Feature/172 x509 support (#364)

Ahmadre · web-flow · commit 423fbe1a3768 · 2024-02-21T20:56:16.000+01:00
* Add MONGODB_X509 Authenticator

* Add X509 to AuthenticationScheme

* Extend db to accept x509

* Fix ConnectionManager to accept passwordless authentication

* Update Dart sdk: "&gt;=3.3.0 &lt;4.0.0"
diff --git a/lib/mongo_dart.dart b/lib/mongo_dart.dart
@@ -26,6 +26,7 @@ import 'package:bson/src/types/bson_map.dart';
 // ignore: implementation_imports
 import 'package:bson/src/types/bson_string.dart';
 import 'package:logging/logging.dart';
+import 'package:mongo_dart/src/auth/mongodb_x509_authenticator.dart';
 import 'package:uuid/uuid.dart';
 import 'package:mongo_dart/src/auth/scram_sha256_authenticator.dart';
 import 'package:mongo_dart/src/database/cursor/modern_cursor.dart';
diff --git a/lib/src/auth/auth.dart b/lib/src/auth/auth.dart
@@ -1,13 +1,14 @@
 //part of mongo_dart;
 import 'package:mongo_dart/mongo_dart.dart' show Connection, Db, MongoDartError;
+import 'package:mongo_dart/src/auth/mongodb_x509_authenticator.dart';
 import 'package:sasl_scram/sasl_scram.dart' show UsernamePasswordCredential;
 
 import 'mongodb_cr_authenticator.dart';
 import 'scram_sha1_authenticator.dart';
 import 'scram_sha256_authenticator.dart';
 
 // ignore: constant_identifier_names
-enum AuthenticationScheme { MONGODB_CR, SCRAM_SHA_1, SCRAM_SHA_256 }
+enum AuthenticationScheme { MONGODB_CR, SCRAM_SHA_1, SCRAM_SHA_256, X509 }
 
 abstract class Authenticator {
   Authenticator();
@@ -21,6 +22,8 @@ abstract class Authenticator {
         return ScramSha1Authenticator(credentials, db);
       case AuthenticationScheme.SCRAM_SHA_256:
         return ScramSha256Authenticator(credentials, db);
+      case AuthenticationScheme.X509:
+        return MongoDbX509Authenticator(credentials.username, db);
       default:
         throw MongoDartError("Authenticator wasn't specified");
     }
diff --git a/lib/src/auth/mongodb_x509_authenticator.dart b/lib/src/auth/mongodb_x509_authenticator.dart
@@ -0,0 +1,33 @@
+//part of mongo_dart;
+import 'package:mongo_dart/mongo_dart.dart'
+    show Connection, Db, DbCommand, MongoQueryMessage;
+import 'package:mongo_dart/src/auth/auth.dart';
+
+class MongoDbX509Authenticator extends Authenticator {
+  MongoDbX509Authenticator(this.username, this.db) : super();
+
+  static final String name = 'MONGODB-X509';
+
+  final Db db;
+  final String? username;
+
+  @override
+  Future authenticate(Connection connection) {
+    var command = createMongoDbX509AuthenticationCommand(db, username);
+    return db
+        .executeDbCommand(command, connection: connection)
+        .then((res) => res['ok'] == 1);
+  }
+
+  static DbCommand createMongoDbX509AuthenticationCommand(
+      Db db, String? username) {
+    var selector = {
+      'authenticate': 1,
+      'mechanism': name,
+      if (username != null && username.isNotEmpty) 'user': username,
+    };
+
+    return DbCommand(db.authSourceDb ?? db, DbCommand.SYSTEM_COMMAND_COLLECTION,
+        MongoQueryMessage.OPTS_NONE, 0, 0, selector, null);
+  }
+}
diff --git a/lib/src/database/db.dart b/lib/src/database/db.dart
@@ -392,6 +392,8 @@ class Db {
       _authenticationScheme = AuthenticationScheme.SCRAM_SHA_256;
     } else if (authenticationSchemeName == MongoDbCRAuthenticator.name) {
       _authenticationScheme = AuthenticationScheme.MONGODB_CR;
+    } else if (authenticationSchemeName == MongoDbX509Authenticator.name) {
+      _authenticationScheme = AuthenticationScheme.X509;
     } else {
       throw MongoDartError('Provided authentication scheme is '
           'not supported : $authenticationSchemeName');
@@ -727,7 +729,7 @@ class Db {
         .toList();
   }
 
-  Future<bool> authenticate(String userName, String password,
+  Future<bool> authenticate(String? userName, String? password,
       {Connection? connection}) async {
     var credential = UsernamePasswordCredential()
       ..username = userName
diff --git a/lib/src/network/connection_manager.dart b/lib/src/network/connection_manager.dart
@@ -90,12 +90,12 @@ class ConnectionManager {
         db._authenticationScheme = AuthenticationScheme.MONGODB_CR;
       }
     }
-    if (connection.serverConfig.userName == null) {
+    if (connection.serverConfig.isAuthenticated) {
       _log.fine(() => '$db: ${connection.serverConfig.hostUrl} connected');
     } else {
       try {
-        await db.authenticate(connection.serverConfig.userName!,
-            connection.serverConfig.password ?? '',
+        await db.authenticate(connection.serverConfig.userName,
+            connection.serverConfig.password,
             connection: connection);
         _log.fine(() => '$db: ${connection.serverConfig.hostUrl} connected');
       } catch (e) {
diff --git a/pubspec.yaml b/pubspec.yaml
@@ -4,7 +4,7 @@ description: MongoDB driver, implemented in pure Dart. All CRUD operations, aggr
 homepage: https://github.com/mongo-dart/mongo_dart
 
 environment:
-  sdk: ">=2.17.0 <4.0.0"
+  sdk: ">=3.3.0 <4.0.0"
 
 dependencies:
   bson: ^5.0.0
