From d21aa768ae6e84073702f0a8a70f7abbe9656818 Mon Sep 17 00:00:00 2001 From: JD Robertson <44848933+JD-Robertson@users.noreply.github.com> Date: Wed, 20 Sep 2023 10:40:57 -0500 Subject: [PATCH] Add support for LDAP authentication (#5) * Add support for LDAP authentication * Unit test for url parser changes --- lib/mongo/auth.ex | 4 ++++ lib/mongo/auth/plain.ex | 31 +++++++++++++++++++++++++++++++ lib/mongo/url_parser.ex | 1 + test/mongo/url_parser_test.exs | 20 ++++++++++++++++++++ 4 files changed, 56 insertions(+) create mode 100644 lib/mongo/auth/plain.ex diff --git a/lib/mongo/auth.ex b/lib/mongo/auth.ex index ce6afcd3..6505f8e0 100644 --- a/lib/mongo/auth.ex +++ b/lib/mongo/auth.ex @@ -39,6 +39,10 @@ defmodule Mongo.Auth do Mongo.Auth.X509 end + defp mechanism(%{wire_version: version, auth_mechanism: :plain}) when version >= 3 do + Mongo.Auth.PLAIN + end + defp mechanism(%{wire_version: version}) when version >= 3 do Mongo.Auth.SCRAM end diff --git a/lib/mongo/auth/plain.ex b/lib/mongo/auth/plain.ex new file mode 100644 index 00000000..1702a49c --- /dev/null +++ b/lib/mongo/auth/plain.ex @@ -0,0 +1,31 @@ +defmodule Mongo.Auth.PLAIN do + @moduledoc false + alias Mongo.MongoDBConnection.Utils + + def auth({nil, nil}, _db, _s) do + :ok + end + + def auth({username, password}, _db, s) do + auth_payload = build_auth_payload(username, password) + message = [saslStart: 1, mechanism: "PLAIN", payload: auth_payload] + + case Utils.command(-3, message, s) do + {:ok, _flags, %{"ok" => ok, "done" => true}} when ok == 1 -> + :ok + + {:ok, _flags, %{"ok" => ok, "errmsg" => reason, "code" => code}} when ok == 0 -> + {:error, Mongo.Error.exception(message: "auth failed for user #{username}: #{reason}", code: code)} + + error -> + error + end + end + + defp build_auth_payload(username, password) do + # https://www.ietf.org/rfc/rfc4616.txt + # Null separate listed of authorization ID (blank), username, password. These are sent as raw UTF-8. + payload = "\0#{username}\0#{password}" + %BSON.Binary{binary: payload} + end +end diff --git a/lib/mongo/url_parser.ex b/lib/mongo/url_parser.ex index 0c3202f7..c1bcb625 100644 --- a/lib/mongo/url_parser.ex +++ b/lib/mongo/url_parser.ex @@ -111,6 +111,7 @@ defmodule Mongo.UrlParser do defp decode_percent(:username, value), do: URI.decode_www_form(value) defp decode_percent(:password, value), do: URI.decode_www_form(value) + defp decode_percent(:auth_source, value), do: URI.decode_www_form(value) defp decode_percent(_other, value), do: value defp parse_query_options(opts, %{"options" => options}) when is_binary(options) do diff --git a/test/mongo/url_parser_test.exs b/test/mongo/url_parser_test.exs index 71d7fb0a..4136bb5e 100644 --- a/test/mongo/url_parser_test.exs +++ b/test/mongo/url_parser_test.exs @@ -116,5 +116,25 @@ defmodule Mongo.UrlParserTest do username = Keyword.get(opts, :username) assert username == real_username end + + test "external auth source " do + encoded_external_auth_source = URI.encode_www_form("$external") + url = "mongodb://user:password@seed1.domain.com:27017,seed2.domain.com:27017,seed3.domain.com:27017/db_name?replicaSet=set-name&authMechanism=PLAIN&authSource=#{encoded_external_auth_source}&tls=true" + + assert UrlParser.parse_url(url: url) |> Keyword.drop([:pw_safe]) == [ + password: "*****", + username: "user", + database: "db_name", + tls: true, + auth_source: "$external", + auth_mechanism: :plain, + set_name: "set-name", + seeds: [ + "seed1.domain.com:27017", + "seed2.domain.com:27017", + "seed3.domain.com:27017" + ] + ] + end end end