mongo 1.9.2 → 1.10.0.rc0

data/lib/mongo/{exceptions.rb → exception.rb}

@@ -1,4 +1,4 @@
-# Copyright (C) 2013 10gen Inc.
+# Copyright (C) 2009-2013 MongoDB, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -65,6 +65,9 @@ module Mongo
   # Raised when a database operation fails.
   class OperationFailure < MongoDBError; end
 
+  # Raised when a database operation exceeds maximum specified time.
+  class ExecutionTimeout < OperationFailure; end
+
   # Raised when a socket read operation times out.
   class OperationTimeout < SocketError; end
 
@@ -76,4 +79,7 @@ module Mongo
 
   # Raised when the client supplies an invalid value to sort by.
   class InvalidSortValueError < MongoRubyError; end
+
+  # Raised for bulk write errors.
+  class BulkWriteError < OperationFailure; end
 end

data/lib/mongo/functional.rb

@@ -0,0 +1,19 @@
+# Copyright (C) 2009-2013 MongoDB, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'mongo/functional/authentication'
+require 'mongo/functional/logging'
+require 'mongo/functional/read_preference'
+require 'mongo/functional/write_concern'
+require 'mongo/functional/uri_parser'

data/lib/mongo/functional/authentication.rb

@@ -0,0 +1,303 @@
+# Copyright (C) 2009-2013 MongoDB, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'digest/md5'
+
+module Mongo
+  module Authentication
+
+    DEFAULT_MECHANISM = 'MONGODB-CR'
+    MECHANISMS        = ['GSSAPI', 'MONGODB-CR', 'MONGODB-X509', 'PLAIN']
+
+    # authentication module methods
+    class << self
+      # Helper to validate an authentication mechanism and optionally
+      # raise an error if invalid.
+      #
+      # @param  mechanism [String] [description]
+      # @param  raise_error [Boolean] [description]
+      #
+      # @raise [ArgumentError] if raise_error and not a valid auth mechanism.
+      # @return [Boolean] returns the validation result.
+      def validate_mechanism(mechanism, raise_error=false)
+        return true if MECHANISMS.include?(mechanism.upcase)
+        if raise_error
+          raise ArgumentError,
+            "Invalid authentication mechanism provided. Must be one of " +
+            "#{Mongo::Authentication::MECHANISMS.join(', ')}."
+        end
+        false
+      end
+
+
+      # Helper to validate and normalize credential sets.
+      #
+      # @param auth [Hash] A hash containing the credential set.
+      #
+      # @raise [MongoArgumentError] if the credential set is invalid.
+      # @return [Hash] The validated credential set.
+      def validate_credentials(auth)
+        # set the default auth mechanism if not defined
+        auth[:mechanism] ||= DEFAULT_MECHANISM
+
+        # set the default auth source if not defined
+        auth[:source] = auth[:source] || auth[:db_name] || 'admin'
+
+        if (auth[:mechanism] == 'MONGODB-CR' || auth[:mechanism] == 'PLAIN') && !auth[:password]
+          raise MongoArgumentError,
+            "When using the authentication mechanism #{auth[:mechanism]} " +
+            "both username and password are required."
+        end
+        auth
+      end
+
+      # Generate an MD5 for authentication.
+      #
+      # @param username [String] The username.
+      # @param password [String] The user's password.
+      # @param nonce [String] The nonce value.
+      #
+      # @return [String] MD5 key for db authentication.
+      def auth_key(username, password, nonce)
+        Digest::MD5.hexdigest("#{nonce}#{username}#{hash_password(username, password)}")
+      end
+
+      # Return a hashed password for auth.
+      #
+      # @param username [String] The username.
+      # @param password [String] The users's password.
+      #
+      # @return [String] The hashed password value.
+      def hash_password(username, password)
+        Digest::MD5.hexdigest("#{username}:mongo:#{password}")
+      end
+    end
+
+    # Saves a cache of authentication credentials to the current
