Merge pull request #601 from estolfo/RUBY-890-auth

RUBY-890 Adjustments to auth and test suite

Author: estolfo

lib/mongo/auth.rb

@@ -12,7 +12,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require 'mongo/auth/executable'
 require 'mongo/auth/cr'
 require 'mongo/auth/ldap'
 require 'mongo/auth/scram'

lib/mongo/auth/cr.rb

@@ -21,7 +21,26 @@ module Auth
     #
     # @since 2.0.0
     class CR
-      include Executable
+
+      # The authentication mechinism string.
+      #
+      # @since 2.0.0
+      MECHANISM = 'MONGODB-CR'.freeze
+
+      # @return [ Mongo::Auth::User ] The user to authenticate.
+      attr_reader :user
+
+      # Instantiate a new authenticator.
+      #
+      # @example Create the authenticator.
+      #   Mongo::Auth::CR.new(user)
+      #
+      # @param [ Mongo::Auth::User ] user The user to authenticate.
+      #
+      # @since 2.0.0
+      def initialize(user)
+        @user = user
+      end
 
       # Log the user in on the given connection.
       #
@@ -34,7 +53,7 @@ class CR
       #
       # @since 2.0.0
       def login(connection)
-        conversation = Conversation.new(user, auth_database(connection))
+        conversation = Conversation.new(user)
         reply = connection.dispatch([ conversation.start ])
         reply = connection.dispatch([ conversation.continue(reply) ])
         conversation.finalize(reply)

lib/mongo/auth/cr/conversation.rb

@@ -56,7 +56,7 @@ class Conversation
         def continue(reply)
           validate!(reply)
           Protocol::Query.new(
-            database,
+            user.auth_source,
             Database::COMMAND,
             LOGIN.merge(user: user.name, nonce: nonce, key: user.auth_key(nonce)),
             limit: -1
@@ -89,7 +89,11 @@ def finalize(reply)
         #
         # @since 2.0.0
         def start
-          Protocol::Query.new(database, Database::COMMAND, Auth::GET_NONCE, limit: -1)
+          Protocol::Query.new(
+            user.auth_source,
+            Database::COMMAND,
+            Auth::GET_NONCE,
+            limit: -1)
         end
 
         # Create the new conversation.
@@ -101,9 +105,8 @@ def start
         # @param [ String ] database The database to authenticate against.
         #
         # @since 2.0.0
-        def initialize(user, database)
+        def initialize(user)
           @user = user
-          @database = database
         end
 
         private

lib/mongo/auth/executable.rb

@@ -21,13 +21,26 @@ module Auth
     #
     # @since 2.0.0
     class LDAP
-      include Executable
 
       # The authentication mechinism string.
       #
       # @since 2.0.0
       MECHANISM = 'PLAIN'.freeze
 
+      # @return [ Mongo::Auth::User ] The user to authenticate.
+      attr_reader :user
+
+      # Instantiate a new authenticator.
+      #
+      # @example Create the authenticator.
+      #   Mongo::Auth::LDAP.new(user)
+      #
+      # @param [ Mongo::Auth::User ] user The user to authenticate.
+      #
+      # @since 2.0.0
+      def initialize(user)
+        @user = user
+      end
       # Log the user in on the given connection.
       #
       # @example Log the user in.

lib/mongo/auth/ldap.rb

@@ -21,13 +21,27 @@ module Auth
     #
     # @since 2.0.0
     class SCRAM
-      include Executable
 
       # The authentication mechinism string.
       #
       # @since 2.0.0
       MECHANISM = 'SCRAM-SHA-1'.freeze
 
+      # @return [ Mongo::Auth::User ] The user to authenticate.
+      attr_reader :user
+
+      # Instantiate a new authenticator.
+      #
+      # @example Create the authenticator.
+      #   Mongo::Auth::SCRAM.new(user)
+      #
+      # @param [ Mongo::Auth::User ] user The user to authenticate.
+      #
+      # @since 2.0.0
+      def initialize(user)
+        @user = user
+      end
+
       # Log the user in on the given connection.
       #
       # @example Log the user in.

lib/mongo/auth/scram.rb

@@ -111,7 +111,7 @@ class Conversation
         def continue(reply)
           validate_first_message!(reply)
           Protocol::Query.new(
-            Database::ADMIN,
+            user.auth_source,
             Database::COMMAND,
             CLIENT_CONTINUE_MESSAGE.merge(payload: client_final_message, conversationId: id),
             limit: -1
@@ -133,7 +133,7 @@ def continue(reply)
         def finalize(reply)
           validate_final_message!(reply)
           Protocol::Query.new(
-            Database::ADMIN,
+            user.auth_source,
             Database::COMMAND,
             CLIENT_CONTINUE_MESSAGE.merge(payload: client_empty_message, conversationId: id),
             limit: -1
@@ -151,7 +151,7 @@ def finalize(reply)
         # @since 2.0.0
         def start
           Protocol::Query.new(
-            Database::ADMIN,
+            user.auth_source,
             Database::COMMAND,
             CLIENT_FIRST_MESSAGE.merge(payload: client_first_message, mechanism: SCRAM::MECHANISM),
             limit: -1

lib/mongo/auth/scram/conversation.rb

@@ -134,8 +134,8 @@ def hashed_password
       #
       # @since 2.0.0
       def initialize(options)
-        @auth_source = options[:auth_source] || options[:database] || Database::ADMIN
         @database = options[:database] || Database::ADMIN
+        @auth_source = options[:auth_source] || @database
         @name = options[:user]
         @password = options[:password] || options[:pwd]
         @mechanism = options[:auth_mech] || :mongodb_cr

lib/mongo/auth/user.rb

@@ -21,13 +21,27 @@ module Auth
     #
     # @since 2.0.0
     class X509
-      include Executable
 
