Added support for mechanism plugins for Sasl handler
Project: http://git-wip-us.apache.org/repos/asf/tinkerpop/repo Commit: http://git-wip-us.apache.org/repos/asf/tinkerpop/commit/7a5cb9c8 Tree: http://git-wip-us.apache.org/repos/asf/tinkerpop/tree/7a5cb9c8 Diff: http://git-wip-us.apache.org/repos/asf/tinkerpop/diff/7a5cb9c8 Branch: refs/heads/master Commit: 7a5cb9c8053dbd303f70f5bbca95dcde528cf886 Parents: bdecf85 Author: Matthew Allen <matt.al...@runbox.com> Authored: Sun Jul 29 15:59:08 2018 +0100 Committer: Matthew Allen <matt.al...@runbox.com> Committed: Thu Aug 23 06:39:26 2018 +0100 ---------------------------------------------------------------------- .../auth/mechanisms/sasl-mechanism-base.js | 36 +++++++++++++++++++ .../auth/mechanisms/sasl-mechanism-plain.js | 37 ++++++++++++++++++++ .../lib/driver/driver-remote-connection.js | 2 +- .../lib/driver/sasl-authenticator.js | 28 +++++++-------- .../gremlin-javascript/test/helper.js | 11 ++++-- 5 files changed, 97 insertions(+), 17 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/7a5cb9c8/gremlin-javascript/src/main/javascript/gremlin-javascript/lib/driver/auth/mechanisms/sasl-mechanism-base.js ---------------------------------------------------------------------- diff --git a/gremlin-javascript/src/main/javascript/gremlin-javascript/lib/driver/auth/mechanisms/sasl-mechanism-base.js b/gremlin-javascript/src/main/javascript/gremlin-javascript/lib/driver/auth/mechanisms/sasl-mechanism-base.js new file mode 100644 index 0000000..4b75778 --- /dev/null +++ b/gremlin-javascript/src/main/javascript/gremlin-javascript/lib/driver/auth/mechanisms/sasl-mechanism-base.js @@ -0,0 +1,36 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +'use strict'; + +/** @abstract */ +class SaslMechanismBase { + get name() { + return null; + } + + setopts(options) { + this._options = options; + } + + evaluateChallenge(challenge) { + throw new Error("evaluateChallenge should be implemented"); + } +} + +module.exports = SaslMechanismBase; \ No newline at end of file http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/7a5cb9c8/gremlin-javascript/src/main/javascript/gremlin-javascript/lib/driver/auth/mechanisms/sasl-mechanism-plain.js ---------------------------------------------------------------------- diff --git a/gremlin-javascript/src/main/javascript/gremlin-javascript/lib/driver/auth/mechanisms/sasl-mechanism-plain.js b/gremlin-javascript/src/main/javascript/gremlin-javascript/lib/driver/auth/mechanisms/sasl-mechanism-plain.js new file mode 100644 index 0000000..be418be --- /dev/null +++ b/gremlin-javascript/src/main/javascript/gremlin-javascript/lib/driver/auth/mechanisms/sasl-mechanism-plain.js @@ -0,0 +1,37 @@ +'use strict'; + +const SaslMechanismBase = require('./sasl-mechanism-base'); + +class SaslMechanismPlain extends SaslMechanismBase { + get name() { + return 'PLAIN'; + } + + evaluateChallenge(challenge) { + if (this._hasInitialResponse(challenge)) { + return Promise.resolve({ 'saslMechanism': this.name, 'sasl': this._saslArgument() }); + } + + return Promise.resolve({ 'sasl': this._saslArgument() }); + } + + _saslArgument() { + if (this._options.username === undefined || this._options.username.length === 0 + || this._options.password === undefined || this._options.password.length === 0 ) { + throw new Error('No Credentials Supplied'); + } + + const authstr = ((this._options.authId !== undefined && this._options.authId.length) ? this._options.authId : '') + + `\0${this._options.username}\0${this._options.password}`; + return new Buffer(authstr).toString('base64'); + } + + _hasInitialResponse(challenge) { + if (challenge === undefined || challenge === null) { + return false; + } + return true; + } +} + +module.exports = SaslMechanismPlain; \ No newline at end of file http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/7a5cb9c8/gremlin-javascript/src/main/javascript/gremlin-javascript/lib/driver/driver-remote-connection.js ---------------------------------------------------------------------- diff --git a/gremlin-javascript/src/main/javascript/gremlin-javascript/lib/driver/driver-remote-connection.js b/gremlin-javascript/src/main/javascript/gremlin-javascript/lib/driver/driver-remote-connection.js index c60492e..04deee7 100644 --- a/gremlin-javascript/src/main/javascript/gremlin-javascript/lib/driver/driver-remote-connection.js +++ b/gremlin-javascript/src/main/javascript/gremlin-javascript/lib/driver/driver-remote-connection.js @@ -163,7 +163,7 @@ class DriverRemoteConnection extends RemoteConnection { } if (response.status.code === responseStatusCode.authenticationChallenge && this._authenticator) { - this._authenticator.evaluateChallenge(response).then(res => { + this._authenticator.evaluateChallenge(response.result.data).then(res => { return this.submit(null, 'authentication', res, response.requestId); }).catch(handler.callback); http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/7a5cb9c8/gremlin-javascript/src/main/javascript/gremlin-javascript/lib/driver/sasl-authenticator.js ---------------------------------------------------------------------- diff --git a/gremlin-javascript/src/main/javascript/gremlin-javascript/lib/driver/sasl-authenticator.js b/gremlin-javascript/src/main/javascript/gremlin-javascript/lib/driver/sasl-authenticator.js index fb4c5af..4b63ab5 100644 --- a/gremlin-javascript/src/main/javascript/gremlin-javascript/lib/driver/sasl-authenticator.js +++ b/gremlin-javascript/src/main/javascript/gremlin-javascript/lib/driver/sasl-authenticator.js @@ -5,25 +5,25 @@ const Authenticator = require('./authenticator'); class SaslAuthenticator extends Authenticator { /** * Creates a new instance of SaslAuthenticator. - * @param {Object} [credentials] The authentication credential options. - * @param {String} [credentials.username] The user for the authentication response. - * @param {String} [credentials.password] The plaintext password for authentication response. + * @param {Object} [options] The authentication options. + * @param {Object} [options.mechanism] The mechanism to be used for authentication. + * @param {String} [options.hostname] The hostname of the client. + * @param {*} [options] Other mechanism specific options. * @constructor */ - constructor(credentials) { - super(credentials); + constructor(options) { + super(options); + + if (options.mechanism === null || options.mechanism === undefined) { + throw new Error('No Sasl Mechanism Specified'); + } + + this._options = options; + this._options.mechanism.setopts(this._options); } evaluateChallenge(challenge) { - return Promise.resolve({ 'sasl': this.saslArgument() }); - } - - saslArgument() { - if (typeof this._credentials.username === "undefined" || this._credentials.username.length === 0 - || typeof this._credentials.password === "undefined" || this._credentials.password.length === 0 ) { - throw new Error('No Credentials Supplied'); - } - return new Buffer(`\0${this._credentials.username}\0${this._credentials.password}`).toString('base64'); + return Promise.resolve(this._options.mechanism.evaluateChallenge(challenge)); } } http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/7a5cb9c8/gremlin-javascript/src/main/javascript/gremlin-javascript/test/helper.js ---------------------------------------------------------------------- diff --git a/gremlin-javascript/src/main/javascript/gremlin-javascript/test/helper.js b/gremlin-javascript/src/main/javascript/gremlin-javascript/test/helper.js index 5a90296..25e9557 100644 --- a/gremlin-javascript/src/main/javascript/gremlin-javascript/test/helper.js +++ b/gremlin-javascript/src/main/javascript/gremlin-javascript/test/helper.js @@ -21,14 +21,21 @@ * @author Jorge Bay Gondra */ 'use strict'; +const os = require('os'); const DriverRemoteConnection = require('../lib/driver/driver-remote-connection'); +const SaslAuthenticator = require('../lib/driver/sasl-authenticator'); +const SaslMechanismPlain = require('../lib/driver/auth/mechanisms/sasl-mechanism-plain'); exports.getConnection = function getConnection(traversalSource) { return new DriverRemoteConnection('ws://localhost:45940/gremlin', { traversalSource: traversalSource }); }; exports.getSecureConnectionWithAuthenticator = function getConnection(traversalSource) { - const authenticator = new SaslAuthenticator({ username: 'stephen', password: 'password' }); - return new DriverRemoteConnection('ws://localhost:45941/gremlin', { traversalSource: traversalSource, authenticator: authenticator, rejectUnauthorized: false }); + const authenticator = new SaslAuthenticator({ mechanism: new SaslMechanismPlain(), username: 'stephen', password: 'password', authId: os.hostname() }); + return new DriverRemoteConnection('wss://localhost:45941/gremlin', { + traversalSource: traversalSource, + authenticator: authenticator, + rejectUnauthorized: false + }); }; \ No newline at end of file