+    # client instance. This method is called automatically by DB#authenticate.
+    #
+    # @param db_name [String] The current database name.
+    # @param username [String] The current username.
+    # @param password [String] (nil) The users's password (not required for
+    #   all authentication mechanisms).
+    # @param source [String] (nil) The authentication source database
+    #   (if different than the current database).
+    # @param mechanism [String] (nil) The authentication mechanism being used
+    #   (default: 'MONGODB-CR').
+    #
+    # @raise [MongoArgumentError] Raised if the database has already been used
+    #   for authentication. A log out is required before additional auths can
+    #   be issued against a given database.
+    # @raise [AuthenticationError] Raised if authentication fails.
+    # @return [Hash] a hash representing the authentication just added.
+    def add_auth(db_name, username, password=nil, source=nil, mechanism=nil)
+      auth = Authentication.validate_credentials({
+        :db_name   => db_name,
+        :username  => username,
+        :password  => password,
+        :source    => source,
+        :mechanism => mechanism
+      })
+
+      if @auths.any? {|a| a[:source] == auth[:source]}
+        raise MongoArgumentError,
+          "Another user has already authenticated to the database " +
+          "'#{auth[:source]}' and multiple authentications are not " +
+          "permitted. Please logout first."
+      end
+
+      begin
+        socket = self.checkout_reader(:mode => :primary_preferred)
+        self.issue_authentication(auth, :socket => socket)
+      ensure
+        socket.checkin if socket
+      end
+
+      @auths << auth
+      auth
+    end
+
+    # Remove a saved authentication for this connection.
+    #
+    # @param db_name [String] The database name.
+    #
+    # @return [Boolean] The result of the operation.
+    def remove_auth(db_name)
+      return false unless @auths
+      @auths.reject! { |a| a[:source] == db_name } ? true : false
+    end
+
+    # Remove all authentication information stored in this connection.
+    #
+    # @return [Boolean] result of the operation.
+    def clear_auths
+      @auths = Set.new
+      true
+    end
+
+    # Method to handle and issue logout commands.
+    #
+    # @note This method should not be called directly. Use DB#logout.
+    #
+    # @param db_name [String] The database name.
+    # @param opts [Hash] Hash of optional settings and configuration values.
+    #
+    # @option opts [Socket] socket (nil) Optional socket instance to use.
+    #
+    # @raise [MongoDBError] Raised if the logout operation fails.
+    # @return [Boolean] The result of the logout operation.
+    def issue_logout(db_name, opts={})
+      doc = db(db_name).command({:logout => 1}, :socket => opts[:socket])
+      unless Support.ok?(doc)
+        raise MongoDBError, "Error logging out on DB #{db_name}."
+      end
+      true # somewhat pointless, but here to preserve the existing API
+    end
+
+    # Method to handle and issue authentication commands.
+    #
+    # @note This method should not be called directly. Use DB#authenticate.
+    #
+    # @param auth [Hash] The authentication credentials to be used.
+    # @param opts [Hash] Hash of optional settings and configuration values.
+    #
+    # @option opts [Socket] socket (nil) Optional socket instance to use.
+    #
+    # @raise [AuthenticationError] Raised if the authentication fails.
+    # @return [Boolean] Result of the authentication operation.
+    def issue_authentication(auth, opts={})
+      result = case auth[:mechanism]
+        when 'MONGODB-CR'
+          issue_cr(auth, opts)
+        when 'MONGODB-X509'
+          issue_x509(auth, opts)
+        when 'PLAIN'
+          issue_plain(auth, opts)
+        when 'GSSAPI'
+          issue_gssapi(auth, opts)
+      end
+
+      unless Support.ok?(result)
