default.go

Documentation: go.mongodb.org/mongo-driver/x/mongo/driver/auth

     1  // Copyright (C) MongoDB, Inc. 2017-present.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License"); you may
     4  // not use this file except in compliance with the License. You may obtain
     5  // a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
     6  
     7  package auth
     8  
     9  import (
    10  	"context"
    11  	"fmt"
    12  )
    13  
    14  func newDefaultAuthenticator(cred *Cred) (Authenticator, error) {
    15  	scram, err := newScramSHA256Authenticator(cred)
    16  	if err != nil {
    17  		return nil, newAuthError("failed to create internal authenticator", err)
    18  	}
    19  	speculative, ok := scram.(SpeculativeAuthenticator)
    20  	if !ok {
    21  		typeErr := fmt.Errorf("expected SCRAM authenticator to be SpeculativeAuthenticator but got %T", scram)
    22  		return nil, newAuthError("failed to create internal authenticator", typeErr)
    23  	}
    24  
    25  	return &DefaultAuthenticator{
    26  		Cred:                     cred,
    27  		speculativeAuthenticator: speculative,
    28  	}, nil
    29  }
    30  
    31  // DefaultAuthenticator uses SCRAM-SHA-1 or MONGODB-CR depending
    32  // on the server version.
    33  type DefaultAuthenticator struct {
    34  	Cred *Cred
    35  
    36  	// The authenticator to use for speculative authentication. Because the correct auth mechanism is unknown when doing
    37  	// the initial hello, SCRAM-SHA-256 is used for the speculative attempt.
    38  	speculativeAuthenticator SpeculativeAuthenticator
    39  }
    40  
    41  var _ SpeculativeAuthenticator = (*DefaultAuthenticator)(nil)
    42  
    43  // CreateSpeculativeConversation creates a speculative conversation for SCRAM authentication.
    44  func (a *DefaultAuthenticator) CreateSpeculativeConversation() (SpeculativeConversation, error) {
    45  	return a.speculativeAuthenticator.CreateSpeculativeConversation()
    46  }
    47  
    48  // Auth authenticates the connection.
    49  func (a *DefaultAuthenticator) Auth(ctx context.Context, cfg *Config) error {
    50  	var actual Authenticator
    51  	var err error
    52  
    53  	switch chooseAuthMechanism(cfg) {
    54  	case SCRAMSHA256:
    55  		actual, err = newScramSHA256Authenticator(a.Cred)
    56  	case SCRAMSHA1:
    57  		actual, err = newScramSHA1Authenticator(a.Cred)
    58  	default:
    59  		actual, err = newMongoDBCRAuthenticator(a.Cred)
    60  	}
    61  
    62  	if err != nil {
    63  		return newAuthError("error creating authenticator", err)
    64  	}
    65  
    66  	return actual.Auth(ctx, cfg)
    67  }
    68  
    69  // If a server provides a list of supported mechanisms, we choose
    70  // SCRAM-SHA-256 if it exists or else MUST use SCRAM-SHA-1.
    71  // Otherwise, we decide based on what is supported.
    72  func chooseAuthMechanism(cfg *Config) string {
    73  	if saslSupportedMechs := cfg.HandshakeInfo.SaslSupportedMechs; saslSupportedMechs != nil {
    74  		for _, v := range saslSupportedMechs {
    75  			if v == SCRAMSHA256 {
    76  				return v
    77  			}
    78  		}
    79  	}
    80  
    81  	return SCRAMSHA1
    82  }
    83
View as plain text