       # The authentication mechinism string.
       #
       # @since 2.0.0
       MECHANISM = 'MONGODB-X509'.freeze
 
+      # @return [ Mongo::Auth::User ] The user to authenticate.
+      attr_reader :user
+
+      # Instantiate a new authenticator.
+      #
+      # @example Create the authenticator.
+      #   Mongo::Auth::X509.new(user)
+      #
+      # @param [ Mongo::Auth::User ] user The user to authenticate.
+      #
+      # @since 2.0.0
+      def initialize(user)
+        @user = user
+      end
+
       # Log the user in on the given connection.
       #
       # @example Log the user in.

lib/mongo/auth/x509.rb

@@ -22,7 +22,7 @@ class Connection
       include Connectable
       extend Forwardable
 
-      # @return [ Mongo::Auth::CR, Mongo::Auth::X509, Mongo::Auth:LDAP ]
+      # @return [ Mongo::Auth::CR, Mongo::Auth::X509, Mongo::Auth:LDAP, Mongo::Auth::SCRAM ]
       #   authenticator The authentication strategy.
       attr_reader :authenticator
 

lib/mongo/server/connection.rb

@@ -48,14 +48,14 @@
     begin
       # Adds the test user to the test database with permissions on all
       # databases that will be used in the test suite.
-      ADMIN_AUTHORIZED_CLIENT.database.users.create(TEST_USER)
+      ADMIN_AUTHORIZED_TEST_CLIENT.database.users.create(TEST_USER)
     rescue Exception => e
       unless write_command_enabled?
         # If we are on versions less than 2.6, we need to create a user for
         # each database, since the users are not stored in the admin database
         # but in the system.users collection on the datbases themselves. Also,
         # roles in versions lower than 2.6 can only be strings, not hashes.
-        begin ROOT_AUTHORIZED_CLIENT.database.users.create(TEST_READ_WRITE_USER); rescue; end
+        begin ADMIN_AUTHORIZED_TEST_CLIENT.database.users.create(TEST_READ_WRITE_USER); rescue; end
       end
     end
   end

spec/spec_helper.rb

@@ -54,7 +54,6 @@
 #
 # @since 2.0.0
 ROOT_USER = Mongo::Auth::User.new(
-  database: Mongo::Database::ADMIN,
   user: ROOT_USER_NAME,
   password: ROOT_USER_PWD,
   roles: [
@@ -112,20 +111,6 @@
   write: WRITE_CONCERN
 )
 
-# Provides an authorized mongo client on the default test database for the
-# default root system administrator.
-#
-# @since 2.0.0
-ROOT_AUTHORIZED_CLIENT = Mongo::Client.new(
-  ADDRESSES,
-  auth_source: Mongo::Database::ADMIN,
-  database: TEST_DB,
-  user: ROOT_USER.name,
-  password: ROOT_USER.password,
-  max_pool_size: 1,
-  write: WRITE_CONCERN
-)
-
 # Provides an unauthorized mongo client on the default test database.
 #
 # @since 2.0.0
@@ -147,13 +132,15 @@
   write: WRITE_CONCERN
 )
 
-# Get an authorized client on the admin database logged in as the admin
+# Get an authorized client on the test database logged in as the admin
 # root user.
 #
 # @since 2.0.0
-ADMIN_AUTHORIZED_CLIENT = ADMIN_UNAUTHORIZED_CLIENT.with(
+ADMIN_AUTHORIZED_TEST_CLIENT = ADMIN_UNAUTHORIZED_CLIENT.with(
   user: ROOT_USER.name,
-  password: ROOT_USER.password
+  password: ROOT_USER.password,
+  database: TEST_DB,
+  auth_source: Mongo::Database::ADMIN
 )
 
 module Authorization
@@ -181,12 +168,6 @@ def self.included(context)
     # @since 2.0.0
     context.let(:authorized_client) { AUTHORIZED_CLIENT }
 
-    # Provides an authorized mongo client on the default test database for the
-    # default root system administrator.
-    #
-    # @since 2.0.0
-    context.let(:root_authorized_client) { ROOT_AUTHORIZED_CLIENT }
-
     # Provides an unauthorized mongo client on the default test database.
     #
     # @since 2.0.0
@@ -198,11 +179,11 @@ def self.included(context)
     # @since 2.0.0
     context.let!(:admin_unauthorized_client) { ADMIN_UNAUTHORIZED_CLIENT }
 
-    # Get an authorized client on the admin database logged in as the admin
+    # Get an authorized client on the test database logged in as the admin
     # root user.
     #
     # @since 2.0.0
-    context.let!(:admin_authorized_client) { ADMIN_AUTHORIZED_CLIENT }
+    context.let!(:root_authorized_client) { ADMIN_AUTHORIZED_TEST_CLIENT }
 
     # Gets the default test collection from the authorized client.
     #