Home Explore Help
Sign In
serg1557733
/
chatRedux
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: a567ed0d96
Branches Tags
chatRedux
/
backend
/
node_modules
/
mongodb
/
lib
/
cmap
/
auth
/
mongo_credentials.js

mongo_credentials.js 6.9 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134 
  1. "use strict";
    2. 

  2. Object.defineProperty(exports, "__esModule", { value: true });
    3. 

  3. exports.MongoCredentials = void 0;
    4. 

  4. const error_1 = require("../../error");
    5. 

  5. const utils_1 = require("../../utils");
    6. 

  6. const gssapi_1 = require("./gssapi");
    7. 

  7. const providers_1 = require("./providers");
    8. 

  8. // https://github.com/mongodb/specifications/blob/master/source/auth/auth.rst
    9. 

  9. function getDefaultAuthMechanism(hello) {
    10. 

  10.     if (hello) {
    11. 

  11.         // If hello contains saslSupportedMechs, use scram-sha-256
    12. 

  12.         // if it is available, else scram-sha-1
    13. 

  13.         if (Array.isArray(hello.saslSupportedMechs)) {
    14. 

  14.             return hello.saslSupportedMechs.includes(providers_1.AuthMechanism.MONGODB_SCRAM_SHA256)
    15. 

  15.                 ? providers_1.AuthMechanism.MONGODB_SCRAM_SHA256
    16. 

  16.                 : providers_1.AuthMechanism.MONGODB_SCRAM_SHA1;
    17. 

  17.         }
    18. 

  18.         // Fallback to legacy selection method. If wire version >= 3, use scram-sha-1
    19. 

  19.         if (hello.maxWireVersion >= 3) {
    20. 

  20.             return providers_1.AuthMechanism.MONGODB_SCRAM_SHA1;
    21. 

  21.         }
    22. 

  22.     }
    23. 

  23.     // Default for wireprotocol < 3
    24. 

  24.     return providers_1.AuthMechanism.MONGODB_CR;
    25. 

  25. }
    26. 

  26. /**
    27. 

  27.  * A representation of the credentials used by MongoDB
    28. 

  28.  * @public
    29. 

  29.  */
    30. 

  30. class MongoCredentials {
    31. 

  31.     constructor(options) {
    32. 

  32.         this.username = options.username;
    33. 

  33.         this.password = options.password;
    34. 

  34.         this.source = options.source;
    35. 

  35.         if (!this.source && options.db) {
    36. 

  36.             this.source = options.db;
    37. 

  37.         }
    38. 

  38.         this.mechanism = options.mechanism || providers_1.AuthMechanism.MONGODB_DEFAULT;
    39. 

  39.         this.mechanismProperties = options.mechanismProperties || {};
    40. 

  40.         if (this.mechanism.match(/MONGODB-AWS/i)) {
    41. 

  41.             if (!this.username && process.env.AWS_ACCESS_KEY_ID) {
    42. 

  42.                 this.username = process.env.AWS_ACCESS_KEY_ID;
    43. 

  43.             }
    44. 

  44.             if (!this.password && process.env.AWS_SECRET_ACCESS_KEY) {
    45. 

  45.                 this.password = process.env.AWS_SECRET_ACCESS_KEY;
    46. 

  46.             }
    47. 

  47.             if (this.mechanismProperties.AWS_SESSION_TOKEN == null &&
    48. 

  48.                 process.env.AWS_SESSION_TOKEN != null) {
    49. 

  49.                 this.mechanismProperties = {
    50. 

  50.                     ...this.mechanismProperties,
    51. 

  51.                     AWS_SESSION_TOKEN: process.env.AWS_SESSION_TOKEN
    52. 

  52.                 };
    53. 

  53.             }
    54. 

  54.         }
    55. 

  55.         if ('gssapiCanonicalizeHostName' in this.mechanismProperties) {
    56. 

  56.             (0, utils_1.emitWarningOnce)('gssapiCanonicalizeHostName is deprecated. Please use CANONICALIZE_HOST_NAME instead.');
    57. 

  57.             this.mechanismProperties.CANONICALIZE_HOST_NAME =
    58. 

  58.                 this.mechanismProperties.gssapiCanonicalizeHostName;
    59. 

  59.         }
    60. 

  60.         Object.freeze(this.mechanismProperties);
    61. 

  61.         Object.freeze(this);
    62. 

  62.     }
    63. 

  63.     /** Determines if two MongoCredentials objects are equivalent */
    64. 

  64.     equals(other) {
    65. 

  65.         return (this.mechanism === other.mechanism &&
    66. 

  66.             this.username === other.username &&
    67. 

  67.             this.password === other.password &&
    68. 

  68.             this.source === other.source);
    69. 

  69.     }
    70. 

  70.     /**
    71. 

  71.      * If the authentication mechanism is set to "default", resolves the authMechanism
    72. 

  72.      * based on the server version and server supported sasl mechanisms.
    73. 

  73.      *
    74. 

  74.      * @param hello - A hello response from the server
    75. 

  75.      */
    76. 

