mongo 2.11.1 → 2.11.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 33db1e0c2cfe7d7de3da0fbc3b24deac1ab01c0ad3cfc07239616bda20bd3e21
-  data.tar.gz: 6923e1d8fff7313a7f1a5a73e5a23fcebc6fa9b2b3d083e7f7468928ff2d76f1
+  metadata.gz: d52eaac2e54a90b6aad27aa1ef965c67cb36d4ea61907092e867b40eac1f9539
+  data.tar.gz: c118c191fac15467052a316eadd13035ed43968af1e46bd50ea45e6ad4884900
 SHA512:
-  metadata.gz: 415ae16f9f26a04e7ed9d9d29f264f2632a8cfca230849a11152f8bc62a722aa4a7e600ca5db217e26e695ca2b270a54973bb9c339af67f1f3880c67ed917cc4
-  data.tar.gz: '058ec4695e331e142f99feee1a59082494ed91e80d55490985e8eee650f1d94ba767d581ea08180ccff18c93300642ea59ca91dc1fe44da6771fd4ca2a94d27f'
+  metadata.gz: f652bbcf6b01f172199d467953d8f0ab3b9bc83b2e790d87a2c2f3b3251e5c0139234cbe1c2a1fbb6791ab5bf18be001b9be271ef0a0a9bfa75f9d20be9441f5
+  data.tar.gz: 82a0273865415d0ce911b96a0f80fa59610539d23e8182acd706cade06226df0d9a5ca931a3ae1b05a6191e4d4e934cb713c232a67c4dcedb48d03cf696ed79b

checksums.yaml.gz.sig

@@ -1 +1,2 @@
-�̚�r��Ij���6A(���?��e�D�=�^����xA[u�g�+�4o(����s�(���!͠/f4T)Qa&'��󍃴a�	7�Fe��zP���m�@��v?���j89ד=�o#V?|�K�3a�R۩#���z6^Y�-Gm���Oc�O�s�(��u"����
+Vn��i�'P��zQ��il|��	)8i�=���:\ʜ���ڭ)��V)�8���uH2�����q8D�����k���u�s@��`:&V�2'0$ť'�aޒ@{j����gI�.}�Ո�Y~�y8~�>��QX-��)2�N��r�
+����E�Czꅚ	�n�,��y�ڋ�X��Ϊr4���]V�

data/Rakefile

@@ -34,6 +34,30 @@ namespace :spec do
     SpecSetup.new.run
   end
 
+  desc 'Waits for sessions to be available in the deployment'
+  task :wait_for_sessions do
+    $: << File.join(File.dirname(__FILE__), 'spec')
+
+    require 'support/utils'
+    require 'support/spec_config'
+    require 'support/client_registry'
+
+    client = ClientRegistry.instance.global_client('authorized')
+    client.database.command(ping: 1)
+    deadline = Time.now + 300
+    while Time.now < deadline
+      if client.cluster.send(:sessions_supported?)
+        break
+      end
+      sleep 1
+      client.close
+      client.reconnect
+    end
+    unless client.cluster.send(:sessions_supported?)
+      raise "Sessions did not become supported in the allowed time"
+    end
+  end
+
   desc 'Prints configuration used by the test suite'
   task :config do
     $: << File.join(File.dirname(__FILE__), 'spec')

data/lib/mongo/auth.rb

@@ -110,25 +110,45 @@ module Mongo
       # @param [ String ] used_mechanism Auth mechanism actually used for
       #   authentication. This is a full string like SCRAM-SHA-256.
       # @param [ String ] message The error message returned by the server.
+      # @param [ Server ] server The server instance that authentication
+      #   was attempted against.
       #
       # @since 2.0.0
-      def initialize(user, used_mechanism: nil, message: nil)
-        specified_mechanism = if user.mechanism
-          " (mechanism: #{user.mechanism})"
-        else
-          ''
+      def initialize(user, used_mechanism: nil, message: nil,
+        server: nil
+      )
+        configured_bits = []
+        used_bits = [
+          "auth source: #{user.auth_source}",
+        ]
+
+        if user.mechanism
+          configured_bits << "mechanism: #{user.mechanism}"
         end
-        used_mechanism = if used_mechanism
-          " (used mechanism: #{used_mechanism})"
-        else
-          ''
+
+        if used_mechanism
+          used_bits << "used mechanism: #{used_mechanism}"
+        end
+
+        if server
+          used_bits << "used server: #{server.address} (#{server.status})"
         end
+
         used_user = if user.mechanism == :mongodb_x509
           'Client certificate'
         else
           "User #{user.name}"
         end
-        msg = "#{used_user}#{specified_mechanism} is not authorized to access #{user.database} (auth source: #{user.auth_source})#{used_mechanism}"
+
+        if configured_bits.empty?
+          configured_bits = ''
+        else
+          configured_bits = " (#{configured_bits.join(', ')})"
+        end
+
+        used_bits = " (#{used_bits.join(', ')})"
+
+        msg = "#{used_user}#{configured_bits} is not authorized to access #{user.database}#{used_bits}"
         if message
           msg += ': ' + message
         end

