mongo 2.7.2 → 2.8.0.rc0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 62add400ebd524931d5abfbd049bb386749820fb158a2fbbbc68290dc06422d6
-  data.tar.gz: 76fe35f188981942710738798c9f97422a5058e2b5bac3bbd4c73fdc38ce40d9
+  metadata.gz: 5c0c1dd6dd1ce8ec0ce98e4f038bb188a743d65b0fd45f42383e732b8a9fe6e0
+  data.tar.gz: 69a9fcd5c2284e95b7af207ae381bc5fb4b9a0d00d941b54bb7d86a126a62e70
 SHA512:
-  metadata.gz: 6d1530a695332219b809454e62e6b5422afea009a8ea2e4b32678e5763f663c07d839078e74b88d42d40fe32dea3b82760bf94f055ee72071e78f57eabe92771
-  data.tar.gz: 409a749f3d3bd253bf74bf3bb6fbe1573e158314f2579f34c2922f5154aa44b5a1ab509ab50f4da5978940682a9e4abe59137d4541d8225fc2bba5eef24491c6
+  metadata.gz: eb0c350dc452f0eb60656e0a2e6657e0002a7760de5bb3af7820af77876046f48bd7946e8d7d39a727dd80eda43e48656db52b941c2ab45ea6096ba826049a4d
+  data.tar.gz: d13ac4eec40c58e932f61fe5cb3f52259ca77a8ed08f079edf910927b9bb5e0c0ec77e0461374ab6c0f783726b1a5c7972e12c63c8a6d2eb46a6170a80543538

data.tar.gz.sig

@@ -1,3 +1 @@
-�\n�"���;��ۣ�H�I
-(�GIB�U"oS��8����x|�F}WG�H�-*Ĝr`
��f�%�R�M{Go_c'g
��˛�'u��?����5LxI�@�x�R<���TԤ���*h�>��.�Fd�*��{������$u~����E�mmE�@pE
-kRd���)C�&�q��CM*��K���?mܴن�1#K$f렸E��u�}6N�
+��zW�Y���MH{�zG.�vr�fτ#V���?�Y���b�;�86�o\z�E^����V�b��K=��:����G���壘s��yҌ�uA[݁XSG�Z9>�|�<
DZ�Ԍ~2�&�v2�Ȭf/p�n�������-�WLf
U�rl,�s_��h'nn����q�;7��vD#�0y}�j"r����H�Rj�N�8=4����YQ�@d#�ԉޮf��.�:��r�b�ӯ�Eʎ��ӗ,��j�_��

data/lib/mongo/address.rb

@@ -147,12 +147,15 @@ module Mongo
     #
     # @param [ Float ] socket_timeout The socket timeout.
     # @param [ Hash ] ssl_options SSL options.
+    # @param [ Hash ] options The options.
+    #
+    # @option options [ Float ] :connect_timeout Connect timeout.
     #
     # @return [ Mongo::Socket::SSL, Mongo::Socket::TCP, Mongo::Socket::Unix ] The socket.
     #
     # @since 2.0.0
-    def socket(socket_timeout, ssl_options = {})
-      create_resolver(ssl_options).socket(socket_timeout, ssl_options)
+    def socket(socket_timeout, ssl_options = {}, options = {})
+      create_resolver(ssl_options).socket(socket_timeout, ssl_options, options)
     end
 
     # Get the address as a string.
@@ -175,25 +178,17 @@ module Mongo
       end
     end
 
-    # Connect a socket.
-    #
-    # @example Connect a socket.
-    #   address.connect_socket!(socket)
-    #
-    # @since 2.4.3
-    def connect_socket!(socket)
-      socket.connect!(connect_timeout)
-    end
-
-    private
-
+    # @api private
     def connect_timeout
       @connect_timeout ||= @options[:connect_timeout] || Server::CONNECT_TIMEOUT
     end
 
