mongodb 3.2.5 → 3.3.0-beta2

package/lib/command_cursor.js

@@ -1,11 +1,12 @@
 'use strict';
 
 const inherits = require('util').inherits;
-const ReadPreference = require('mongodb-core').ReadPreference;
-const MongoError = require('mongodb-core').MongoError;
+const ReadPreference = require('./core').ReadPreference;
+const MongoError = require('./core').MongoError;
 const Readable = require('stream').Readable;
 const CoreCursor = require('./cursor');
 const SUPPORTS = require('./utils').SUPPORTS;
+const MongoDBNamespace = require('./utils').MongoDBNamespace;
 
 /**
  * @fileOverview The **CommandCursor** class is an internal class that embodies a
@@ -54,10 +55,12 @@ const SUPPORTS = require('./utils').SUPPORTS;
  * @fires CommandCursor#readable
  * @return {CommandCursor} an CommandCursor instance.
  */
-var CommandCursor = function(bson, ns, cmd, options, topology, topologyOptions) {
+var CommandCursor = function(topology, ns, cmd, options) {
   CoreCursor.apply(this, Array.prototype.slice.call(arguments, 0));
   var state = CommandCursor.INIT;
   var streamOptions = {};
+  const bson = topology.s.bson;
+  const topologyOptions = topology.s.options;
 
   // MaxTimeMS
   var maxTimeMS = null;
@@ -79,7 +82,7 @@ var CommandCursor = function(bson, ns, cmd, options, topology, topologyOptions)
     // BSON
     bson: bson,
     // Namespace
-    ns: ns,
+    namespace: MongoDBNamespace.fromString(ns),
     // Command
     cmd: cmd,
     // Options
@@ -95,6 +98,13 @@ var CommandCursor = function(bson, ns, cmd, options, topology, topologyOptions)
   };
 };
 
+Object.defineProperty(CommandCursor.prototype, 'namespace', {
+  enumerable: true,
+  get: function() {
+    return this.s.namespace.toString();
+  }
+});
+
 /**
  * CommandCursor stream data event, fired for each document in the cursor.
  *
@@ -142,14 +152,14 @@ var methodsToInherit = [
   'kill',
   'setCursorBatchSize',
   '_find',
-  '_getmore',
+  '_initializeCursor',
+  '_getMore',
   '_killcursor',
   'isDead',
   'explain',
   'isNotified',
   'isKilled',
-  '_endSession',
-  '_initImplicitSession'
+  '_endSession'
 ];
 