data/lib/mongo/auth/cr.rb

@@ -23,6 +23,7 @@ module Mongo
     # @deprecated MONGODB-CR authentication mechanism is deprecated
     #   as of MongoDB 3.6. Support for it in the Ruby driver will be
     #   removed in driver version 3.0. Please use SCRAM instead.
+    # @api private
     class CR
 
       # The authentication mechinism string.

data/lib/mongo/auth/cr/conversation.rb

@@ -52,13 +52,14 @@ module Mongo
         #
         # @param [ Protocol::Message ] reply The reply of the previous
         #   message.
-        # @param [ Mongo::Server::Connection ] connection The connection being authenticated.
+        # @param [ Mongo::Server::Connection ] connection The connection being
+        #   authenticated.
         #
         # @return [ Protocol::Query ] The next message to send.
         #
         # @since 2.0.0
-        def continue(reply, connection = nil)
-          validate!(reply)
+        def continue(reply, connection)
+          validate!(reply, connection.server)
           if connection && connection.features.op_msg_enabled?
             selector = LOGIN.merge(user: user.name, nonce: nonce, key: user.auth_key(nonce))
             selector[Protocol::Msg::DATABASE_IDENTIFIER] = user.auth_source
@@ -78,29 +79,28 @@ module Mongo
         # Finalize the CR conversation. This is meant to be iterated until
         # the provided reply indicates the conversation is finished.
         #
-        # @example Finalize the conversation.
-        #   conversation.finalize(reply)
-        #
         # @param [ Protocol::Message ] reply The reply of the previous
         #   message.
+        # @param [ Server::Connection ] connection The connection being
+        #   authenticated.
         #
         # @return [ Protocol::Query ] The next message to send.
         #
         # @since 2.0.0
-        def finalize(reply, connection = nil)
-          validate!(reply)
+        def finalize(reply, connection)
+          validate!(reply, connection.server)
         end
 
         # Start the CR conversation. This returns the first message that
         # needs to be sent to the server.
         #
-        # @example Start the conversation.
-        #   conversation.start
+        # @param [ Server::Connection ] connection The connection being
+        #   authenticated.
         #
         # @return [ Protocol::Query ] The first CR conversation message.
         #
         # @since 2.0.0
-        def start(connection = nil)
+        def start(connection)
           if connection && connection.features.op_msg_enabled?
             selector = Auth::GET_NONCE.merge(Protocol::Msg::DATABASE_IDENTIFIER => user.auth_source)
             cluster_time = connection.mongos? && connection.cluster_time
@@ -129,9 +129,9 @@ module Mongo
 
         private
 
-        def validate!(reply)
+        def validate!(reply, server)
           if reply.documents[0][Operation::Result::OK] != 1
-            raise Unauthorized.new(user, used_mechanism: MECHANISM)
+            raise Unauthorized.new(user, used_mechanism: MECHANISM, server: server)
           end
           @nonce = reply.documents[0][Auth::NONCE]
           @reply = reply

data/lib/mongo/auth/ldap.rb

@@ -20,6 +20,7 @@ module Mongo
     # Defines behavior for LDAP Proxy authentication.
     #
     # @since 2.0.0
+    # @api private
     class LDAP
 
       # The authentication mechinism string.
@@ -56,7 +57,7 @@ module Mongo
         conversation = Conversation.new(user)
         reply = connection.dispatch([ conversation.start(connection) ])
         connection.update_cluster_time(Operation::Result.new(reply))
-        conversation.finalize(reply)
+        conversation.finalize(reply, connection)
       end
     end
   end

data/lib/mongo/auth/ldap/conversation.rb

@@ -37,31 +37,28 @@ module Mongo
         # Finalize the PLAIN conversation. This is meant to be iterated until
         # the provided reply indicates the conversation is finished.
         #
-        # @example Finalize the conversation.
-        #   conversation.finalize(reply)
-        #
         # @param [ Protocol::Message ] reply The reply of the previous
         #   message.
+        # @param [ Server::Connection ] connection The connection being
+        #   authenticated.
         #
         # @return [ Protocol::Query ] The next message to send.
         #
         # @since 2.0.0
-        def finalize(reply)
-          validate!(reply)
+        def finalize(reply, connection)
+          validate!(reply, connection.server)
         end
 
