Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add MONGO-CR authentication support #4

Closed
wants to merge 10 commits into from
Closed

Add MONGO-CR authentication support #4

wants to merge 10 commits into from

Conversation

paulnues
Copy link
Contributor

The following Pull Request includes code changes that will add MONGO-CR authentication support.

@paulnues
Copy link
Contributor Author

Also, this PR makes config_port optional as pymongo will default to use port 27017 if a port number is not given.

@coveralls
Copy link

Coverage Status

Coverage decreased (-1.97%) when pulling 19210c1 on paulnues:master into 1312e0d on shakefu:master.

shakefu
shakefu reviewed Jun 18, 2014
View reviewed changes
test/test_humbledb/test_mongo.py
@@ -8,7 +10,8 @@


def teardown():
DBTest.connection.drop_database(database_name())
DBTest.authenticate(database_name(), username='authuser', password='pass1')
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this line supposed to be in here? Or is it a leftover from testing?

@shakefu
Copy link
Owner

shakefu commented Jun 18, 2014

I'm a bit confused about the usage of humbledb.use_authentication - it seems redundant to the config_auth setting itself?

@paulnues
Copy link
Contributor Author

It was more of a design choice because there was no way to avoid skipping
the test_auth.py unit test suite if Mongo authentication was turned off.
Mongo/Pymongo has no way of letting you know via a command that it has
auth turned on.

On Wed, Jun 18, 2014 at 4:18 PM, shakefu notifications@github.com wrote:

I'm a bit confused about the usage of humbledb.use_authentication - it
seems redundant to the config_auth setting itself?


Reply to this email directly or view it on GitHub
#4 (comment).

[image: Paul Nues on about.me]

Paul Nues
about.me/paul.nues
http://about.me/paul.nues

@shakefu
Copy link
Owner

shakefu commented Jun 18, 2014

Would it be possible to try to connect or perform an auth'd command in setup() in the test_auth suite and catch the exception? I think they give you an explicit "unauthorized" message, in the OperationFailure, IIRC.

@paulnues
Copy link
Contributor Author

Also, I found it useful have an explicit configuration toggle for
authentication as I found it useful to add the code in first and then flip
a "main switch" to turn authentication at a later time when all the
Document models were ready with authentication pieces in place. It was a
decision based on current production needs more than anything else.

On Wed, Jun 18, 2014 at 4:27 PM, Paul N paul@team.about.me wrote:

It was more of a design choice because there was no way to avoid skipping
the test_auth.py unit test suite if Mongo authentication was turned off.
Mongo/Pymongo has no way of letting you know via a command that it has
auth turned on.

On Wed, Jun 18, 2014 at 4:18 PM, shakefu notifications@github.com wrote:

I'm a bit confused about the usage of humbledb.use_authentication - it
seems redundant to the config_auth setting itself?


Reply to this email directly or view it on GitHub
#4 (comment).

[image: Paul Nues on about.me]

Paul Nues
about.me/paul.nues
http://about.me/paul.nues

[image: Paul Nues on about.me]

Paul Nues
about.me/paul.nues
http://about.me/paul.nues

@shakefu
Copy link
Owner

shakefu commented Jun 18, 2014

In production we should be using a pyconfig.Setting for auth, which would just as easily flip to enable/disable auth:

config_auth = pyconfig.setting('db.site.config_auth', None)

Edit: Crappy pyconfig key name, but you get the idea.

@coveralls
Copy link

Coverage Status

Coverage decreased (-1.18%) when pulling 6d0a4cb on paulnues:master into e1e6d4b on shakefu:master.

@coveralls
Copy link

Coverage Status

Coverage decreased (-1.46%) when pulling b8bb2cf on paulnues:master into e1e6d4b on shakefu:master.

shakefu
shakefu reviewed Jun 19, 2014
View reviewed changes
humbledb/mongo.py
.. versionadded: 5.2.0
"""
# Having no credentials makes this call a noop.
if not cls.config_auth:
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pretty sure this line should be:

if not cls.config_auth and not username and password:

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm. What's there now should be right.

Most of the time, we will have a Document that does not have it's own
config_auth parameter. In this case, the username and password coming in
will be empty. If the username and password come in empty, then the
default Mongo.config_auth will be used. If no Mongo.config_auth was
declared from the beginning, then it's assumed that all database
connections won't be authenticated. All authenticate() calls will be
ignored.

On Thu, Jun 19, 2014 at 11:45 AM, shakefu notifications@github.com wrote:

In humbledb/mongo.py:

@@ -113,6 +121,38 @@ def reconnect(cls):
cls._connection.disconnect()
cls._connection = cls._new_connection()

  • def authenticate(cls, database, username=None, password=None):
  •    """ Delegates authentication to be the responsibility of the

  •        context manager.

  •        .. versionadded: 5.2.0

  •    """

  •    # Having no credentials makes this call a noop.

  •    if not cls.config_auth:

Pretty sure this line should be:

if not cls.config_auth and not username and password:


Reply to this email directly or view it on GitHub
https://github.com/shakefu/humbledb/pull/4/files#r13985911.

[image: Paul Nues on about.me]

Paul Nues
about.me/paul.nues
http://about.me/paul.nues

@coveralls
Copy link

Coverage Status

Coverage decreased (-1.46%) when pulling 7e52462 on paulnues:master into e1e6d4b on shakefu:master.

@paulnues
Copy link
Contributor Author

Let's find a better solution for this.

@paulnues paulnues closed this Jun 26, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@paulnues @coveralls @shakefu