-    # To determine which address the socket will connect to, the driver will attempt to connect to
-    # each IP address returned by Socket::getaddrinfo in sequence. Once a successful connection is
-    # made, a resolver with that IP address specified is returned. If no successful connection is
+    private
+
+    # To determine which address the socket will connect to, the driver will
+    # attempt to connect to each IP address returned by Socket::getaddrinfo in
+    # sequence. Once a successful connection is made, a resolver with that
+    # IP address specified is returned. If no successful connection is
     # made, the error made by the last connection attempt is raised.
     def create_resolver(ssl_options)
       return Unix.new(seed.downcase) if seed.downcase =~ Unix::MATCH
@@ -202,9 +197,11 @@ module Mongo
       error = nil
       ::Socket.getaddrinfo(host, nil, family, ::Socket::SOCK_STREAM).each do |info|
         begin
-          res = FAMILY_MAP[info[4]].new(info[3], port, host)
-          res.socket(connect_timeout, ssl_options).connect!(connect_timeout).close
-          return res
+          specific_address = FAMILY_MAP[info[4]].new(info[3], port, host)
+          socket = specific_address.socket(
+            connect_timeout, ssl_options, connect_timeout: connect_timeout)
+          socket.close
+          return specific_address
         rescue IOError, SystemCallError, Error::SocketTimeoutError, Error::SocketError => e
           error = e
         end

data/lib/mongo/address/ipv4.rb

@@ -79,15 +79,18 @@ module Mongo
       #
       # @param [ Float ] socket_timeout The socket timeout.
       # @param [ Hash ] ssl_options SSL options.
+      # @param [ Hash ] options The options.
+      #
+      # @option options [ Float ] :connect_timeout Connect timeout.
       #
       # @return [ Mongo::Socket::SSL, Mongo::Socket::TCP ] The socket.
       #
       # @since 2.0.0
-      def socket(socket_timeout, ssl_options = {})
+      def socket(socket_timeout, ssl_options = {}, options = {})
         unless ssl_options.empty?
-          Socket::SSL.new(host, port, host_name, socket_timeout, Socket::PF_INET, ssl_options)
+          Socket::SSL.new(host, port, host_name, socket_timeout, Socket::PF_INET, ssl_options.merge(options))
         else
-          Socket::TCP.new(host, port, socket_timeout, Socket::PF_INET)
+          Socket::TCP.new(host, port, socket_timeout, Socket::PF_INET, options)
         end
       end
     end

data/lib/mongo/address/ipv6.rb

@@ -95,15 +95,18 @@ module Mongo
       #
       # @param [ Float ] socket_timeout The socket timeout.
       # @param [ Hash ] ssl_options SSL options.
+      # @param [ Hash ] options The options.
+      #
+      # @option options [ Float ] :connect_timeout Connect timeout.
       #
       # @return [ Mongo::Socket::SSL, Mongo::Socket::TCP ] The socket.
       #
       # @since 2.0.0
-      def socket(socket_timeout, ssl_options = {})
+      def socket(socket_timeout, ssl_options = {}, options = {})
         unless ssl_options.empty?
-          Socket::SSL.new(host, port, host_name, socket_timeout, Socket::PF_INET6, ssl_options)
+          Socket::SSL.new(host, port, host_name, socket_timeout, Socket::PF_INET6, ssl_options.merge(options))
         else
-          Socket::TCP.new(host, port, socket_timeout, Socket::PF_INET6)
+          Socket::TCP.new(host, port, socket_timeout, Socket::PF_INET6, options)
         end
       end
     end

data/lib/mongo/address/unix.rb

@@ -64,12 +64,15 @@ module Mongo
       #
       # @param [ Float ] socket_timeout The socket timeout.
       # @param [ Hash ] ssl_options SSL options - ignored.
+      # @param [ Hash ] options The options.
+      #
+      # @option options [ Float ] :connect_timeout Connect timeout.
       #
       # @return [ Mongo::Socket::Unix ] The socket.
       #
       # @since 2.0.0
-      def socket(socket_timeout, ssl_options = {})
-        Socket::Unix.new(host, socket_timeout)
+      def socket(socket_timeout, ssl_options = {}, options = {})
+        Socket::Unix.new(host, socket_timeout, options)
       end
     end
   end