  76.     resolveAuthMechanism(hello) {
    77. 

  77.         // If the mechanism is not "default", then it does not need to be resolved
    78. 

  78.         if (this.mechanism.match(/DEFAULT/i)) {
    79. 

  79.             return new MongoCredentials({
    80. 

  80.                 username: this.username,
    81. 

  81.                 password: this.password,
    82. 

  82.                 source: this.source,
    83. 

  83.                 mechanism: getDefaultAuthMechanism(hello),
    84. 

  84.                 mechanismProperties: this.mechanismProperties
    85. 

  85.             });
    86. 

  86.         }
    87. 

  87.         return this;
    88. 

  88.     }
    89. 

  89.     validate() {
    90. 

  90.         var _a;
    91. 

  91.         if ((this.mechanism === providers_1.AuthMechanism.MONGODB_GSSAPI ||
    92. 

  92.             this.mechanism === providers_1.AuthMechanism.MONGODB_CR ||
    93. 

  93.             this.mechanism === providers_1.AuthMechanism.MONGODB_PLAIN ||
    94. 

  94.             this.mechanism === providers_1.AuthMechanism.MONGODB_SCRAM_SHA1 ||
    95. 

  95.             this.mechanism === providers_1.AuthMechanism.MONGODB_SCRAM_SHA256) &&
    96. 

  96.             !this.username) {
    97. 

  97.             throw new error_1.MongoMissingCredentialsError(`Username required for mechanism '${this.mechanism}'`);
    98. 

  98.         }
    99. 

  99.         if (providers_1.AUTH_MECHS_AUTH_SRC_EXTERNAL.has(this.mechanism)) {
    100. 

  100.             if (this.source != null && this.source !== '$external') {
    101. 

  101.                 // TODO(NODE-3485): Replace this with a MongoAuthValidationError
    102. 

  102.                 throw new error_1.MongoAPIError(`Invalid source '${this.source}' for mechanism '${this.mechanism}' specified.`);
    103. 

  103.             }
    104. 

  104.         }
    105. 

  105.         if (this.mechanism === providers_1.AuthMechanism.MONGODB_PLAIN && this.source == null) {
    106. 

  106.             // TODO(NODE-3485): Replace this with a MongoAuthValidationError
    107. 

  107.             throw new error_1.MongoAPIError('PLAIN Authentication Mechanism needs an auth source');
    108. 

  108.         }
    109. 

  109.         if (this.mechanism === providers_1.AuthMechanism.MONGODB_X509 && this.password != null) {
    110. 

  110.             if (this.password === '') {
    111. 

  111.                 Reflect.set(this, 'password', undefined);
    112. 

  112.                 return;
    113. 

  113.             }
    114. 

  114.             // TODO(NODE-3485): Replace this with a MongoAuthValidationError
    115. 

  115.             throw new error_1.MongoAPIError(`Password not allowed for mechanism MONGODB-X509`);
    116. 

  116.         }
    117. 

  117.         const canonicalization = (_a = this.mechanismProperties.CANONICALIZE_HOST_NAME) !== null && _a !== void 0 ? _a : false;
    118. 

  118.         if (!Object.values(gssapi_1.GSSAPICanonicalizationValue).includes(canonicalization)) {
    119. 

  119.             throw new error_1.MongoAPIError(`Invalid CANONICALIZE_HOST_NAME value: ${canonicalization}`);
    120. 

  120.         }
    121. 

  121.     }
    122. 

  122.     static merge(creds, options) {
    123. 

  123.         var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l;
    124. 

  124.         return new MongoCredentials({
    125. 

  125.             username: (_b = (_a = options.username) !== null && _a !== void 0 ? _a : creds === null || creds === void 0 ? void 0 : creds.username) !== null && _b !== void 0 ? _b : '',
    126. 

  126.             password: (_d = (_c = options.password) !== null && _c !== void 0 ? _c : creds === null || creds === void 0 ? void 0 : creds.password) !== null && _d !== void 0 ? _d : '',
    127. 

  127.             mechanism: (_f = (_e = options.mechanism) !== null && _e !== void 0 ? _e : creds === null || creds === void 0 ? void 0 : creds.mechanism) !== null && _f !== void 0 ? _f : providers_1.AuthMechanism.MONGODB_DEFAULT,
    128. 

  128.             mechanismProperties: (_h = (_g = options.mechanismProperties) !== null && _g !== void 0 ? _g : creds === null || creds === void 0 ? void 0 : creds.mechanismProperties) !== null && _h !== void 0 ? _h : {},
    129. 

  129.             source: (_l = (_k = (_j = options.source) !== null && _j !== void 0 ? _j : options.db) !== null && _k !== void 0 ? _k : creds === null || creds === void 0 ? void 0 : creds.source) !== null && _l !== void 0 ? _l : 'admin'
    130. 

  130.         });
    131. 

  131.     }
    132. 

  132. }
    133. 

  133. exports.MongoCredentials = MongoCredentials;
    134. 

  134. //# sourceMappingURL=mongo_credentials.js.map
    135.