+        raise AuthenticationError,
+          "Failed to authenticate user '#{auth[:username]}' " +
+          "on db '#{auth[:source]}'."
+      end
+
+      true
+    end
+
+    private
+
+    # Handles issuing authentication commands for the MONGODB-CR auth mechanism.
+    #
+    # @param auth [Hash] The authentication credentials to be used.
+    # @param opts [Hash] Hash of optional settings and configuration values.
+    #
+    # @option opts [Socket] socket (nil) Optional socket instance to use.
+    #
+    # @return [Boolean] Result of the authentication operation.
+    #
+    # @private
+    def issue_cr(auth, opts={})
+      database = db(auth[:source])
+      nonce    = get_nonce(database, opts)
+
+      # build auth command document
+      cmd = BSON::OrderedHash.new
+      cmd['authenticate'] = 1
+      cmd['user'] = auth[:username]
+      cmd['nonce'] = nonce
+      cmd['key'] = Authentication.auth_key(auth[:username],
+                                           auth[:password],
+                                           nonce)
+
+      database.command(cmd, :check_response => false,
+                            :socket         => opts[:socket])
+    end
+
+    # Handles issuing authentication commands for the MONGODB-X509 auth mechanism.
+    #
+    # @param auth [Hash] The authentication credentials to be used.
+    # @param opts [Hash] Hash of optional settings and configuration values.
+    #
+    # @private
+    def issue_x509(auth, opts={})
+      database = db('$external')
+
+      cmd = BSON::OrderedHash.new
+      cmd[:authenticate] = 1
+      cmd[:mechanism]    = auth[:mechanism]
+      cmd[:user]         = auth[:username]
+
+      database.command(cmd, :check_response => false,
+                            :socket         => opts[:socket])
+    end
+
+    # Handles issuing authentication commands for the PLAIN auth mechanism.
+    #
+    # @param auth [Hash] The authentication credentials to be used.
+    # @param opts [Hash] Hash of optional settings and configuration values.
+    #
+    # @option opts [Socket] socket (nil) Optional socket instance to use.
+    #
+    # @return [Boolean] Result of the authentication operation.
+    #
+    # @private
+    def issue_plain(auth, opts={})
+      database = db(auth[:source])
+      payload  = "\x00#{auth[:username]}\x00#{auth[:password]}"
+
+      cmd = BSON::OrderedHash.new
+      cmd[:saslStart]     = 1
+      cmd[:mechanism]     = auth[:mechanism]
+      cmd[:payload]       = BSON::Binary.new(payload)
+      cmd[:autoAuthorize] = 1
+
+      database.command(cmd, :check_response => false,
+                            :socket         => opts[:socket])
+    end
+
+    # Handles issuing authentication commands for the GSSAPI auth mechanism.
+    #
+    # @param auth [Hash] The authentication credentials to be used.
+    # @param opts [Hash] Hash of optional settings and configuration values.
+    #
+    # @private
+    def issue_gssapi(auth, opts={})
+      raise NotImplementedError,
+        "The #{auth[:mechanism]} authentication mechanism is not yet supported."
+    end
+
+    # Helper to fetch a nonce value from a given database instance.
+    #
+    # @param db [Mongo::DB] The DB instance to use for issue the nonce command.
+    # @param opts [Hash] Hash of optional settings and configuration values.
+    #
+    # @option opts [Socket] socket (nil) Optional socket instance to use.
+    #
+    # @raise [MongoDBError] Raised if there is an error executing the command.
+    # @return [String] Returns the nonce value.
+    #
+    # @private
+    def get_nonce(database, opts={})
+      doc = database.command({:getnonce => 1}, :check_response => false,
+                                               :socket         => opts[:socket])
+      unless Support.ok?(doc)
+        raise MongoDBError, "Error retrieving nonce: #{doc}"
+      end
+      doc['nonce']
+    end
+
+  end
+end

