Class: Mongo::Auth::User

Inherits:
Object
  • Object
show all
Includes:
Loggable
Defined in:
lib/mongo/auth/user.rb,
lib/mongo/auth/user/view.rb

Overview

Represents a user in MongoDB.

Since:

  • 2.0.0

Defined Under Namespace

Classes: View

Constant Summary

Constants included from Loggable

Loggable::PREFIX

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Loggable

#log_debug, #log_error, #log_fatal, #log_info, #log_warn, #logger

Constructor Details

#initialize(options) ⇒ User

Create the new user.

Examples:

Create a new user.

Mongo::Auth::User.new(options)

Parameters:

  • options (Hash)

    The options to create the user from.

Options Hash (options):

  • :auth_source (String)

    The authorization database or external source.

  • :database (String)

    The database the user is authorized for.

  • :user (String)

    The user name.

  • :password (String)

    The user’s password.

  • :pwd (String)

    Legacy option for the user’s password. If :password and :pwd are both specified, :password takes precedence.

  • :auth_mech (Symbol)

    The authorization mechanism.

  • roles (Array<String>, Array<Hash>)

    The user roles.

Since:

  • 2.0.0



163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
 
# File 'lib/mongo/auth/user.rb', line 163

def initialize(options)
  @database = options[:database] || Database::ADMIN
  @auth_source = options[:auth_source] || self.class.default_auth_source(options)
  @name = options[:user]
  @password = options[:password] || options[:pwd]
  @mechanism = options[:auth_mech]
  if @mechanism
    # Since the driver must select an authentication class for
    # the specified mechanism, mechanisms that the driver does not
    # know about, and cannot translate to an authentication class,
    # need to be rejected.
    unless @mechanism.is_a?(Symbol)
      # Although we documented auth_mech option as being a symbol, we
      # have not enforced this; warn, reject in lint mode
      if Lint.enabled?
        raise Error::LintError, "Auth mechanism #{@mechanism.inspect} must be specified as a symbol"
      else
        log_warn("Auth mechanism #{@mechanism.inspect} should be specified as a symbol")
        @mechanism = @mechanism.to_sym
      end
    end
    unless Auth::SOURCES.key?(@mechanism)
      raise InvalidMechanism.new(options[:auth_mech])
    end
  end
  @auth_mech_properties = options[:auth_mech_properties] || {}
  @roles = options[:roles] || []
end

Instance Attribute Details

#auth_mech_propertiesHash (readonly)

Returns The authentication mechanism properties.

Returns:

  • (Hash)

    The authentication mechanism properties.

Since:

  • 2.0.0



37
38
39
 
# File 'lib/mongo/auth/user.rb', line 37

def auth_mech_properties
  @auth_mech_properties
end

#auth_sourceString (readonly)

Returns The authorization source, either a database or external name.

Returns:

  • (String)

    The authorization source, either a database or external name.

Since:

  • 2.0.0



31
32
33
 
# File 'lib/mongo/auth/user.rb', line 31

def auth_source
  @auth_source
end

#databaseString (readonly)

Returns The database the user is created in.

Returns:

  • (String)

    The database the user is created in.

Since:

  • 2.0.0



34
35
36
 
# File 'lib/mongo/auth/user.rb', line 34

def database
  @database
end

#mechanismSymbol (readonly)

Returns The authorization mechanism.

Returns:

  • (Symbol)

    The authorization mechanism.

Since:

  • 2.0.0



40
41
42
 
# File 'lib/mongo/auth/user.rb', line 40

def mechanism
  @mechanism
end

#nameString (readonly)

Returns The username.

Returns:

  • (String)

    The username.

Since:

  • 2.0.0



43
44
45
 
# File 'lib/mongo/auth/user.rb', line 43

def name
  @name
end

#passwordString (readonly)

Returns The cleartext password.

Returns:

  • (String)

    The cleartext password.

Since:

  • 2.0.0



46
47
48
 
# File 'lib/mongo/auth/user.rb', line 46

def password
  @password
end

#rolesArray<String> (readonly)

Returns roles The user roles.

Returns:

  • (Array<String>)

    roles The user roles.

Since:

  • 2.0.0



49
50
51
 
# File 'lib/mongo/auth/user.rb', line 49

def roles
  @roles
end

Instance Method Details

#==(other) ⇒ true, false

Determine if this user is equal to another.

Examples:

Check user equality.

user == other

Parameters:

  • other (Object)

    The object to compare against.

Returns:

  • (true, false)

    If the objects are equal.

Since:

  • 2.0.0



69
70
71
72
 
# File 'lib/mongo/auth/user.rb', line 69

def ==(other)
  return false unless other.is_a?(User)
  name == other.name && database == other.database && password == other.password
end

#auth_key(nonce) ⇒ String

Get an authentication key for the user based on a nonce from the server.

Examples:

Get the authentication key.

user.auth_key(nonce)

Parameters:

  • nonce (String)

    The response from the server.

Returns:

  • (String)

    The authentication key.

Since:

  • 2.0.0



85
86
87
 
# File 'lib/mongo/auth/user.rb', line 85

def auth_key(nonce)
  Digest::MD5.hexdigest("#{nonce}#{name}#{hashed_password}")
end

#encoded_nameString

Get the UTF-8 encoded name with escaped special characters for use with SCRAM authorization.

Examples:

Get the encoded name.

user.encoded_name

Returns:

  • (String)

    The encoded user name.

Since:

  • 2.0.0



98
99
100
 
# File 'lib/mongo/auth/user.rb', line 98

def encoded_name
  name.encode(BSON::UTF8).gsub('=','=3D').gsub(',','=2C')
end

#hashString

Get the hash key for the user.

Examples:

Get the hash key.

user.hash

Returns:

  • (String)

    The user hash key.

Since:

  • 2.0.0



110
111
112
 
# File 'lib/mongo/auth/user.rb', line 110

def hash
  [ name, database, password ].hash
end

#hashed_passwordString

Get the user’s hashed password for SCRAM-SHA-1.

Examples:

Get the user’s hashed password.

user.hashed_password

Returns:

  • (String)

    The hashed password.

Since:

  • 2.0.0



122
123
124
125
126
127
128
 
# File 'lib/mongo/auth/user.rb', line 122

def hashed_password
  unless password
    raise Error::MissingPassword
  end

  @hashed_password ||= Digest::MD5.hexdigest("#{name}:mongo:#{password}").encode(BSON::UTF8)
end

#optionsObject

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Loggable requires an options attribute. We don’t have any options hence provide this as a stub.

Since:

  • 2.0.0



55
56
57
 
# File 'lib/mongo/auth/user.rb', line 55

def options
  {}
end

#sasl_prepped_passwordObject

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Get the user’s stringprepped password for SCRAM-SHA-256.

Since:

  • 2.0.0



133
134
135
136
137
138
139
140
141
142
 
# File 'lib/mongo/auth/user.rb', line 133

def sasl_prepped_password
  unless password
    raise Error::MissingPassword
  end

  @sasl_prepped_password ||= StringPrep.prepare(password,
    StringPrep::Profiles::SASL::MAPPINGS,
    StringPrep::Profiles::SASL::PROHIBITED,
    normalize: true, bidi: true).encode(BSON::UTF8)
end

#specHash

Get the specification for the user, used in creation.

Examples:

Get the user’s specification.

user.spec

Returns:

  • (Hash)

    The user spec.

Since:

  • 2.0.0



200
201
202
203
204
205
206
 
# File 'lib/mongo/auth/user.rb', line 200

def spec
  {roles: roles}.tap do |spec|
    if password
      spec[:pwd] = password
    end
  end
end