 // Only inherit the types we need

package/lib/core/auth/auth_provider.js

@@ -0,0 +1,158 @@
+'use strict';
+
+const MongoError = require('../error').MongoError;
+
+/**
+ * Creates a new AuthProvider, which dictates how to authenticate for a given
+ * mechanism.
+ * @class
+ */
+class AuthProvider {
+  constructor(bson) {
+    this.bson = bson;
+    this.authStore = [];
+  }
+
+  /**
+   * Authenticate
+   * @method
+   * @param {SendAuthCommand} sendAuthCommand Writes an auth command directly to a specific connection
+   * @param {Connection[]} connections Connections to authenticate using this authenticator
+   * @param {MongoCredentials} credentials Authentication credentials
+   * @param {authResultCallback} callback The callback to return the result from the authentication
+   */
+  auth(sendAuthCommand, connections, credentials, callback) {
+    // Total connections
+    let count = connections.length;
+
+    if (count === 0) {
+      callback(null, null);
+      return;
+    }
+
+    // Valid connections
+    let numberOfValidConnections = 0;
+    let errorObject = null;
+
+    const execute = connection => {
+      this._authenticateSingleConnection(sendAuthCommand, connection, credentials, (err, r) => {
+        // Adjust count
+        count = count - 1;
+
+        // If we have an error
+        if (err) {
+          errorObject = new MongoError(err);
+        } else if (r && (r.$err || r.errmsg)) {
+          errorObject = new MongoError(r);
+        } else {
+          numberOfValidConnections = numberOfValidConnections + 1;
+        }
+
+        // Still authenticating against other connections.
+        if (count !== 0) {
+          return;
+        }
+
+        // We have authenticated all connections
+        if (numberOfValidConnections > 0) {
+          // Store the auth details
+          this.addCredentials(credentials);
+          // Return correct authentication
+          callback(null, true);
+        } else {
+          if (errorObject == null) {
+            errorObject = new MongoError(`failed to authenticate using ${credentials.mechanism}`);
+          }
+          callback(errorObject, false);
+        }
+      });
+    };
+
+    const executeInNextTick = _connection => process.nextTick(() => execute(_connection));
+
+    // For each connection we need to authenticate
+    while (connections.length > 0) {
+      executeInNextTick(connections.shift());
+    }
+  }
+
+  /**
+   * Implementation of a single connection authenticating. Is meant to be overridden.
+   * Will error if called directly
+   * @ignore
+   */
+  _authenticateSingleConnection(/*sendAuthCommand, connection, credentials, callback*/) {
+    throw new Error('_authenticateSingleConnection must be overridden');
+  }
+
+  /**
+   * Adds credentials to store only if it does not exist
+   * @param {MongoCredentials} credentials credentials to add to store
+   */
+  addCredentials(credentials) {
+    const found = this.authStore.some(cred => cred.equals(credentials));
+
+    if (!found) {
+      this.authStore.push(credentials);
+    }
+  }
+
+  /**
+   * Re authenticate pool
+   * @method
+   * @param {SendAuthCommand} sendAuthCommand Writes an auth command directly to a specific connection
+   * @param {Connection[]} connections Connections to authenticate using this authenticator
+   * @param {authResultCallback} callback The callback to return the result from the authentication
+   */
+  reauthenticate(sendAuthCommand, connections, callback) {
+    const authStore = this.authStore.slice(0);
+    let count = authStore.length;
+    if (count === 0) {
+      return callback(null, null);
+    }
+
+    for (let i = 0; i < authStore.length; i++) {
+      this.auth(sendAuthCommand, connections, authStore[i], function(err) {
+        count = count - 1;
+        if (count === 0) {
+          callback(err, null);
+        }
+      });
+    }
+  }
+
+  /**
+   * Remove credentials that have been previously stored in the auth provider
+   * @method
+   * @param {string} source Name of database we are removing authStore details about
+   * @return {object}
+   */
+  logout(source) {
+    this.authStore = this.authStore.filter(credentials => credentials.source !== source);
+  }
+}
+
+/**
+ * A function that writes authentication commands to a specific connection
+ * @callback SendAuthCommand
+ * @param {Connection} connection The connection to write to
+ * @param {Command} command A command with a toBin method that can be written to a connection
+ * @param {AuthWriteCallback} callback Callback called when command response is received
+ */
+
+/**
+ * A callback for a specific auth command
+ * @callback AuthWriteCallback
+ * @param {Error} err If command failed, an error from the server
+ * @param {object} r The response from the server
+ */
+
+/**
+ * This is a result from an authentication strategy
+ *
+ * @callback authResultCallback
+ * @param {error} error An error object. Set to null if no error present
+ * @param {boolean} result The result of the authentication process
+ */
+
+module.exports = { AuthProvider };

package/lib/core/auth/defaultAuthProviders.js

@@ -0,0 +1,29 @@
+'use strict';
+
+const MongoCR = require('./mongocr');
+const X509 = require('./x509');
+const Plain = require('./plain');
+const GSSAPI = require('./gssapi');
+const SSPI = require('./sspi');
+const ScramSHA1 = require('./scram').ScramSHA1;
+const ScramSHA256 = require('./scram').ScramSHA256;
+
+/**
+ * Returns the default authentication providers.
+ *
+ * @param {BSON} bson Bson definition
+ * @returns {Object} a mapping of auth names to auth types
+ */
+function defaultAuthProviders(bson) {
+  return {
+    mongocr: new MongoCR(bson),
+    x509: new X509(bson),
+    plain: new Plain(bson),
+    gssapi: new GSSAPI(bson),
+    sspi: new SSPI(bson),
+    'scram-sha-1': new ScramSHA1(bson),
+    'scram-sha-256': new ScramSHA256(bson)
+  };
+}
+
+module.exports = { defaultAuthProviders };

