Class: Mongo::Auth::User

Inherits:

Object

• Object
• Mongo::Auth::User

Includes:

Loggable

Defined in:

lib/mongo/auth/user.rb,
lib/mongo/auth/user/view.rb

Overview

Represents a user in MongoDB.

Since:

• 2.0.0

Defined Under Namespace

Classes: View

Constant Summary

Constants included from Loggable

Loggable::PREFIX

Instance Attribute Summary

• #auth_mech_properties ⇒ Hash readonly

  The authentication mechanism properties.

• #auth_source ⇒ String readonly

  The authorization source, either a database or external name.

• #database ⇒ String readonly

  The database the user is created in.

• #mechanism ⇒ Symbol readonly

  The authorization mechanism.

• #name ⇒ String readonly

  The username.

• #password ⇒ String readonly

  The cleartext password.

• #roles ⇒ Array<String> readonly

  Roles The user roles.

Class Method Summary

• .default_auth_source(options) ⇒ Object private

  Generate default auth source based on the URI and options.

Instance Method Summary

• #==(other) ⇒ true, false

  Determine if this user is equal to another.

• #auth_key(nonce) ⇒ String

  Get an authentication key for the user based on a nonce from the server.

• #encoded_name ⇒ String

  Get the UTF-8 encoded name with escaped special characters for use with SCRAM authorization.

• #hash ⇒ String

  Get the hash key for the user.

• #hashed_password ⇒ String

  Get the user’s hashed password for SCRAM-SHA-1.

• #initialize(options) ⇒ User constructor

  Create the new user.

• #options ⇒ Object private

  Loggable requires an options attribute.

• #sasl_prepped_password ⇒ Object private

  Get the user’s stringprepped password for SCRAM-SHA-256.

• #spec ⇒ Hash

  Get the specification for the user, used in creation.

Methods included from Loggable

#log_debug, #log_error, #log_fatal, #log_info, #log_warn, #logger

Constructor Details

#initialize(options) ⇒ User

Create the new user.

Examples:

Create a new user.

Mongo::Auth::User.new(options)

Parameters:

• options (Hash) —

  The options to create the user from.

Options Hash (options):

• :auth_source (String) —

  The authorization database or external source.

• :database (String) —

  The database the user is authorized for.

• :user (String) —

  The user name.

• :password (String) —

  The user’s password.

• :pwd (String) —

  Legacy option for the user’s password. If :password and :pwd are both specified, :password takes precedence.

• :auth_mech (Symbol) —

  The authorization mechanism.

• roles (Array<String>, Array<Hash>) —

  The user roles.

Since:

• 2.0.0

# File 'lib/mongo/auth/user.rb', line 158

def initialize(options)
  @database = options[:database] || Database::ADMIN
  @auth_source = options[:auth_source] || self.class.default_auth_source(options)
  @name = options[:user]
  @password = options[:password] || options[:pwd]
  @mechanism = options[:auth_mech]
  if @mechanism
    # Since the driver must select an authentication class for
    # the specified mechanism, mechanisms that the driver does not
    # know about, and cannot translate to an authentication class,
    # need to be rejected.
    unless @mechanism.is_a?(Symbol)
      # Although we documented auth_mech option as being a symbol, we
      # have not enforced this; warn, reject in lint mode
      if Lint.enabled?
        raise Error::LintError, "Auth mechanism #{@mechanism.inspect} must be specified as a symbol"
      end

      log_warn("Auth mechanism #{@mechanism.inspect} should be specified as a symbol")
      @mechanism = @mechanism.to_sym

    end
    raise InvalidMechanism.new(options[:auth_mech]) unless Auth::SOURCES.key?(@mechanism)
  end
  @auth_mech_properties = options[:auth_mech_properties] || {}
  @roles = options[:roles] || []
end

Instance Attribute Details

#auth_mech_properties ⇒ Hash (readonly)

Returns The authentication mechanism properties.

Returns:

• (Hash) —

  The authentication mechanism properties.

Since:

• 2.0.0

# File 'lib/mongo/auth/user.rb', line 35

def auth_mech_properties
  @auth_mech_properties
end

#auth_source ⇒ String (readonly)

Returns The authorization source, either a database or external name.

Returns:

• (String) —

  The authorization source, either a database or external name.

Since:

• 2.0.0

# File 'lib/mongo/auth/user.rb', line 29

def auth_source
  @auth_source
end

#database ⇒ String (readonly)

Returns The database the user is created in.

Returns:

• (String) —

  The database the user is created in.

Since:

• 2.0.0

# File 'lib/mongo/auth/user.rb', line 32

def database
  @database
end

#mechanism ⇒ Symbol (readonly)

Returns The authorization mechanism.