data/lib/mongo/auth.rb

@@ -102,10 +102,23 @@ module Mongo
       #   Mongo::Auth::Unauthorized.new(user)
       #
       # @param [ Mongo::Auth::User ] user The unauthorized user.
+      # @param [ String ] used_mechanism Auth mechanism actually used for
+      #   authentication. This is a full string like SCRAM-SHA-256.
       #
       # @since 2.0.0
-      def initialize(user)
-        super("User #{user.name} is not authorized to access #{user.database}.")
+      def initialize(user, used_mechanism = nil)
+        specified_mechanism = if user.mechanism
+          " (mechanism: #{user.mechanism})"
+        else
+          ''
+        end
+        used_mechanism = if used_mechanism
+          " (used mechanism: #{used_mechanism})"
+        else
+          ''
+        end
+        msg = "User #{user.name}#{specified_mechanism} is not authorized to access #{user.database}#{used_mechanism}"
+        super(msg)
       end
     end
   end

data/lib/mongo/auth/cr/conversation.rb

@@ -92,7 +92,7 @@ module Mongo
         end
 
         # Start the CR conversation. This returns the first message that
-        # needs to be send to the server.
+        # needs to be sent to the server.
         #
         # @example Start the conversation.
         #   conversation.start
@@ -130,7 +130,9 @@ module Mongo
         private
 
         def validate!(reply)
-          raise Unauthorized.new(user) if reply.documents[0][Operation::Result::OK] != 1
+          if reply.documents[0][Operation::Result::OK] != 1
+            raise Unauthorized.new(user, MECHANISM)
+          end
           @nonce = reply.documents[0][Auth::NONCE]
           @reply = reply
         end

data/lib/mongo/auth/ldap/conversation.rb

@@ -51,7 +51,7 @@ module Mongo
         end
 
         # Start the PLAIN conversation. This returns the first message that
-        # needs to be send to the server.
+        # needs to be sent to the server.
         #
         # @example Start the conversation.
         #   conversation.start
@@ -97,7 +97,9 @@ module Mongo
         end
 
         def validate!(reply)
-          raise Unauthorized.new(user) if reply.documents[0][Operation::Result::OK] != 1
+          if reply.documents[0][Operation::Result::OK] != 1
+            raise Unauthorized.new(user, MECHANISM)
+          end
           @reply = reply
         end
       end

data/lib/mongo/auth/scram.rb

@@ -32,7 +32,6 @@ module Mongo
       # @since 2.6.0
       SCRAM_SHA_256_MECHANISM = 'SCRAM-SHA-256'.freeze
 
-
       # Map the user-specified authentication mechanism to the proper names of the mechanisms.
       #
       # @since 2.6.0
@@ -62,16 +61,13 @@ module Mongo
       #   user.login(connection)
       #
       # @param [ Mongo::Connection ] connection The connection to log into.
-      #   on.
-      # @param [ String ] mechanism The auth mechanism to use (either 'SCRAM-SHA-1' or
-      #   'SCRAM-SHA-256');
       #
       # @return [ Protocol::Message ] The authentication response.
       #
       # @since 2.0.0
-      def login(connection, mechanism = nil)
-        mechanism ||= user.mechanism || :scram
-        conversation = Conversation.new(user, MECHANISMS[mechanism])
+      def login(connection)
+        mechanism = user.mechanism || :scram
+        conversation = Conversation.new(user, mechanism)
         reply = connection.dispatch([ conversation.start(connection) ])
         connection.update_cluster_time(Operation::Result.new(reply))
         reply = connection.dispatch([ conversation.continue(reply, connection) ])

data/lib/mongo/auth/scram/conversation.rb

@@ -19,8 +19,8 @@ module Mongo
   module Auth
     class SCRAM
 
-      # Defines behavior around a single SCRAM-SHA-1 conversation between the
-      # client and server.
+      # Defines behavior around a single SCRAM-SHA-1/256 conversation between
+      # the client and server.
       #
       # @since 2.0.0
       class Conversation
@@ -168,7 +168,7 @@ module Mongo
         end
 
