RUBY-890 Auth refactor

estolfo · estolfo · commit 66d84a66954f · 2015-04-14T11:05:24.000+01:00
diff --git a/lib/mongo/auth.rb b/lib/mongo/auth.rb
@@ -12,7 +12,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require 'mongo/auth/executable'
 require 'mongo/auth/cr'
 require 'mongo/auth/ldap'
 require 'mongo/auth/scram'
diff --git a/lib/mongo/auth/cr.rb b/lib/mongo/auth/cr.rb
@@ -21,7 +21,21 @@ module Auth
     #
     # @since 2.0.0
     class CR
-      include Executable
+
+      # @return [ Mongo::Auth::User ] The user to authenticate.
+      attr_reader :user
+
+      # Instantiate a new authenticator.
+      #
+      # @example Create the authenticator.
+      #   Mongo::Auth::X509.new(user)
+      #
+      # @param [ Mongo::Auth::User ] user The user to authenticate.
+      #
+      # @since 2.0.0
+      def initialize(user)
+        @user = user
+      end
 
       # Log the user in on the given connection.
       #
@@ -39,6 +53,19 @@ def login(connection)
         reply = connection.dispatch([ conversation.continue(reply) ])
         conversation.finalize(reply)
       end
+
+      private
+
+      # If we are on MongoDB 2.6 and higher, we *always* authorize against the
+      # admin database. Otherwise for 2.4 and lower we authorize against the
+      # auth source provided. The logic for that is encapsulated in the User class.
+      def auth_database(connection)
+        if connection.features.write_command_enabled?
+          Database::ADMIN
+        else
+          user.auth_source
+        end
+      end
     end
   end
 end
diff --git a/lib/mongo/auth/executable.rb b/lib/mongo/auth/executable.rb
diff --git a/lib/mongo/auth/ldap.rb b/lib/mongo/auth/ldap.rb
@@ -21,13 +21,26 @@ module Auth
     #
     # @since 2.0.0
     class LDAP
-      include Executable
 
       # The authentication mechinism string.
       #
       # @since 2.0.0
       MECHANISM = 'PLAIN'.freeze
 
+      # @return [ Mongo::Auth::User ] The user to authenticate.
+      attr_reader :user
+
+      # Instantiate a new authenticator.
+      #
+      # @example Create the authenticator.
+      #   Mongo::Auth::LDAP.new(user)
+      #
+      # @param [ Mongo::Auth::User ] user The user to authenticate.
+      #
+      # @since 2.0.0
+      def initialize(user)
+        @user = user
+      end
       # Log the user in on the given connection.
       #
       # @example Log the user in.
diff --git a/lib/mongo/auth/scram.rb b/lib/mongo/auth/scram.rb
@@ -21,13 +21,27 @@ module Auth
     #
     # @since 2.0.0
     class SCRAM
-      include Executable
 
       # The authentication mechinism string.
       #
       # @since 2.0.0
       MECHANISM = 'SCRAM-SHA-1'.freeze
 
+      # @return [ Mongo::Auth::User ] The user to authenticate.
+      attr_reader :user
+
+      # Instantiate a new authenticator.
+      #
+      # @example Create the authenticator.
+      #   Mongo::Auth::SCRAM.new(user)
+      #
+      # @param [ Mongo::Auth::User ] user The user to authenticate.
+      #
+      # @since 2.0.0
+      def initialize(user)
+        @user = user
+      end
+
       # Log the user in on the given connection.
       #
       # @example Log the user in.
diff --git a/lib/mongo/auth/scram/conversation.rb b/lib/mongo/auth/scram/conversation.rb
@@ -111,7 +111,7 @@ class Conversation
         def continue(reply)
           validate_first_message!(reply)
           Protocol::Query.new(
-            Database::ADMIN,
+            user.auth_source,
             Database::COMMAND,
             CLIENT_CONTINUE_MESSAGE.merge(payload: client_final_message, conversationId: id),
             limit: -1
@@ -133,7 +133,7 @@ def continue(reply)
         def finalize(reply)
           validate_final_message!(reply)
           Protocol::Query.new(
-            Database::ADMIN,
+            user.auth_source,
             Database::COMMAND,
             CLIENT_CONTINUE_MESSAGE.merge(payload: client_empty_message, conversationId: id),
             limit: -1
@@ -151,7 +151,7 @@ def finalize(reply)
         # @since 2.0.0
         def start
           Protocol::Query.new(
-            Database::ADMIN,
+            user.auth_source,
             Database::COMMAND,
             CLIENT_FIRST_MESSAGE.merge(payload: client_first_message, mechanism: SCRAM::MECHANISM),
             limit: -1
diff --git a/lib/mongo/auth/user.rb b/lib/mongo/auth/user.rb
@@ -134,8 +134,8 @@ def hashed_password
       #
       # @since 2.0.0
       def initialize(options)
-        @auth_source = options[:auth_source] || options[:database] || Database::ADMIN
         @database = options[:database] || Database::ADMIN
+        @auth_source = options[:auth_source] || @database
         @name = options[:user]
         @password = options[:password] || options[:pwd]
         @mechanism = options[:auth_mech] || :mongodb_cr
diff --git a/lib/mongo/auth/x509.rb b/lib/mongo/auth/x509.rb
@@ -21,13 +21,27 @@ module Auth
     #
     # @since 2.0.0
     class X509
-      include Executable
 
       # The authentication mechinism string.
       #
       # @since 2.0.0
       MECHANISM = 'MONGODB-X509'.freeze
 
+      # @return [ Mongo::Auth::User ] The user to authenticate.
+      attr_reader :user
+
+      # Instantiate a new authenticator.
+      #
+      # @example Create the authenticator.
+      #   Mongo::Auth::X509.new(user)
+      #
+      # @param [ Mongo::Auth::User ] user The user to authenticate.
+      #
+      # @since 2.0.0
+      def initialize(user)
+        @user = user
+      end
+
       # Log the user in on the given connection.
       #
       # @example Log the user in.
