123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136 |
- 'use strict';
- var shallowClone = require('./utils').shallowClone,
- handleCallback = require('./utils').handleCallback,
- MongoError = require('mongodb-core').MongoError,
- f = require('util').format;
- var authenticate = function(client, username, password, options, callback) {
- // Did the user destroy the topology
- if (client.topology && client.topology.isDestroyed())
- return callback(new MongoError('topology was destroyed'));
- // the default db to authenticate against is 'self'
- // if authententicate is called from a retry context, it may be another one, like admin
- var authdb = options.dbName;
- authdb = options.authdb ? options.authdb : authdb;
- authdb = options.authSource ? options.authSource : authdb;
- // Callback
- var _callback = function(err, result) {
- if (client.listeners('authenticated').length > 0) {
- client.emit('authenticated', err, result);
- }
- // Return to caller
- handleCallback(callback, err, result);
- };
- // authMechanism
- var authMechanism = options.authMechanism || '';
- authMechanism = authMechanism.toUpperCase();
- // If classic auth delegate to auth command
- if (authMechanism === 'MONGODB-CR') {
- client.topology.auth('mongocr', authdb, username, password, function(err) {
- if (err) return handleCallback(callback, err, false);
- _callback(null, true);
- });
- } else if (authMechanism === 'PLAIN') {
- client.topology.auth('plain', authdb, username, password, function(err) {
- if (err) return handleCallback(callback, err, false);
- _callback(null, true);
- });
- } else if (authMechanism === 'MONGODB-X509') {
- client.topology.auth('x509', authdb, username, password, function(err) {
- if (err) return handleCallback(callback, err, false);
- _callback(null, true);
- });
- } else if (authMechanism === 'SCRAM-SHA-1') {
- client.topology.auth('scram-sha-1', authdb, username, password, function(err) {
- if (err) return handleCallback(callback, err, false);
- _callback(null, true);
- });
- } else if (authMechanism === 'SCRAM-SHA-256') {
- client.topology.auth('scram-sha-256', authdb, username, password, function(err) {
- if (err) return handleCallback(callback, err, false);
- _callback(null, true);
- });
- } else if (authMechanism === 'GSSAPI') {
- if (process.platform === 'win32') {
- client.topology.auth('sspi', authdb, username, password, options, function(err) {
- if (err) return handleCallback(callback, err, false);
- _callback(null, true);
- });
- } else {
- client.topology.auth('gssapi', authdb, username, password, options, function(err) {
- if (err) return handleCallback(callback, err, false);
- _callback(null, true);
- });
- }
- } else if (authMechanism === 'DEFAULT') {
- client.topology.auth('default', authdb, username, password, function(err) {
- if (err) return handleCallback(callback, err, false);
- _callback(null, true);
- });
- } else {
- handleCallback(
- callback,
- MongoError.create({
- message: f('authentication mechanism %s not supported', options.authMechanism),
- driver: true
- })
- );
- }
- };
- module.exports = function(self, username, password, options, callback) {
- if (typeof options === 'function') (callback = options), (options = {});
- options = options || {};
- // Shallow copy the options
- options = shallowClone(options);
- // Set default mechanism
- if (!options.authMechanism) {
- options.authMechanism = 'DEFAULT';
- } else if (
- options.authMechanism !== 'GSSAPI' &&
- options.authMechanism !== 'DEFAULT' &&
- options.authMechanism !== 'MONGODB-CR' &&
- options.authMechanism !== 'MONGODB-X509' &&
- options.authMechanism !== 'SCRAM-SHA-1' &&
- options.authMechanism !== 'SCRAM-SHA-256' &&
- options.authMechanism !== 'PLAIN'
- ) {
- return handleCallback(
- callback,
- MongoError.create({
- message:
- 'only DEFAULT, GSSAPI, PLAIN, MONGODB-X509, or SCRAM-SHA-1 is supported by authMechanism',
- driver: true
- })
- );
- }
- // If we have a callback fallback
- if (typeof callback === 'function')
- return authenticate(self, username, password, options, function(err, r) {
- // Support failed auth method
- if (err && err.message && err.message.indexOf('saslStart') !== -1) err.code = 59;
- // Reject error
- if (err) return callback(err, r);
- callback(null, r);
- });
- // Return a promise
- return new self.s.promiseLibrary(function(resolve, reject) {
- authenticate(self, username, password, options, function(err, r) {
- // Support failed auth method
- if (err && err.message && err.message.indexOf('saslStart') !== -1) err.code = 59;
- // Reject error
- if (err) return reject(err);
- resolve(r);
- });
- });
- };
|