         # Start the SCRAM conversation. This returns the first message that
-        # needs to be send to the server.
+        # needs to be sent to the server.
         #
         # @example Start the conversation.
         #   conversation.start
@@ -180,7 +180,8 @@ module Mongo
         # @since 2.0.0
         def start(connection = nil)
           if connection && connection.features.op_msg_enabled?
-            selector = CLIENT_FIRST_MESSAGE.merge(payload: client_first_message, mechanism: @mechanism)
+            selector = CLIENT_FIRST_MESSAGE.merge(
+              payload: client_first_message, mechanism: full_mechanism)
             selector[Protocol::Msg::DATABASE_IDENTIFIER] = user.auth_source
             cluster_time = connection.mongos? && connection.cluster_time
             selector[Operation::CLUSTER_TIME] = cluster_time if cluster_time
@@ -189,12 +190,17 @@ module Mongo
             Protocol::Query.new(
               user.auth_source,
               Database::COMMAND,
-              CLIENT_FIRST_MESSAGE.merge(payload: client_first_message, mechanism: @mechanism),
+              CLIENT_FIRST_MESSAGE.merge(
+                payload: client_first_message, mechanism: full_mechanism),
               limit: -1
             )
           end
         end
 
+        def full_mechanism
+          MECHANISMS[@mechanism]
+        end
+
         # Get the id of the conversation.
         #
         # @example Get the id of the conversation.
@@ -213,9 +219,14 @@ module Mongo
         #   Conversation.new(user, mechanism)
         #
         # @param [ Auth::User ] user The user to converse about.
+        # @param [ Symbol ] mechanism Authentication mechanism.
         #
         # @since 2.0.0
         def initialize(user, mechanism)
+          unless [:scram, :scram256].include?(mechanism)
+            raise InvalidMechanism.new(mechanism)
+          end
+
           @user = user
           @nonce = SecureRandom.base64
           @client_key = user.send(:client_key)
@@ -343,7 +354,7 @@ module Mongo
         # @since 2.0.0
         def hi(data)
           case @mechanism
-          when SCRAM::SCRAM_SHA_256_MECHANISM
+          when :scram256
             OpenSSL::PKCS5.pbkdf2_hmac(
               data,
               Base64.strict_decode64(salt),
@@ -381,7 +392,7 @@ module Mongo
           @iterations ||= payload_data.match(ITERATIONS)[1].to_i.tap do |i|
             if i < MIN_ITER_COUNT
               raise Error::InsufficientIterationCount.new(
-                Error::InsufficientIterationCount.message(MIN_ITER_COUNT, 1))
+                Error::InsufficientIterationCount.message(MIN_ITER_COUNT, i))
             end
           end
         end
@@ -421,7 +432,12 @@ module Mongo
         #
         # @since 2.0.0
         def salted_password
-          @salted_password ||= hi(hashed_password)
+          @salted_password ||= case @mechanism
+          when :scram256
+            hi(user.sasl_prepped_password)
+          else
+            hi(user.hashed_password)
+          end
         end
 
