Add support for the authentication source parameter

[rspeed]

To prevent the duplication of authentication data across databases, MongoDB has two mechanisms to delegate authentication to a specific separate database. Both use a specific key in the system.users collection, but act in the opposite direction. The first method is the otherDBRoles key in the admin database. The value names both the table that receives authentication and the roles assigned to the user. The other method is the userSource key, which goes in any database and simply refers to another database with the same user.

For both methods, when the client authenticates, it has to do so against the other database – admin for the first method, the named DB in the other. To accomplish this in PyMongo, a source parameter is included when calling MongoDB.authenticate.

Adding support for this feature should be fairly straightforward. IT requires the addition of a new config value with a name like PREFIX_SOURCE, as well as parsing the authSource URI parameter. That value is then passed to the authentication method, and that's all there is to it.

[rspeed]

Steps to verify and test:

1. Have a MongoDB server set up with at least two databases and auth enabled in its configuration.
2. In database A create a user and assign normal privileges.
3. In database B create a user with the same username but set userSource instead of pwd, and assign some normal privileges.
4. In an application using flash-pymongo, configure it to attempt to connect to database A using the username and password. Verify that it works.
5. Reconfigure the application to connect to database B instead. Verify that it fails.
6. Add MONGO_AUTH_SOURCE setting to the application, with A as its value. Verify that it works.
7. Reconfigure the application to use MONGO_URI for database B. Verify that it works.

Similar steps may also be taken to verify that otherDBRoles functions, though the mechanism should be identical.

[blade2005]

@rspeed did you ever come up with a way around this? Obviously this wasn't implemented and seeing as how it's been open for over 3 years at this point I doubt it will be.

[rspeed]

Nah, I don't even remember what I was using this for.

[tcco]

Quite unfortunate this is not an added feature. Here is the workaround.

Order of operations:
Instantiate flask_pymongo.PyMongo, lets call the var mongo
Call mongo.init_app(application, config_prefix=application.config['MONGO_CONFIG_PREFIX'])
Under app_context, run mongo.db.authenticate(user, pwd, source='source_db')

Not ideal, would appreciate a cleaner solution.

[dcrosta]

#88 fixed this, and will be released as part of the upcoming 0.5.0 release.