         # Start the PLAIN conversation. This returns the first message that
         # needs to be sent to the server.
         #
-        # @example Start the conversation.
-        #   conversation.start
-        #
-        # @param [ Mongo::Server::Connection ] connection The connection being authenticated.
+        # @param [ Server::Connection ] connection The connection being
+        #   authenticated.
         #
         # @return [ Protocol::Query ] The first PLAIN conversation message.
         #
         # @since 2.0.0
-        def start(connection = nil)
+        def start(connection)
           if connection && connection.features.op_msg_enabled?
             selector = LOGIN.merge(payload: payload, mechanism: LDAP::MECHANISM)
             selector[Protocol::Msg::DATABASE_IDENTIFIER] = Auth::EXTERNAL
@@ -96,9 +93,9 @@ module Mongo
           BSON::Binary.new("\x00#{user.name}\x00#{user.password}")
         end
 
-        def validate!(reply)
+        def validate!(reply, server)
           if reply.documents[0][Operation::Result::OK] != 1
-            raise Unauthorized.new(user, used_mechanism: MECHANISM)
+            raise Unauthorized.new(user, used_mechanism: MECHANISM, server: server)
           end
           @reply = reply
         end

data/lib/mongo/auth/scram.rb

@@ -20,6 +20,7 @@ module Mongo
     # Defines behavior for SCRAM authentication.
     #
     # @since 2.0.0
+    # @api private
     class SCRAM
 
       # The authentication mechanism string for SCRAM-SHA-1.

data/lib/mongo/auth/scram/conversation.rb

@@ -20,6 +20,7 @@ module Mongo
       # the client and server.
       #
       # @since 2.0.0
+      # @api private
       class Conversation
 
         # The base client continue message.
@@ -103,13 +104,14 @@ module Mongo
         #
         # @param [ Protocol::Message ] reply The reply of the previous
         #   message.
-        # @param [ Mongo::Server::Connection ] connection The connection being authenticated.
+        # @param [ Server::Connection ] connection The connection being
+        #   authenticated.
         #
-        # @return [ Protocol::Query ] The next message to send.
+        # @return [ Protocol::Message ] The next message to send.
         #
         # @since 2.0.0
-        def continue(reply, connection = nil)
-          validate_first_message!(reply)
+        def continue(reply, connection)
+          validate_first_message!(reply, connection.server)
 
           # The salted password needs to be calculated now; otherwise, if the
           # client key is cached from a previous authentication, the salt in the
@@ -118,7 +120,10 @@ module Mongo
           salted_password
 
           if connection && connection.features.op_msg_enabled?
-            selector = CLIENT_CONTINUE_MESSAGE.merge(payload: client_final_message, conversationId: id)
+            selector = CLIENT_CONTINUE_MESSAGE.merge(
+              payload: client_final_message,
+              conversationId: id,
+            )
             selector[Protocol::Msg::DATABASE_IDENTIFIER] = user.auth_source
             cluster_time = connection.mongos? && connection.cluster_time
             selector[Operation::CLUSTER_TIME] = cluster_time if cluster_time
@@ -127,8 +132,11 @@ module Mongo
             Protocol::Query.new(
               user.auth_source,
               Database::COMMAND,
-              CLIENT_CONTINUE_MESSAGE.merge(payload: client_final_message, conversationId: id),
-              limit: -1
+              CLIENT_CONTINUE_MESSAGE.merge(
+                payload: client_final_message,
+                conversationId: id,
+              ),
+              limit: -1,
             )
           end
         end
@@ -136,20 +144,20 @@ module Mongo
         # Finalize the SCRAM conversation. This is meant to be iterated until
         # the provided reply indicates the conversation is finished.
         #
-        # @example Finalize the conversation.
-        #   conversation.finalize(reply)
-        #
         # @param [ Protocol::Message ] reply The reply of the previous
         #   message.
-        # @param [ Mongo::Server::Connection ] connection The connection being authenticated.
+        # @param [ Server::Connection ] connection The connection being authenticated.
         #
         # @return [ Protocol::Query ] The next message to send.
         #
         # @since 2.0.0
-        def finalize(reply, connection = nil)
-          validate_final_message!(reply)
+        def finalize(reply, connection)
+          validate_final_message!(reply, connection.server)
           if connection && connection.features.op_msg_enabled?
-            selector = CLIENT_CONTINUE_MESSAGE.merge(payload: client_empty_message, conversationId: id)
+            selector = CLIENT_CONTINUE_MESSAGE.merge(
+              payload: client_empty_message,
+              conversationId: id,
+            )
             selector[Protocol::Msg::DATABASE_IDENTIFIER] = user.auth_source
             cluster_time = connection.mongos? && connection.cluster_time
             selector[Operation::CLUSTER_TIME] = cluster_time if cluster_time
@@ -158,8 +166,11 @@ module Mongo
             Protocol::Query.new(
               user.auth_source,
               Database::COMMAND,
-              CLIENT_CONTINUE_MESSAGE.merge(payload: client_empty_message, conversationId: id),
-              limit: -1
+              CLIENT_CONTINUE_MESSAGE.merge(
+                payload: client_empty_message,
+                conversationId: id,
+              ),
+              limit: -1,
             )
           end
         end
@@ -167,15 +178,12 @@ module Mongo
         # Start the SCRAM conversation. This returns the first message that
         # needs to be sent to the server.
         #
-        # @example Start the conversation.
-        #   conversation.start
-        #
-        # @param [ Mongo::Server::Connection ] connection The connection being authenticated.
+        # @param [ Server::Connection ] connection The connection being authenticated.
         #
         # @return [ Protocol::Query ] The first SCRAM conversation message.
         #
         # @since 2.0.0
-        def start(connection = nil)
+        def start(connection)
           if connection && connection.features.op_msg_enabled?
             selector = CLIENT_FIRST_MESSAGE.merge(
               payload: client_first_message, mechanism: full_mechanism)
@@ -189,7 +197,7 @@ module Mongo
               Database::COMMAND,
               CLIENT_FIRST_MESSAGE.merge(
                 payload: client_first_message, mechanism: full_mechanism),
-              limit: -1
+              limit: -1,
             )
           end
         end
@@ -505,23 +513,24 @@ module Mongo
           check == 0
         end
 
