From d02cb161fbaa3357fe34d84ba7e8046611d3cb83 Mon Sep 17 00:00:00 2001 From: Matt Spaulding Date: Thu, 18 May 2017 08:00:51 -0700 Subject: [PATCH] Add PLAIN LDAP authentication support --- src/robomongo/core/engine/ScriptEngine.cpp | 35 +++++++++++++------ src/robomongo/core/mongodb/MongoWorker.cpp | 29 ++++++++++----- .../gui/dialogs/ConnectionAuthTab.cpp | 1 + 3 files changed, 46 insertions(+), 19 deletions(-) diff --git a/src/robomongo/core/engine/ScriptEngine.cpp b/src/robomongo/core/engine/ScriptEngine.cpp index d45a3160f..a63ed9d05 100644 --- a/src/robomongo/core/engine/ScriptEngine.cpp +++ b/src/robomongo/core/engine/ScriptEngine.cpp @@ -78,21 +78,36 @@ namespace Robomongo std::stringstream ss; auto hostAndPort = serverAddr.empty() ? _connection->hostAndPort().toString() : serverAddr; - ss << "db = connect('" << hostAndPort << "/" << connectDatabase; + ss << "db = connect('" << hostAndPort << "/" << connectDatabase << "')\n"; // v0.9 // ss << "db = connect('" << _connection->serverHost() << ":" << _connection->serverPort() << _connection->sslInfo() << _connection->sshInfo() << "/" << connectDatabase; - - if (!_connection->hasEnabledPrimaryCredential()) - ss << "')"; - else - ss << "', '" - << _connection->primaryCredential()->userName() << "', '" - << _connection->primaryCredential()->userPassword() << "')"; - { mongo::shell_utils::_dbConnect = ss.str(); - mongo::shell_utils::_dbAuth = "(function() { \nDB.prototype._defaultGssapiServiceName = \"mongodb\";\n}())"; + std::stringstream authStringStream; + authStringStream << "(function() {\n"; + if (!_connection->primaryCredential()->mechanism().empty()) { + authStringStream << "DB.prototype._defaultAuthenticationMechanism = \"" + << _connection->primaryCredential()->mechanism() << "\";\n"; + } + authStringStream << "DB.prototype._defaultGssapiServiceName = \"mongodb\";\n"; + authStringStream << "var username = \"" << _connection->primaryCredential()->userName() << "\";\n"; + authStringStream << "var password = \"" << _connection->primaryCredential()->userPassword() << "\";\n"; + if (_connection->primaryCredential()->databaseName().empty()) { + authStringStream << "var authDb = db;\n"; + } else { + authStringStream << "var authDb = db.getSiblingDB(\"" + << _connection->primaryCredential()->databaseName() << "\");\n"; + } + authStringStream << "authDb.auth({ user: username"; + authStringStream << ", pwd: password"; + if (_connection->primaryCredential()->mechanism() == "PLAIN") { + authStringStream << ", digestPassword: false"; + } + authStringStream << ", mechanism: \"" << _connection->primaryCredential()->mechanism() << "\" });\n"; + authStringStream << "}())"; + + mongo::shell_utils::_dbAuth = authStringStream.str(); // v0.9 // mongo::isShell = true; diff --git a/src/robomongo/core/mongodb/MongoWorker.cpp b/src/robomongo/core/mongodb/MongoWorker.cpp index 07a7a5235..59b314bf9 100644 --- a/src/robomongo/core/mongodb/MongoWorker.cpp +++ b/src/robomongo/core/mongodb/MongoWorker.cpp @@ -210,20 +210,31 @@ namespace Robomongo CredentialSettings *credentials = _connSettings->primaryCredential(); // Building BSON object: - mongo::BSONObj authParams(mongo::BSONObjBuilder() - .append("user", credentials->userName()) - .append("db", credentials->databaseName()) - .append("pwd", credentials->userPassword()) - .append("mechanism", credentials->mechanism()) - .obj()); - - conn->auth(authParams); + if (credentials->mechanism() == "PLAIN") { + mongo::BSONObj authParams(mongo::BSONObjBuilder() + .append("user", credentials->userName()) + .append("db", credentials->databaseName()) + .append("pwd", credentials->userPassword()) + .append("mechanism", credentials->mechanism()) + .append("digestPassword", false) + .obj()); + conn->auth(authParams); + } else { + mongo::BSONObj authParams(mongo::BSONObjBuilder() + .append("user", credentials->userName()) + .append("db", credentials->databaseName()) + .append("pwd", credentials->userPassword()) + .append("mechanism", credentials->mechanism()) + .obj()); + + conn->auth(authParams); + } // If authentication succeed and database name is 'admin' - // then user is admin, otherwise user is not admin std::string dbName = credentials->databaseName(); std::transform(dbName.begin(), dbName.end(), dbName.begin(), ::tolower); - if (dbName.compare("admin") != 0) // dbName is NOT "admin" + if (dbName.compare("admin") != 0 && dbName.compare("$external") != 0) // dbName is NOT "admin" _isAdmin = false; } diff --git a/src/robomongo/gui/dialogs/ConnectionAuthTab.cpp b/src/robomongo/gui/dialogs/ConnectionAuthTab.cpp index 99c9e5e7e..6f9e49b07 100644 --- a/src/robomongo/gui/dialogs/ConnectionAuthTab.cpp +++ b/src/robomongo/gui/dialogs/ConnectionAuthTab.cpp @@ -40,6 +40,7 @@ namespace Robomongo _mechanismComboBox = new QComboBox(); _mechanismComboBox->addItem("SCRAM-SHA-1"); _mechanismComboBox->addItem("MONGODB-CR"); + _mechanismComboBox->addItem("PLAIN"); _useAuth = new QCheckBox("Perform authentication"); _useAuth->setStyleSheet("margin-bottom: 7px");