data/lib/mongo/{util → functional}/logging.rb

@@ -1,4 +1,4 @@
-# Copyright (C) 2013 10gen Inc.
+# Copyright (C) 2009-2013 MongoDB, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

data/lib/mongo/{util → functional}/read_preference.rb

@@ -1,4 +1,4 @@
-# Copyright (C) 2013 10gen Inc.
+# Copyright (C) 2009-2013 MongoDB, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -30,6 +30,24 @@ module Mongo
       :nearest              => 'nearest'
     }
 
+    # Commands that may be sent to replica-set secondaries, depending on
+    # read preference and tags. All other commands are always run on the primary.
+    SECONDARY_OK_COMMANDS = [
+      'group',
+      'aggregate',
+      'collstats',
+      'dbstats',
+      'count',
+      'distinct',
+      'geonear',
+      'geosearch',
+      'geowalk',
+      'mapreduce',
+      'replsetgetstatus',
+      'ismaster',
+      'parallelcollectionscan'
+    ]
+
     def self.mongos(mode, tag_sets)
       if mode != :secondary_preferred || !tag_sets.empty?
         mongos_read_preference = BSON::OrderedHash[:mode => MONGOS_MODES[mode]]
@@ -47,6 +65,36 @@ module Mongo
       end
     end
 
+    # Returns true if it's ok to run the command on a secondary
+    def self.secondary_ok?(selector)
+      command = selector.keys.first.to_s.downcase
+
+      if command == 'mapreduce'
+        out = selector.select { |k, v| k.to_s.downcase == 'out' }.first.last
+        # the server only looks at the first key in the out object
+        return out.respond_to?(:keys) && out.keys.first.to_s.downcase == 'inline'
+      elsif command == 'aggregate'
+        return selector['pipeline'].none? { |op| op.key?('$out') || op.key?(:$out) }
+      end
+      SECONDARY_OK_COMMANDS.member?(command)
+    end
+
+    # Returns true if the command should be rerouted to the primary.
+    def self.reroute_cmd_primary?(read_pref, selector)
+      return false if read_pref == :primary
+      !secondary_ok?(selector)
+    end
+
+    # Given a command and read preference, possibly reroute to primary.
+    def self.cmd_read_pref(read_pref, selector)
+      ReadPreference::validate(read_pref)
+      if reroute_cmd_primary?(read_pref, selector)
+        warn "Database command '#{selector.keys.first}' rerouted to primary node"
+        read_pref = :primary
+      end
+      read_pref
+    end
+
     def read_preference
       {
         :mode => @read,

data/lib/mongo/{util → functional}/uri_parser.rb

@@ -1,4 +1,4 @@
-# Copyright (C) 2013 10gen Inc.
+# Copyright (C) 2009-2013 MongoDB, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -18,11 +18,9 @@ require 'uri'
 module Mongo
   class URIParser
 
-    USER_REGEX = /(.+)/
-    PASS_REGEX = /([^@,]+)/
-    AUTH_REGEX = /(#{USER_REGEX}:#{PASS_REGEX}@)?/
+    AUTH_REGEX = /((.+)@)?/
 
-    HOST_REGEX = /([-.\w]+)/
+    HOST_REGEX = /([-.\w]+)|(\[[^\]]+\])/
     PORT_REGEX = /(?::(\w+))?/
     NODE_REGEX = /((#{HOST_REGEX}#{PORT_REGEX},?)+)/
 
@@ -34,14 +32,16 @@ module Mongo
     SPEC_ATTRS = [:nodes, :auths]
 
     READ_PREFERENCES = {
-      "primary" => :primary,
-      "primarypreferred" => :primary_preferred,
-      "secondary" => :secondary,
-      "secondarypreferred" => :secondary_preferred,
-      "nearest" => :nearest
+      'primary'            => :primary,
+      'primarypreferred'   => :primary_preferred,
+      'secondary'          => :secondary,
+      'secondarypreferred' => :secondary_preferred,
+      'nearest'            => :nearest
     }
 
     OPT_ATTRS  = [
+      :authmechanism,
+      :authsource,
       :connect,
       :connecttimeoutms,
       :fsync,
@@ -59,6 +59,8 @@ module Mongo
     ]
 
     OPT_VALID = {
+      :authmechanism    => lambda { |arg| Mongo::Authentication.validate_mechanism(arg) },
+      :authsource       => lambda { |arg| arg.length > 0 },
       :connect          => lambda { |arg| [ 'direct', 'replicaset', 'true', 'false', true, false ].include?(arg) },
       :connecttimeoutms => lambda { |arg| arg =~ /^\d+$/ },
       :fsync            => lambda { |arg| ['true', 'false'].include?(arg) },
@@ -76,6 +78,8 @@ module Mongo
      }
 