         # Server key algorithm implementation.
@@ -505,24 +521,17 @@ module Mongo
         end
 
         def validate!(reply)
-          raise Unauthorized.new(user) unless reply.documents[0][Operation::Result::OK] == 1
+          if reply.documents[0][Operation::Result::OK] != 1
+            raise Unauthorized.new(user, full_mechanism)
+          end
           @reply = reply
         end
 
         private
 
-        def hashed_password
-          case @mechanism
-          when SCRAM::SCRAM_SHA_256_MECHANISM
-            user.sasl_prepped_hashed_password
-          else
-            user.hashed_password
-          end
-        end
-
         def digest
           @digest ||= case @mechanism
-                      when SCRAM::SCRAM_SHA_256_MECHANISM
+                      when :scram256
                         OpenSSL::Digest::SHA256.new.freeze
                       else
                         OpenSSL::Digest::SHA1.new.freeze

data/lib/mongo/auth/user.rb

@@ -21,6 +21,7 @@ module Mongo
     #
     # @since 2.0.0
     class User
+      include Loggable
 
       # @return [ String ] The authorization source, either a database or
       #   external name.
@@ -44,6 +45,14 @@ module Mongo
       # @return [ Array<String> ] roles The user roles.
       attr_reader :roles
 
+      # Loggable requires an options attribute. We don't have any options
+      # hence provide this as a stub.
+      #
+      # @api private
+      def options
+        {}
+      end
+
       # Determine if this user is equal to another.
       #
       # @example Check user equality.
@@ -99,7 +108,7 @@ module Mongo
         [ name, database, password ].hash
       end
 
-      # Get the user's hashed password.
+      # Get the user's hashed password for SCRAM-SHA-1.
       #
       # @example Get the user's hashed password.
       #   user.hashed_password
@@ -108,11 +117,25 @@ module Mongo
       #
       # @since 2.0.0
       def hashed_password
+        unless password
+          raise Error::MissingPassword
+        end
+
         @hashed_password ||= Digest::MD5.hexdigest("#{name}:mongo:#{password}").encode(BSON::UTF8)
       end
 
-      def sasl_prepped_hashed_password
-        @sasl_prepped_hashed_password ||= sasl_prepped_password.encode(BSON::UTF8)
+      # Get the user's stringprepped password for SCRAM-SHA-256.
+      #
+      # @api private
+      def sasl_prepped_password
+        unless password
+          raise Error::MissingPassword
+        end
+
+        @sasl_prepped_password ||= StringPrep.prepare(password,
+          StringPrep::Profiles::SASL::MAPPINGS,
+          StringPrep::Profiles::SASL::PROHIBITED,
+          normalize: true, bidi: true).encode(BSON::UTF8)
       end
 
       # Create the new user.
@@ -140,6 +163,25 @@ module Mongo
         @name = options[:user]
         @password = options[:password] || options[:pwd]
         @mechanism = options[:auth_mech]
+        if @mechanism
+          # Since the driver must select an authentication class for
+          # the specified mechanism, mechanisms that the driver does not
+          # know about, and cannot translate to an authentication class,
+          # need to be rejected.
+          unless @mechanism.is_a?(Symbol)
+            # Although we documented auth_mech option as being a symbol, we
+            # have not enforced this; warn, reject in lint mode
+            if Lint.enabled?
+              raise Error::LintError, "Auth mechanism #{@mechanism.inspect} must be specified as a symbol"
+            else
+              log_warn("Auth mechanism #{@mechanism.inspect} should be specified as a symbol")
+              @mechanism = @mechanism.to_sym
+            end
+          end
+          unless Auth::SOURCES.key?(@mechanism)
+            raise InvalidMechanism.new(options[:auth_mech])
+          end
+        end
         @auth_mech_properties = options[:auth_mech_properties] || {}
         @roles = options[:roles] || []
         @client_key = options[:client_key]
@@ -159,13 +201,6 @@ module Mongo
 
       private
 
-      def sasl_prepped_password
-        StringPrep.prepare(password,
-                           StringPrep::Profiles::SASL::MAPPINGS,
-                           StringPrep::Profiles::SASL::PROHIBITED,
-                           normalize: true, bidi: true)
-      end
-
       # The client key for the user.
       #
       # @return [ String ] The client key for the user.