Returns:

• (Symbol) —

  The authorization mechanism.

Since:

• 2.0.0

# File 'lib/mongo/auth/user.rb', line 38

def mechanism
  @mechanism
end

#name ⇒ String (readonly)

Returns The username.

Returns:

• (String) —

  The username.

Since:

• 2.0.0

# File 'lib/mongo/auth/user.rb', line 41

def name
  @name
end

#password ⇒ String (readonly)

Returns The cleartext password.

Returns:

• (String) —

  The cleartext password.

Since:

• 2.0.0

# File 'lib/mongo/auth/user.rb', line 44

def password
  @password
end

#roles ⇒ Array<String> (readonly)

Returns roles The user roles.

Returns:

• (Array<String>) —

  roles The user roles.

Since:

• 2.0.0

# File 'lib/mongo/auth/user.rb', line 47

def roles
  @roles
end

Class Method Details

.default_auth_source(options) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Generate default auth source based on the URI and options

Since:

• 2.0.0

# File 'lib/mongo/auth/user.rb', line 203

def self.default_auth_source(options)
  case options[:auth_mech]
  when :aws, :gssapi, :mongodb_x509
    '$external'
  when :plain
    options[:database] || '$external'
  else
    options[:database] || Database::ADMIN
  end
end

Instance Method Details

#==(other) ⇒ true, false

Determine if this user is equal to another.

Examples:

Check user equality.

user == other

Parameters:

• other (Object) —

  The object to compare against.

Returns:

• (true, false) —

  If the objects are equal.

Since:

• 2.0.0

# File 'lib/mongo/auth/user.rb', line 67

def ==(other)
  return false unless other.is_a?(User)

  name == other.name && database == other.database && password == other.password
end

#auth_key(nonce) ⇒ String

Get an authentication key for the user based on a nonce from the server.

Examples:

Get the authentication key.

user.auth_key(nonce)

Parameters:

• nonce (String) —

  The response from the server.

Returns:

• (String) —

  The authentication key.

Since:

• 2.0.0

# File 'lib/mongo/auth/user.rb', line 84

def auth_key(nonce)
  Digest::MD5.hexdigest("#{nonce}#{name}#{hashed_password}")
end

#encoded_name ⇒ String

Get the UTF-8 encoded name with escaped special characters for use with SCRAM authorization.

Examples:

Get the encoded name.

user.encoded_name

Returns:

• (String) —

  The encoded user name.

Since:

• 2.0.0

# File 'lib/mongo/auth/user.rb', line 97

def encoded_name
  name.encode(BSON::UTF8).gsub('=', '=3D').gsub(',', '=2C')
end

#hash ⇒ String

Get the hash key for the user.

Examples:

Get the hash key.

user.hash

Returns:

• (String) —

  The user hash key.

Since:

• 2.0.0

# File 'lib/mongo/auth/user.rb', line 109

def hash
  [ name, database, password ].hash
end

#hashed_password ⇒ String

Get the user’s hashed password for SCRAM-SHA-1.

Examples:

Get the user’s hashed password.

user.hashed_password

Returns:

• (String) —

  The hashed password.

Raises:

• (Error::MissingPassword)

Since:

• 2.0.0

# File 'lib/mongo/auth/user.rb', line 121

def hashed_password
  raise Error::MissingPassword unless password

  @hashed_password ||= Digest::MD5.hexdigest("#{name}:mongo:#{password}").encode(BSON::UTF8)
end

#options ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Loggable requires an options attribute. We don’t have any options hence provide this as a stub.

Since:

• 2.0.0

# File 'lib/mongo/auth/user.rb', line 53

def options
  {}
end

#sasl_prepped_password ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Get the user’s stringprepped password for SCRAM-SHA-256.

Raises:

• (Error::MissingPassword)

Since:

• 2.0.0

# File 'lib/mongo/auth/user.rb', line 130

def sasl_prepped_password
  raise Error::MissingPassword unless password

  @sasl_prepped_password ||= StringPrep.prepare(password,
                                                StringPrep::Profiles::SASL::MAPPINGS,
                                                StringPrep::Profiles::SASL::PROHIBITED,
                                                normalize: true, bidi: true).encode(BSON::UTF8)
end

#spec ⇒ Hash

Get the specification for the user, used in creation.

Examples:

Get the user’s specification.

user.spec

Returns:

• (Hash) —

  The user spec.

Since:

• 2.0.0

# File 'lib/mongo/auth/user.rb', line 194

def spec
  { roles: roles }.tap do |spec|
    spec[:pwd] = password if password
  end
end