Class: Mongo::Auth::SCRAM::Conversation

Inherits:

Object

• Object
• Mongo::Auth::SCRAM::Conversation

Defined in:

lib/mongo/auth/scram/conversation.rb

Overview

Defines behavior around a single SCRAM-SHA-1 conversation between the client and server.

Since:

• 2.0.0

Constant Summary

CLIENT_CONTINUE_MESSAGE =

The base client continue message.

Since:

• 2.0.0

{ saslContinue: 1 }.freeze

CLIENT_FIRST_MESSAGE =

The base client first message.

Since:

• 2.0.0

{ saslStart: 1, autoAuthorize: 1 }.freeze

CLIENT_KEY =

The client key string.

Since:

• 2.0.0

'Client Key'.freeze

DONE =

The key for the done field in the responses.

Since:

• 2.0.0

'done'.freeze

ID =

The conversation id field.

Since:

• 2.0.0

'conversationId'.freeze

ITERATIONS =

The iterations key in the responses.

Since:

• 2.0.0

/i=(\d+)/.freeze

MIN_ITER_COUNT =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

The minimum iteration count for SCRAM-SHA-256.

Since:

• 2.6.0

4096

PAYLOAD =

The payload field.

Since:

• 2.0.0

'payload'.freeze

RNONCE =

The rnonce key in the responses.

Since:

• 2.0.0

/r=([^,]*)/.freeze

SALT =

The salt key in the responses.

Since:

• 2.0.0

/s=([^,]*)/.freeze

SERVER_KEY =

The server key string.

Since:

• 2.0.0

'Server Key'.freeze

VERIFIER =

The server signature verifier in the response.

Since:

• 2.0.0

/v=([^,]*)/.freeze

Instance Attribute Summary

• #nonce ⇒ String readonly

  Nonce The initial user nonce.

• #reply ⇒ Protocol::Message readonly

  Reply The current reply in the conversation.

• #user ⇒ User readonly

  User The user for the conversation.

Instance Method Summary

• #continue(reply, connection = nil) ⇒ Protocol::Query

  Continue the SCRAM conversation.

• #finalize(reply, connection = nil) ⇒ Protocol::Query

  Finalize the SCRAM conversation.

• #id ⇒ Integer

  Get the id of the conversation.

• #initialize(user, mechanism) ⇒ Conversation constructor

  Create the new conversation.

• #start(connection = nil) ⇒ Protocol::Query

  Start the SCRAM conversation.

Constructor Details

#initialize(user, mechanism) ⇒ Conversation

Create the new conversation.

Examples:

Create the new conversation.

Conversation.new(user, mechanism)

Parameters:

• user (Auth::User) —

  The user to converse about.

Since:

• 2.0.0

# File 'lib/mongo/auth/scram/conversation.rb', line 218

def initialize(user, mechanism)
  @user = user
  @nonce = SecureRandom.base64
  @client_key = user.send(:client_key)
  @mechanism = mechanism
end

Instance Attribute Details

#nonce ⇒ String (readonly)

Returns nonce The initial user nonce.

Returns:

• (String) —

  nonce The initial user nonce.

Since:

• 2.0.0

# File 'lib/mongo/auth/scram/conversation.rb', line 91

def nonce
  @nonce
end

#reply ⇒ Protocol::Message (readonly)

Returns reply The current reply in the conversation.

Returns:

• (Protocol::Message) —

  reply The current reply in the conversation.

Since:

• 2.0.0

# File 'lib/mongo/auth/scram/conversation.rb', line 95

def reply
  @reply
end

#user ⇒ User (readonly)

Returns user The user for the conversation.

Returns:

• (User) —

  user The user for the conversation.

Since:

• 2.0.0

# File 'lib/mongo/auth/scram/conversation.rb', line 98

def user
  @user
end

Instance Method Details

#continue(reply, connection = nil) ⇒ Protocol::Query

Continue the SCRAM conversation. This sends the client final message to the server after setting the reply from the previous server communication.

Examples:

Continue the conversation.

conversation.continue(reply)

Parameters:

• reply (Protocol::Message) —

  The reply of the previous message.

