Home Explore Help
Sign In
serg1557733
/
nixchat
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
nixchat
/
server
/
node_modules
/
mongodb
/
lib
/
cmap
/
auth
/
mongo_credentials.js

mongo_credentials.js 6.2 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123 
  1. "use strict";
    2. 

  2. // Resolves the default auth mechanism according to
    3. 

  3. Object.defineProperty(exports, "__esModule", { value: true });
    4. 

  4. exports.MongoCredentials = void 0;
    5. 

  5. const error_1 = require("../../error");
    6. 

  6. const providers_1 = require("./providers");
    7. 

  7. // https://github.com/mongodb/specifications/blob/master/source/auth/auth.rst
    8. 

  8. function getDefaultAuthMechanism(hello) {
    9. 

  9.     if (hello) {
    10. 

  10.         // If hello contains saslSupportedMechs, use scram-sha-256
    11. 

  11.         // if it is available, else scram-sha-1
    12. 

  12.         if (Array.isArray(hello.saslSupportedMechs)) {
    13. 

  13.             return hello.saslSupportedMechs.includes(providers_1.AuthMechanism.MONGODB_SCRAM_SHA256)
    14. 

  14.                 ? providers_1.AuthMechanism.MONGODB_SCRAM_SHA256
    15. 

  15.                 : providers_1.AuthMechanism.MONGODB_SCRAM_SHA1;
    16. 

  16.         }
    17. 

  17.         // Fallback to legacy selection method. If wire version >= 3, use scram-sha-1
    18. 

  18.         if (hello.maxWireVersion >= 3) {
    19. 

  19.             return providers_1.AuthMechanism.MONGODB_SCRAM_SHA1;
    20. 

  20.         }
    21. 

  21.     }
    22. 

  22.     // Default for wireprotocol < 3
    23. 

  23.     return providers_1.AuthMechanism.MONGODB_CR;
    24. 

  24. }
    25. 

  25. /**
    26. 

  26.  * A representation of the credentials used by MongoDB
    27. 

  27.  * @public
    28. 

  28.  */
    29. 

  29. class MongoCredentials {
    30. 

  30.     constructor(options) {
    31. 

  31.         this.username = options.username;
    32. 

  32.         this.password = options.password;
    33. 

  33.         this.source = options.source;
    34. 

  34.         if (!this.source && options.db) {
    35. 

  35.             this.source = options.db;
    36. 

  36.         }
    37. 

  37.         this.mechanism = options.mechanism || providers_1.AuthMechanism.MONGODB_DEFAULT;
    38. 

  38.         this.mechanismProperties = options.mechanismProperties || {};
    39. 

  39.         if (this.mechanism.match(/MONGODB-AWS/i)) {
    40. 

  40.             if (!this.username && process.env.AWS_ACCESS_KEY_ID) {
    41. 

  41.                 this.username = process.env.AWS_ACCESS_KEY_ID;
    42. 

  42.             }
    43. 

  43.             if (!this.password && process.env.AWS_SECRET_ACCESS_KEY) {
    44. 

  44.                 this.password = process.env.AWS_SECRET_ACCESS_KEY;
    45. 

  45.             }
    46. 

  46.             if (this.mechanismProperties.AWS_SESSION_TOKEN == null &&
    47. 

  47.                 process.env.AWS_SESSION_TOKEN != null) {
    48. 

  48.                 this.mechanismProperties = {
    49. 

  49.                     ...this.mechanismProperties,
    50. 

  50.                     AWS_SESSION_TOKEN: process.env.AWS_SESSION_TOKEN
    51. 

  51.                 };
    52. 

  52.             }
    53. 

  53.         }
    54. 

  54.         Object.freeze(this.mechanismProperties);
    55. 

  55.         Object.freeze(this);
    56. 

  56.     }
    57. 

  57.     /** Determines if two MongoCredentials objects are equivalent */
    58. 

  58.     equals(other) {
    59. 

  59.         return (this.mechanism === other.mechanism &&
    60. 

  60.             this.username === other.username &&
    61. 

  61.             this.password === other.password &&
    62. 

  62.             this.source === other.source);
    63. 

  63.     }
    64. 

  64.     /**
    65. 

  65.      * If the authentication mechanism is set to "default", resolves the authMechanism
    66. 

  66.      * based on the server version and server supported sasl mechanisms.
    67. 

  67.      *
    68. 

  68.      * @param hello - A hello response from the server
    69. 

  69.      */
    70. 

  70.     resolveAuthMechanism(hello) {
    71. 

