Class: Mongo::Auth::User

Inherits:
Object
  • Object
show all
Includes:
Loggable
Defined in:
lib/mongo/auth/user.rb,
lib/mongo/auth/user/view.rb

Overview

Represents a user in MongoDB.

Since:

  • 2.0.0

Defined Under Namespace

Classes: View

Constant Summary

Constants included from Loggable

Loggable::PREFIX

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Loggable

#log_debug, #log_error, #log_fatal, #log_info, #log_warn, #logger

Constructor Details

#initialize(options) ⇒ User

Create the new user.

Examples:

Create a new user.

Mongo::Auth::User.new(options)

Parameters:

  • options (Hash)

    The options to create the user from.

Options Hash (options):

  • :auth_source (String)

    The authorization database or external source.

  • :database (String)

    The database the user is authorized for.

  • :user (String)

    The user name.

  • :password (String)

    The user’s password.

  • :pwd (String)

    Legacy option for the user’s password. If :password and :pwd are both specified, :password takes precedence.

  • :auth_mech (Symbol)

    The authorization mechanism.

  • roles (Array<String>, Array<Hash>)

    The user roles.

Since:

  • 2.0.0



160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
 
# File 'lib/mongo/auth/user.rb', line 160

def initialize(options)
  @database = options[:database] || Database::ADMIN
  @auth_source = options[:auth_source] || self.class.default_auth_source(options)
  @name = options[:user]
  @password = options[:password] || options[:pwd]
  @mechanism = options[:auth_mech]
  if @mechanism
    # Since the driver must select an authentication class for
    # the specified mechanism, mechanisms that the driver does not
    # know about, and cannot translate to an authentication class,
    # need to be rejected.
    unless @mechanism.is_a?(Symbol)
      # Although we documented auth_mech option as being a symbol, we
      # have not enforced this; warn, reject in lint mode
      if Lint.enabled?
        raise Error::LintError, "Auth mechanism #{@mechanism.inspect} must be specified as a symbol"
      else
        log_warn("Auth mechanism #{@mechanism.inspect} should be specified as a symbol")
        @mechanism = @mechanism.to_sym
      end
    end
    unless Auth::SOURCES.key?(@mechanism)
      raise InvalidMechanism.new(options[:auth_mech])
    end
  end
  @auth_mech_properties = options[:auth_mech_properties] || {}
  @roles = options[:roles] || []
end

Instance Attribute Details

#auth_mech_propertiesHash (readonly)

Returns The authentication mechanism properties.

Returns:

  • (Hash)

    The authentication mechanism properties.

Since:

  • 2.0.0



34
35
36
 
# File 'lib/mongo/auth/user.rb', line 34

def auth_mech_properties
  @auth_mech_properties
end

#auth_sourceString (readonly)

Returns The authorization source, either a database or external name.

Returns:

  • (String)

    The authorization source, either a database or external name.

Since:

  • 2.0.0



28
29
30
 
# File 'lib/mongo/auth/user.rb', line 28

def auth_source
  @auth_source
end

#databaseString (readonly)

Returns The database the user is created in.

Returns:

  • (String)

    The database the user is created in.

Since:

  • 2.0.0



31
32
33
 
# File 'lib/mongo/auth/user.rb', line 31

def database
  @database
end

#mechanismSymbol (readonly)

Returns The authorization mechanism.

Returns:

  • (Symbol)

    The authorization mechanism.

Since:

  • 2.0.0



37
38
39
 
# File 'lib/mongo/auth/user.rb', line 37

def mechanism
  @mechanism
end

#nameString (readonly)

Returns The username.

Returns:

  • (String)

    The username.

Since:

  • 2.0.0



40
41
42
 
# File 'lib/mongo/auth/user.rb', line 40

def name
  @name
end

#passwordString (readonly)

Returns The cleartext password.

Returns:

  • (String)

    The cleartext password.

Since:

  • 2.0.0



43
44
45
 
# File 'lib/mongo/auth/user.rb', line 43

def password
  @password
end

#rolesArray<String> (readonly)

Returns roles The user roles.

Returns:

  • (Array<String>)

    roles The user roles.

Since:

  • 2.0.0



46
47
48
 
# File 'lib/mongo/auth/user.rb', line 46

def roles
  @roles
end

Instance Method Details

#==(other) ⇒ true, false

Determine if this user is equal to another.

Examples:

Check user equality.

user == other

Parameters:

  • other (Object)

    The object to compare against.

Returns:

  • (true, false)

    If the objects are equal.

Since:

  • 2.0.0



66
67
68
69
 
# File 'lib/mongo/auth/user.rb', line 66

def ==(other)
  return false unless other.is_a?(User)
  name == other.name && database == other.database && password == other.password
end

#auth_key(nonce) ⇒ String

Get an authentication key for the user based on a nonce from the server.

Examples:

Get the authentication key.

user.auth_key(nonce)

Parameters:

  • nonce (String)

    The response from the server.

Returns:

  • (String)

    The authentication key.

Since:

  • 2.0.0



82
83
84
 
# File 'lib/mongo/auth/user.rb', line 82

def auth_key(nonce)
  Digest::MD5.hexdigest("#{nonce}#{name}#{hashed_password}")
end

#encoded_nameString

Get the UTF-8 encoded name with escaped special characters for use with SCRAM authorization.

Examples:

Get the encoded name.

user.encoded_name

Returns:

  • (String)

    The encoded user name.

Since:

  • 2.0.0



95
96
97
 
# File 'lib/mongo/auth/user.rb', line 95

def encoded_name
  name.encode(BSON::UTF8).gsub('=','=3D').gsub(',','=2C')
end

#hashString

Get the hash key for the user.

Examples:

Get the hash key.

user.hash

Returns:

  • (String)

    The user hash key.

Since:

  • 2.0.0



107
108
109
 
# File 'lib/mongo/auth/user.rb', line 107

def hash
  [ name, database, password ].hash
end

#hashed_passwordString

Get the user’s hashed password for SCRAM-SHA-1.

Examples:

Get the user’s hashed password.

user.hashed_password

Returns:

  • (String)

    The hashed password.

Since:

  • 2.0.0



119
120
121
122
123
124
125
 
# File 'lib/mongo/auth/user.rb', line 119

def hashed_password
  unless password
    raise Error::MissingPassword
  end

  @hashed_password ||= Digest::MD5.hexdigest("#{name}:mongo:#{password}").encode(BSON::UTF8)
end

#optionsObject

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Loggable requires an options attribute. We don’t have any options hence provide this as a stub.

Since:

  • 2.0.0



52
53
54
 
# File 'lib/mongo/auth/user.rb', line 52

def options
  {}
end

#sasl_prepped_passwordObject

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Get the user’s stringprepped password for SCRAM-SHA-256.

Since:

  • 2.0.0



130
131
132
133
134
135
136
137
138
139
 
# File 'lib/mongo/auth/user.rb', line 130

def sasl_prepped_password
  unless password
    raise Error::MissingPassword
  end

  @sasl_prepped_password ||= StringPrep.prepare(password,
    StringPrep::Profiles::SASL::MAPPINGS,
    StringPrep::Profiles::SASL::PROHIBITED,
    normalize: true, bidi: true).encode(BSON::UTF8)
end

#specHash

Get the specification for the user, used in creation.

Examples:

Get the user’s specification.

user.spec

Returns:

  • (Hash)

    The user spec.

Since:

  • 2.0.0



197
198
199
200
201
202
203
 
# File 'lib/mongo/auth/user.rb', line 197

def spec
  {roles: roles}.tap do |spec|
    if password
      spec[:pwd] = password
    end
  end
end