package/lib/core/auth/gssapi.js

@@ -0,0 +1,241 @@
+'use strict';
+
+const AuthProvider = require('./auth_provider').AuthProvider;
+const retrieveKerberos = require('../utils').retrieveKerberos;
+let kerberos;
+
+/**
+ * Creates a new GSSAPI authentication mechanism
+ * @class
+ * @extends AuthProvider
+ */
+class GSSAPI extends AuthProvider {
+  /**
+   * Implementation of authentication for a single connection
+   * @override
+   */
+  _authenticateSingleConnection(sendAuthCommand, connection, credentials, callback) {
+    const source = credentials.source;
+    const username = credentials.username;
+    const password = credentials.password;
+    const mechanismProperties = credentials.mechanismProperties;
+    const gssapiServiceName =
+      mechanismProperties['gssapiservicename'] ||
+      mechanismProperties['gssapiServiceName'] ||
+      'mongodb';
+
+    GSSAPIInitialize(
+      this,
+      kerberos.processes.MongoAuthProcess,
+      source,
+      username,
+      password,
+      source,
+      gssapiServiceName,
+      sendAuthCommand,
+      connection,
+      mechanismProperties,
+      callback
+    );
+  }
+
+  /**
+   * Authenticate
+   * @override
+   * @method
+   */
+  auth(sendAuthCommand, connections, credentials, callback) {
+    if (kerberos == null) {
+      try {
+        kerberos = retrieveKerberos();
+      } catch (e) {
+        return callback(e, null);
+      }
+    }
+
+    super.auth(sendAuthCommand, connections, credentials, callback);
+  }
+}
+
+//
+// Initialize step
+var GSSAPIInitialize = function(
+  self,
+  MongoAuthProcess,
+  db,
+  username,
+  password,
+  authdb,
+  gssapiServiceName,
+  sendAuthCommand,
+  connection,
+  options,
+  callback
+) {
+  // Create authenticator
+  var mongo_auth_process = new MongoAuthProcess(
+    connection.host,
+    connection.port,
+    gssapiServiceName,
+    options
+  );
+
+  // Perform initialization
+  mongo_auth_process.init(username, password, function(err) {
+    if (err) return callback(err, false);
+
+    // Perform the first step
+    mongo_auth_process.transition('', function(err, payload) {
+      if (err) return callback(err, false);
+
+      // Call the next db step
+      MongoDBGSSAPIFirstStep(
+        self,
+        mongo_auth_process,
+        payload,
+        db,
+        username,
+        password,
+        authdb,
+        sendAuthCommand,
+        connection,
+        callback
+      );
+    });
+  });
+};
+
+//
+// Perform first step against mongodb
+var MongoDBGSSAPIFirstStep = function(
+  self,
+  mongo_auth_process,
+  payload,
+  db,
+  username,
+  password,
+  authdb,
+  sendAuthCommand,
+  connection,
+  callback
+) {
+  // Build the sasl start command
+  var command = {
+    saslStart: 1,
+    mechanism: 'GSSAPI',
+    payload: payload,
+    autoAuthorize: 1
+  };
+
+  // Write the commmand on the connection
+  sendAuthCommand(connection, '$external.$cmd', command, (err, doc) => {
+    if (err) return callback(err, false);
+    // Execute mongodb transition
+    mongo_auth_process.transition(doc.payload, function(err, payload) {
+      if (err) return callback(err, false);
+
+      // MongoDB API Second Step
+      MongoDBGSSAPISecondStep(
+        self,
+        mongo_auth_process,
+        payload,
+        doc,
+        db,
+        username,
+        password,
+        authdb,
+        sendAuthCommand,
+        connection,
+        callback
+      );
+    });
+  });
+};
+
+//
+// Perform first step against mongodb
+var MongoDBGSSAPISecondStep = function(
+  self,
+  mongo_auth_process,
+  payload,
+  doc,
+  db,
+  username,
+  password,
+  authdb,
+  sendAuthCommand,
+  connection,
+  callback
+) {
+  // Build Authentication command to send to MongoDB
+  var command = {
+    saslContinue: 1,
+    conversationId: doc.conversationId,
+    payload: payload
+  };
+
+  // Execute the command
+  // Write the commmand on the connection
+  sendAuthCommand(connection, '$external.$cmd', command, (err, doc) => {
+    if (err) return callback(err, false);
+    // Call next transition for kerberos
+    mongo_auth_process.transition(doc.payload, function(err, payload) {
+      if (err) return callback(err, false);
+
+      // Call the last and third step
+      MongoDBGSSAPIThirdStep(
+        self,
+        mongo_auth_process,
+        payload,
+        doc,
+        db,
+        username,
+        password,
+        authdb,
+        sendAuthCommand,
+        connection,
+        callback
+      );
+    });
+  });
+};
+
+var MongoDBGSSAPIThirdStep = function(
+  self,
+  mongo_auth_process,
+  payload,
+  doc,
+  db,
+  username,
+  password,
+  authdb,
+  sendAuthCommand,
+  connection,
+  callback
+) {
+  // Build final command
+  var command = {
+    saslContinue: 1,
+    conversationId: doc.conversationId,
+    payload: payload
+  };
+
+  // Execute the command
+  sendAuthCommand(connection, '$external.$cmd', command, (err, r) => {
+    if (err) return callback(err, false);
+    mongo_auth_process.transition(null, function(err) {
+      if (err) return callback(err, null);
+      callback(null, r);
+    });
+  });
+};
+
+/**
+ * This is a result from a authentication strategy
+ *
+ * @callback authResultCallback
+ * @param {error} error An error object. Set to null if no error present
+ * @param {boolean} result The result of the authentication process
+ */
+
+module.exports = GSSAPI;