  71.         // If the mechanism is not "default", then it does not need to be resolved
    72. 

  72.         if (this.mechanism.match(/DEFAULT/i)) {
    73. 

  73.             return new MongoCredentials({
    74. 

  74.                 username: this.username,
    75. 

  75.                 password: this.password,
    76. 

  76.                 source: this.source,
    77. 

  77.                 mechanism: getDefaultAuthMechanism(hello),
    78. 

  78.                 mechanismProperties: this.mechanismProperties
    79. 

  79.             });
    80. 

  80.         }
    81. 

  81.         return this;
    82. 

  82.     }
    83. 

  83.     validate() {
    84. 

  84.         if ((this.mechanism === providers_1.AuthMechanism.MONGODB_GSSAPI ||
    85. 

  85.             this.mechanism === providers_1.AuthMechanism.MONGODB_CR ||
    86. 

  86.             this.mechanism === providers_1.AuthMechanism.MONGODB_PLAIN ||
    87. 

  87.             this.mechanism === providers_1.AuthMechanism.MONGODB_SCRAM_SHA1 ||
    88. 

  88.             this.mechanism === providers_1.AuthMechanism.MONGODB_SCRAM_SHA256) &&
    89. 

  89.             !this.username) {
    90. 

  90.             throw new error_1.MongoMissingCredentialsError(`Username required for mechanism '${this.mechanism}'`);
    91. 

  91.         }
    92. 

  92.         if (providers_1.AUTH_MECHS_AUTH_SRC_EXTERNAL.has(this.mechanism)) {
    93. 

  93.             if (this.source != null && this.source !== '$external') {
    94. 

  94.                 // TODO(NODE-3485): Replace this with a MongoAuthValidationError
    95. 

  95.                 throw new error_1.MongoAPIError(`Invalid source '${this.source}' for mechanism '${this.mechanism}' specified.`);
    96. 

  96.             }
    97. 

  97.         }
    98. 

  98.         if (this.mechanism === providers_1.AuthMechanism.MONGODB_PLAIN && this.source == null) {
    99. 

  99.             // TODO(NODE-3485): Replace this with a MongoAuthValidationError
    100. 

  100.             throw new error_1.MongoAPIError('PLAIN Authentication Mechanism needs an auth source');
    101. 

  101.         }
    102. 

  102.         if (this.mechanism === providers_1.AuthMechanism.MONGODB_X509 && this.password != null) {
    103. 

  103.             if (this.password === '') {
    104. 

  104.                 Reflect.set(this, 'password', undefined);
    105. 

  105.                 return;
    106. 

  106.             }
    107. 

  107.             // TODO(NODE-3485): Replace this with a MongoAuthValidationError
    108. 

  108.             throw new error_1.MongoAPIError(`Password not allowed for mechanism MONGODB-X509`);
    109. 

  109.         }
    110. 

  110.     }
    111. 

  111.     static merge(creds, options) {
    112. 

  112.         var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l;
    113. 

  113.         return new MongoCredentials({
    114. 

  114.             username: (_b = (_a = options.username) !== null && _a !== void 0 ? _a : creds === null || creds === void 0 ? void 0 : creds.username) !== null && _b !== void 0 ? _b : '',
    115. 

  115.             password: (_d = (_c = options.password) !== null && _c !== void 0 ? _c : creds === null || creds === void 0 ? void 0 : creds.password) !== null && _d !== void 0 ? _d : '',
    116. 

  116.             mechanism: (_f = (_e = options.mechanism) !== null && _e !== void 0 ? _e : creds === null || creds === void 0 ? void 0 : creds.mechanism) !== null && _f !== void 0 ? _f : providers_1.AuthMechanism.MONGODB_DEFAULT,
    117. 

  117.             mechanismProperties: (_h = (_g = options.mechanismProperties) !== null && _g !== void 0 ? _g : creds === null || creds === void 0 ? void 0 : creds.mechanismProperties) !== null && _h !== void 0 ? _h : {},
    118. 

  118.             source: (_l = (_k = (_j = options.source) !== null && _j !== void 0 ? _j : options.db) !== null && _k !== void 0 ? _k : creds === null || creds === void 0 ? void 0 : creds.source) !== null && _l !== void 0 ? _l : 'admin'
    119. 

  119.         });
    120. 

  120.     }
    121. 

  121. }
    122. 

  122. exports.MongoCredentials = MongoCredentials;
    123. 

  123. //# sourceMappingURL=mongo_credentials.js.map
    124.