• connection (Mongo::Server::Connection) (defaults to: nil) —

  The connection being authenticated.

Returns:

• (Protocol::Query) —

  The next message to send.

Since:

• 2.0.0

# File 'lib/mongo/auth/scram/conversation.rb', line 114

def continue(reply, connection = nil)
  validate_first_message!(reply)

  # The salted password needs to be calculated now; otherwise, if the
  # client key is cached from a previous authentication, the salt in the
  # reply will no longer be available for when the salted password is
  # needed to calculate the server key.
  salted_password

  if connection && connection.features.op_msg_enabled?
    selector = CLIENT_CONTINUE_MESSAGE.merge(payload: client_final_message, conversationId: id)
    selector[Protocol::Msg::DATABASE_IDENTIFIER] = user.auth_source
    cluster_time = connection.mongos? && connection.cluster_time
    selector[Operation::CLUSTER_TIME] = cluster_time if cluster_time
    Protocol::Msg.new([], {}, selector)
  else
    Protocol::Query.new(
      user.auth_source,
      Database::COMMAND,
      CLIENT_CONTINUE_MESSAGE.merge(payload: client_final_message, conversationId: id),
      limit: -1
    )
  end
end

#finalize(reply, connection = nil) ⇒ Protocol::Query

Finalize the SCRAM conversation. This is meant to be iterated until the provided reply indicates the conversation is finished.

Examples:

Finalize the conversation.

conversation.finalize(reply)

Parameters:

• reply (Protocol::Message) —

  The reply of the previous message.

• connection (Mongo::Server::Connection) (defaults to: nil) —

  The connection being authenticated.

Returns:

• (Protocol::Query) —

  The next message to send.

Since:

• 2.0.0

# File 'lib/mongo/auth/scram/conversation.rb', line 152

def finalize(reply, connection = nil)
  validate_final_message!(reply)
  if connection && connection.features.op_msg_enabled?
    selector = CLIENT_CONTINUE_MESSAGE.merge(payload: client_empty_message, conversationId: id)
    selector[Protocol::Msg::DATABASE_IDENTIFIER] = user.auth_source
    cluster_time = connection.mongos? && connection.cluster_time
    selector[Operation::CLUSTER_TIME] = cluster_time if cluster_time
    Protocol::Msg.new([], {}, selector)
  else
    Protocol::Query.new(
      user.auth_source,
      Database::COMMAND,
      CLIENT_CONTINUE_MESSAGE.merge(payload: client_empty_message, conversationId: id),
      limit: -1
    )
  end
end

#id ⇒ Integer

Get the id of the conversation.

Examples:

Get the id of the conversation.

conversation.id

Returns:

• (Integer) —

  The conversation id.

Since:

• 2.0.0

# File 'lib/mongo/auth/scram/conversation.rb', line 206

def id
  reply.documents[0][ID]
end

#start(connection = nil) ⇒ Protocol::Query

Start the SCRAM conversation. This returns the first message that needs to be send to the server.

Examples:

Start the conversation.

conversation.start

Parameters:

• connection (Mongo::Server::Connection) (defaults to: nil) —

  The connection being authenticated.

Returns:

• (Protocol::Query) —

  The first SCRAM conversation message.

Since:

• 2.0.0

# File 'lib/mongo/auth/scram/conversation.rb', line 181

def start(connection = nil)
  if connection && connection.features.op_msg_enabled?
    selector = CLIENT_FIRST_MESSAGE.merge(payload: client_first_message, mechanism: @mechanism)
    selector[Protocol::Msg::DATABASE_IDENTIFIER] = user.auth_source
    cluster_time = connection.mongos? && connection.cluster_time
    selector[Operation::CLUSTER_TIME] = cluster_time if cluster_time
    Protocol::Msg.new([], {}, selector)
  else
    Protocol::Query.new(
      user.auth_source,
      Database::COMMAND,
      CLIENT_FIRST_MESSAGE.merge(payload: client_first_message, mechanism: @mechanism),
      limit: -1
    )
  end
end