     OPT_ERR = {
+      :authmechanism    => "must be one of #{Mongo::Authentication::MECHANISMS.join(', ')}",
+      :authsource       => "must be a string containing the name of the database being used for authentication",
       :connect          => "must be 'direct', 'replicaset', 'true', or 'false'",
       :connecttimeoutms => "must be an integer specifying milliseconds",
       :fsync            => "must be 'true' or 'false'",
@@ -85,7 +89,7 @@ module Mongo
       :replicaset       => "must be a string containing the name of the replica set to connect to",
       :safe             => "must be 'true' or 'false'",
       :slaveok          => "must be 'true' or 'false'",
-      :sockettimeoutms  => "must be an integer specifying milliseconds",
+      :settimeoutms     => "must be an integer specifying milliseconds",
       :ssl              => "must be 'true' or 'false'",
       :w                => "must be an integer indicating number of nodes to replicate to or a string " +
                            "specifying that replication is required to the majority or nodes with a " +
@@ -95,6 +99,8 @@ module Mongo
     }
 
     OPT_CONV = {
+      :authmechanism    => lambda { |arg| arg.upcase },
+      :authsource       => lambda { |arg| arg },
       :connect          => lambda { |arg| arg == 'false' ? false : arg }, # convert 'false' to FalseClass
       :connecttimeoutms => lambda { |arg| arg.to_f / 1000 }, # stored as seconds
       :fsync            => lambda { |arg| arg == 'true' ? true : false },
@@ -112,8 +118,11 @@ module Mongo
     }
 
     attr_reader :auths,
+                :authmechanism,
+                :authsource,
                 :connect,
                 :connecttimeoutms,
+                :db_name,
                 :fsync,
                 :journal,
                 :nodes,
@@ -134,9 +143,8 @@ module Mongo
     # @note Passwords can contain any character except for ','
     #
     # @param [String] uri The MongoDB URI string.
-    # @param [Hash,nil] extra_opts Extra options. Will override anything already specified in the URI.
-    #
-    # @core connections
+    # @param [Hash,nil] extra_opts Extra options. Will override anything
+    #   already specified in the URI.
     def initialize(uri)
       if uri.start_with?('mongodb://')
         uri = uri[10..-1]
@@ -145,8 +153,8 @@ module Mongo
       end
 
       hosts, opts = uri.split('?')
-      parse_hosts(hosts)
       parse_options(opts)
+      parse_hosts(hosts)
       validate_connect
     end
 
@@ -155,7 +163,7 @@ module Mongo
     # @note Don't confuse this with attribute getter method #connect.
     #
     # @return [MongoClient,MongoReplicaSetClient]
-    def connection(extra_opts, legacy = false, sharded = false)
+    def connection(extra_opts={}, legacy = false, sharded = false)
       opts = connection_options.merge!(extra_opts)
       if(legacy)
         if replicaset?
@@ -218,26 +226,15 @@ module Mongo
       end
       opts[:wtimeout] = @wtimeoutms
 
-      opts[:w] = 1 if @safe
-      opts[:w] = @w if @w
-      opts[:j] = @journal
+      opts[:w]     = 1 if @safe
+      opts[:w]     = @w if @w
+      opts[:j]     = @journal
       opts[:fsync] = @fsync
 
-      if @connecttimeoutms
-        opts[:connect_timeout] = @connecttimeoutms
-      end
-
-      if @sockettimeoutms
-        opts[:op_timeout] = @sockettimeoutms
-      end
-
-      if @pool_size
-        opts[:pool_size] = @pool_size
-      end
-
-      if @readpreference
-        opts[:read] = @readpreference
-      end
+      opts[:connect_timeout] = @connecttimeoutms if @connecttimeoutms
+      opts[:op_timeout]      = @sockettimeoutms if @sockettimeoutms
+      opts[:pool_size]       = @pool_size if @pool_size
+      opts[:read]            = @readpreference if @readpreference
 
       if @slaveok && !@readpreference
         unless replicaset?
@@ -247,14 +244,13 @@ module Mongo
         end
       end
 