-        def validate_final_message!(reply)
-          validate!(reply)
+        def validate_final_message!(reply, server)
+          validate!(reply, server)
           unless compare_digest(verifier, server_signature)
             raise Error::InvalidSignature.new(verifier, server_signature)
           end
         end
 
-        def validate_first_message!(reply)
-          validate!(reply)
+        def validate_first_message!(reply, server)
+          validate!(reply, server)
           raise Error::InvalidNonce.new(nonce, rnonce) unless rnonce.start_with?(nonce)
         end
 
-        def validate!(reply)
+        def validate!(reply, server)
           if reply.documents[0][Operation::Result::OK] != 1
             raise Unauthorized.new(user,
               used_mechanism: full_mechanism,
               message: reply.documents[0]['errmsg'],
+              server: server,
             )
           end
           @reply = reply

data/lib/mongo/auth/x509.rb

@@ -20,6 +20,7 @@ module Mongo
     # Defines behavior for X.509 authentication.
     #
     # @since 2.0.0
+    # @api private
     class X509
 
       # The authentication mechinism string.
@@ -67,7 +68,7 @@ module Mongo
         conversation = Conversation.new(user)
         reply = connection.dispatch([ conversation.start(connection) ])
         connection.update_cluster_time(Operation::Result.new(reply))
-        conversation.finalize(reply)
+        conversation.finalize(reply, connection)
       end
     end
   end

data/lib/mongo/auth/x509/conversation.rb

@@ -42,26 +42,26 @@ module Mongo
         #
         # @param [ Protocol::Message ] reply The reply of the previous
         #   message.
+        # @param [ Server::Connection ] connection The connection being
+        #   authenticated.
         #
         # @return [ Protocol::Query ] The next message to send.
         #
         # @since 2.0.0
-        def finalize(reply)
-          validate!(reply)
+        def finalize(reply, connection)
+          validate!(reply, connection.server)
         end
 
         # Start the X.509 conversation. This returns the first message that
         # needs to be sent to the server.
         #
-        # @example Start the conversation.
-        #   conversation.start
-        #
-        # @param [ Mongo::Server::Connection ] connection The connection being authenticated.
+        # @param [ Server::Connection ] connection The connection being
+        #   authenticated.
         #
         # @return [ Protocol::Query ] The first X.509 conversation message.
         #
         # @since 2.0.0
-        def start(connection = nil)
+        def start(connection)
           login = LOGIN.merge(mechanism: X509::MECHANISM)
           login[:user] = user.name if user.name
           if connection && connection.features.op_msg_enabled?
@@ -103,9 +103,9 @@ module Mongo
 
         private
 
-        def validate!(reply)
+        def validate!(reply, server)
           if reply.documents[0][Operation::Result::OK] != 1
-            raise Unauthorized.new(user, used_mechanism: MECHANISM)
+            raise Unauthorized.new(user, used_mechanism: MECHANISM, server: server)
           end
           @reply = reply
         end