package/lib/core/auth/mongo_credentials.js

@@ -0,0 +1,81 @@
+'use strict';
+
+// Resolves the default auth mechanism according to
+// https://github.com/mongodb/specifications/blob/master/source/auth/auth.rst
+function getDefaultAuthMechanism(ismaster) {
+  if (ismaster) {
+    // If ismaster contains saslSupportedMechs, use scram-sha-256
+    // if it is available, else scram-sha-1
+    if (Array.isArray(ismaster.saslSupportedMechs)) {
+      return ismaster.saslSupportedMechs.indexOf('SCRAM-SHA-256') >= 0
+        ? 'scram-sha-256'
+        : 'scram-sha-1';
+    }
+
+    // Fallback to legacy selection method. If wire version >= 3, use scram-sha-1
+    if (ismaster.maxWireVersion >= 3) {
+      return 'scram-sha-1';
+    }
+  }
+
+  // Default for wireprotocol < 3
+  return 'mongocr';
+}
+
+/**
+ * A representation of the credentials used by MongoDB
+ * @class
+ * @property {string} mechanism The method used to authenticate
+ * @property {string} [username] The username used for authentication
+ * @property {string} [password] The password used for authentication
+ * @property {string} [source] The database that the user should authenticate against
+ * @property {object} [mechanismProperties] Special properties used by some types of auth mechanisms
+ */
+class MongoCredentials {
+  /**
+   * Creates a new MongoCredentials object
+   * @param {object} [options]
+   * @param {string} [options.username] The username used for authentication
+   * @param {string} [options.password] The password used for authentication
+   * @param {string} [options.source] The database that the user should authenticate against
+   * @param {string} [options.mechanism] The method used to authenticate
+   * @param {object} [options.mechanismProperties] Special properties used by some types of auth mechanisms
+   */
+  constructor(options) {
+    options = options || {};
+    this.username = options.username;
+    this.password = options.password;
+    this.source = options.source || options.db;
+    this.mechanism = options.mechanism || 'default';
+    this.mechanismProperties = options.mechanismProperties;
+  }
+
+  /**
+   * Determines if two MongoCredentials objects are equivalent
+   * @param {MongoCredentials} other another MongoCredentials object
+   * @returns {boolean} true if the two objects are equal.
+   */
+  equals(other) {
+    return (
+      this.mechanism === other.mechanism &&
+      this.username === other.username &&
+      this.password === other.password &&
+      this.source === other.source
+    );
+  }
+
+  /**
+   * If the authentication mechanism is set to "default", resolves the authMechanism
+   * based on the server version and server supported sasl mechanisms.
+   *
+   * @param {Object} [ismaster] An ismaster response from the server
+   */
+  resolveAuthMechanism(ismaster) {
+    // If the mechanism is not "default", then it does not need to be resolved
+    if (this.mechanism.toLowerCase() === 'default') {
+      this.mechanism = getDefaultAuthMechanism(ismaster);
+    }
+  }
+}
+
+module.exports = { MongoCredentials };

