 0
+          # extra opts will be merged into the selector, so make sure it's an OH in versions < 1.9
+          selector = selector.dup
+          selector = BSON::OrderedHash.new.merge!(selector)
         end
       end
 
+      # arbitrary opts are merged into the selector
+      command[:selector] = selector.merge!(opts)
+
       begin
-        result = Cursor.new(
-          system_command_collection,
-          :limit => -1,
-          :selector => selector,
-          :socket => socket,
-          :read => read_pref,
-          :comment => opts[:comment]).next_document
+        result = Cursor.new(system_command_collection, command).next_document
       rescue OperationFailure => ex
-        raise OperationFailure, "Database command '#{selector.keys.first}' failed: #{ex.message}"
+        if check_response
+          raise OperationFailure.new("Database command '#{selector.keys.first}' failed: #{ex.message}", ex.error_code, ex.result)
+        else
+          result = ex.result
+        end
       end
 
       raise OperationFailure,
         "Database command '#{selector.keys.first}' failed: returned null." unless result
 
-      if check_response && !ok?(result)
+      if check_response && (!ok?(result) || result['writeErrors'] || result['writeConcernError'])
         message = "Database command '#{selector.keys.first}' failed: ("
         message << result.map do |key, value|
           "#{key}: '#{value}'"
         end.join('; ')
         message << ').'
         code = result['code'] || result['assertionCode']
+        raise ExecutionTimeout.new(message, code, result) if code == MAX_TIME_MS_CODE
         raise OperationFailure.new(message, code, result)
       end
 
@@ -618,8 +601,6 @@ module Mongo
     # get the results using DB#profiling_info.
     #
     # @return [Symbol] :off, :slow_only, or :all
-    #
-    # @core profiling profiling_level-instance_method
     def profiling_level
       cmd = BSON::OrderedHash.new
       cmd[:profile] = -1
@@ -677,5 +658,96 @@ module Mongo
     def system_command_collection
       Collection.new(SYSTEM_COMMAND_COLLECTION, self)
     end
+
+    # Create a new user.
+    #
+    # @param username [String] The username.
+    # @param password [String] The user's password.
+    # @param read_only [Boolean] Create a read-only user (deprecated in MongoDB >= 2.6)
+    # @param opts [Hash]
+    #
+    # @private
+    def create_user(username, password, read_only, opts)
+      if read_only || !opts.key?(:roles)
+        warn "Creating a user with the read_only option or without roles is " +
+             "deprecated in MongoDB >= 2.6"
+      end
+
+      # The password is always salted and hashed by the driver.
+      if opts.key?(:digestPassword)
+        raise MongoArgumentError,
+          "The digestPassword option is not available via DB#add_user. " +
+          "Use DB#command(:createUser => ...) instead for this option."
+      end
+
+      opts = opts.dup
+      pwd = Mongo::Authentication.hash_password(username, password) if password
+      create_opts = pwd ? { :pwd => pwd } : {}
+      # specify that the server shouldn't digest the password because the driver does
+      create_opts[:digestPassword] = false
+      unless opts.key?(:roles)
+        if name == 'admin'
+          roles = read_only ? ['readAnyDatabase'] : ['root']
+        else
+          roles = read_only ? ['read'] : ["dbOwner"]
+        end
+        create_opts[:roles] = roles
+      end
+      create_opts[:writeConcern] =
+        opts.key?(:writeConcern) ? opts.delete(:writeConcern) : { :w => 1 }
+      create_opts.merge!(opts)
+      command({ :createUser => username }, create_opts)
+    end
+
+    # Update a user.
+    #
+    # @param username [String] The username.
+    # @param password [String] The user's password.
+    # @param opts [Hash]
+    #
+    # @private
+    def update_user(username, password, opts)
+      # The password is always salted and hashed by the driver.
+      if opts.key?(:digestPassword)
+        raise MongoArgumentError,
+          "The digestPassword option is not available via DB#add_user. " +
+          "Use DB#command(:createUser => ...) instead for this option."
+      end
+
+      opts = opts.dup
+      pwd = Mongo::Authentication.hash_password(username, password) if password
+      update_opts = pwd ? { :pwd => pwd } : {}
+      # specify that the server shouldn't digest the password because the driver does
+      update_opts[:digestPassword] = false
+      update_opts[:writeConcern] =
+        opts.key?(:writeConcern) ? opts.delete(:writeConcern) : { :w => 1 }
+      update_opts.merge!(opts)
+      command({ :updateUser => username }, update_opts)
+    end
+
+    # Create a user in MongoDB versions < 2.5.3.
+    # Called by #add_user if the 'usersInfo' command fails.
+    #
+    # @param username [String] The username.
+    # @param password [String] (nil) The user's password.
+    # @param read_only [Boolean] (false) Create a read-only user.
+    # @param opts [Hash]
+    #
+    # @private
+    def legacy_add_user(username, password=nil, read_only=false, opts={})
+      users = self[SYSTEM_USER_COLLECTION]
+      user  = users.find_one(:user => username) || {:user => username}
+      user['pwd'] =
+        Mongo::Authentication.hash_password(username, password) if password
+      user['readOnly'] = true if read_only
+      user.merge!(opts)
+      begin
+        users.save(user)
+      rescue OperationFailure => ex
+        # adding first admin user fails GLE in MongoDB 2.2
+        raise ex unless ex.message =~ /login/
+      end
+      user
+    end
   end
 end