-      opts[:ssl] = @ssl
-      opts[:auths] = auths
-
       if replicaset.is_a?(String)
         opts[:name] = replicaset
       end
 
-      opts[:default_db] = @db
+      opts[:db_name] = @db_name if @db_name
+      opts[:auths]   = @auths if @auths
+      opts[:ssl]     = @ssl
       opts[:connect] = connect?
 
       opts
@@ -266,47 +262,63 @@ module Mongo
 
     private
 
-    def parse_hosts(uri_without_proto)
+    def parse_hosts(uri_without_protocol)
       @nodes = []
-      @auths = []
+      @auths = Set.new
 
-      matches = MONGODB_URI_MATCHER.match(uri_without_proto)
-
-      if !matches
-        raise MongoArgumentError, "MongoDB URI must match this spec: #{MONGODB_URI_SPEC}"
+      unless matches = MONGODB_URI_MATCHER.match(uri_without_protocol)
+        raise MongoArgumentError,
+          "MongoDB URI must match this spec: #{MONGODB_URI_SPEC}"
       end
 
-      uname    = matches[2]
-      pwd      = matches[3]
-      hosturis = matches[4].split(',')
-      @db      = matches[8]
-
-      hosturis.each do |hosturi|
-        # If port is present, use it, otherwise use default port
-        host, port = hosturi.split(':') + [MongoClient::DEFAULT_PORT]
+      user_info = matches[2].split(':') if matches[2]
+      host_info = matches[3].split(',')
+      @db_name  = matches[8]
 
-        if !(port.to_s =~ /^\d+$/)
-          raise MongoArgumentError, "Invalid port #{port}; port must be specified as digits."
+      host_info.each do |host|
+        if host[0,1] == '['
+          host, port = host.split(']:') << MongoClient::DEFAULT_PORT
+          host = host.end_with?(']') ? host[1...-1] : host[1..-1]
+        else
+          host, port = host.split(':') << MongoClient::DEFAULT_PORT
         end
-
-        port = port.to_i
-        @nodes << [host, port]
+        unless port.to_s =~ /^\d+$/
+          raise MongoArgumentError,
+            "Invalid port #{port}; port must be specified as digits."
+        end
+        @nodes << [host, port.to_i]
       end
 
       if @nodes.empty?
-        raise MongoArgumentError, "No nodes specified. Please ensure that you've provided at least one node."
+        raise MongoArgumentError,
+          "No nodes specified. Please ensure that you've provided at " +
+          "least one node."
+      end
+
+      # no user info to parse, exit here
+      return unless user_info
+
+      # check for url encoding for username and password
+      username, password = user_info
+      if user_info.size > 2 ||
+         (username && username.include?('@')) ||
+         (password && password.include?('@'))
+
+        raise MongoArgumentError,
+          "The characters ':' and '@' in a username or password " +
+          "must be escaped (RFC 2396)."
       end
 
-      if uname && pwd && @db
-        auths << {
-          :db_name  => @db,
-          :username => URI.unescape(uname),
-          :password => URI.unescape(pwd)
-        }
-      elsif uname || pwd
-        raise MongoArgumentError, 'MongoDB URI must include username, ' +
-                                  'password, and db if username and ' +
-                                  'password are specified.'
+      # if username exists, proceed adding to auth set
+      unless username.nil? || username.empty?
+        auth = Authentication.validate_credentials({
+          :db_name   => @db_name,
+          :username  => URI.unescape(username),
+          :password  => password ? URI.unescape(password) : nil,
+          :source    => @authsource,
+          :mechanism => @authmechanism
+        })
+        @auths << auth
       end
     end
 
@@ -321,7 +333,7 @@ module Mongo
       return if string_opts.empty?
 
       if string_opts.include?(';') and string_opts.include?('&')
-        raise MongoArgumentError, "must not mix URL separators ; and &"
+        raise MongoArgumentError, 'must not mix URL separators ; and &'
       end
 
       opts = CGI.parse(string_opts).inject({}) do |memo, (key, value)|