package/lib/core/auth/mongocr.js

@@ -0,0 +1,51 @@
+'use strict';
+
+const crypto = require('crypto');
+const AuthProvider = require('./auth_provider').AuthProvider;
+
+/**
+ * Creates a new MongoCR authentication mechanism
+ *
+ * @extends AuthProvider
+ */
+class MongoCR extends AuthProvider {
+  /**
+   * Implementation of authentication for a single connection
+   * @override
+   */
+  _authenticateSingleConnection(sendAuthCommand, connection, credentials, callback) {
+    const username = credentials.username;
+    const password = credentials.password;
+    const source = credentials.source;
+
+    sendAuthCommand(connection, `${source}.$cmd`, { getnonce: 1 }, (err, r) => {
+      let nonce = null;
+      let key = null;
+
+      // Get nonce
+      if (err == null) {
+        nonce = r.nonce;
+        // Use node md5 generator
+        let md5 = crypto.createHash('md5');
+        // Generate keys used for authentication
+        md5.update(username + ':mongo:' + password, 'utf8');
+        const hash_password = md5.digest('hex');
+        // Final key
+        md5 = crypto.createHash('md5');
+        md5.update(nonce + username + hash_password, 'utf8');
+        key = md5.digest('hex');
+      }
+
+      const authenticateCommand = {
+        authenticate: 1,
+        user: username,
+        nonce,
+        key
+      };
+
+      sendAuthCommand(connection, `${source}.$cmd`, authenticateCommand, callback);
+    });
+  }
+}
+
+module.exports = MongoCR;

package/lib/core/auth/plain.js

@@ -0,0 +1,35 @@
+'use strict';
+
+const retrieveBSON = require('../connection/utils').retrieveBSON;
+const AuthProvider = require('./auth_provider').AuthProvider;
+
+// TODO: can we get the Binary type from this.bson instead?
+const BSON = retrieveBSON();
+const Binary = BSON.Binary;
+
+/**
+ * Creates a new Plain authentication mechanism
+ *
+ * @extends AuthProvider
+ */
+class Plain extends AuthProvider {
+  /**
+   * Implementation of authentication for a single connection
+   * @override
+   */
+  _authenticateSingleConnection(sendAuthCommand, connection, credentials, callback) {
+    const username = credentials.username;
+    const password = credentials.password;
+    const payload = new Binary(`\x00${username}\x00${password}`);
+    const command = {
+      saslStart: 1,
+      mechanism: 'PLAIN',
+      payload: payload,
+      autoAuthorize: 1
+    };
+
+    sendAuthCommand(connection, '$external.$cmd', command, callback);
+  }
+}
+
+module.exports = Plain;