/// <summary>
/// Authenticates a username and password using a specific <see cref="IConnection"/> instance. The password will
/// be encrypted before being sent to the server.
/// </summary>
/// <param name="connection">An implementation of <see cref="IConnection"/> which represents a TCP connection to a Couchbase Server.</param>
/// <param name="username">The username or bucket name to authentic against.</param>
/// <param name="password">The password to authenticate against.</param>
/// <returns>True if succesful.</returns>
public bool Authenticate(IConnection connection, string username, string password)
{
var authenticated = false;
Username = username;
Password = password ?? string.Empty;
var temp = connection;
Log.Debug(m => m("Authenticating socket {0}", temp.Identity));
var operation = new SaslStart(MechanismType, null, _converter);
var result = _ioStrategy.Execute(operation, connection);
if (result.Status == ResponseStatus.AuthenticationContinue)
{
var challenge = result.Message;
var reply = ComputeResponse(challenge);
operation = new SaslStep(MechanismType, reply, _converter);
result = _ioStrategy.Execute(operation, connection);
authenticated = result.Status == ResponseStatus.Success &&
result.Value.Equals("Authenticated");
Log.Debug(m => m("Authentication for socket {0} succeeded.", temp.Identity));
}
if (result.Status == ResponseStatus.AuthenticationError)
{
Log.Debug(m => m("Authentication for socket {0} failed: {1}", temp.Identity, result.Value));
}
return(authenticated);
}
/// <summary>
/// Authenticates a username and password using a specific <see cref="IConnection"/> instance.
/// </summary>
/// <param name="connection">An implementation of <see cref="IConnection"/> which represents a TCP connection to a Couchbase Server.</param>
/// <param name="username">The username or bucket name to authentic against.</param>
/// <param name="password">The password to authenticate against.</param>
/// <returns>True if succesful.</returns>
public bool Authenticate(IConnection connection, string username, string password)
{
var authenticated = false;
var temp = connection;
Log.Debug(m => m("Authenticating socket {0}", temp.Identity));
try
{
var operation = new SaslStart(MechanismType, GetAuthData(username, password), _transcoder, SaslFactory.DefaultTimeout);
var result = _service.Execute(operation, connection);
if (!result.Success &&
result.Status == ResponseStatus.AuthenticationError)
{
Log.Debug(m => m("Authentication for socket {0} failed: {1}", temp.Identity, result.Value));
}
else
{
authenticated = true;
Log.Debug(m => m("Authenticated socket {0} succeeded: {1}", temp.Identity, result.Value));
}
}
catch (Exception e)
{
Log.Error(e);
}
return(authenticated);
}
public void Test_SaslAuthenticate_Returns_Succuss_With_ValidCredentials()
{
var operation = new SaslStart("PLAIN", GetAuthData("authenticated", "secret"), new DefaultTranscoder(), OperationLifespan);
var response = _ioService.Execute(operation);
Assert.AreEqual(ResponseStatus.Success, response.Status);
Assert.IsTrue(response.Success);
}
public void Test_SaslAuthenticate_Returns_Succuss_With_ValidCredentials()
{
var operation = new SaslStart("PLAIN", GetAuthData("authenticated", "secret"), new DefaultTranscoder(), OperationLifespan);
var response = _ioStrategy.Execute(operation);
Assert.AreEqual(ResponseStatus.Success, response.Status);
Assert.IsTrue(response.Success);
}
public void Test_SaslAuthenticate_Returns_Succuss_With_ValidCredentials()
{
var operation = new SaslStart("PLAIN", GetAuthData("authenticated", "secret"), new ManualByteConverter());
var response = _ioStrategy.Execute(operation);
Assert.AreEqual("Authenticated", response.Value);
Assert.AreEqual(ResponseStatus.Success, response.Status);
Assert.IsTrue(response.Success);
}
public void Test_SaslAuthenticate_Returns_AuthFailure_With_InvalidCredentials()
{
var operation = new SaslStart("PLAIN", GetAuthData("foo", "bar"), new DefaultTranscoder(), OperationLifespan);
var response = _ioService.Execute(operation);
Assert.AreEqual("Auth failure", response.Message);
Assert.AreEqual(ResponseStatus.AuthenticationError, response.Status);
Assert.IsFalse(response.Success);
}
public void When_CRAM_MD5_Used_SaslStart_Returns_AuthenticationContinue()
{
var operation = new SaslStart("CRAM-MD5", (VBucket)null, new DefaultTranscoder(), OperationLifespan);
var response = _ioStrategy.Execute(operation);
Assert.IsNotNullOrEmpty(response.Message);
Assert.AreEqual(ResponseStatus.AuthenticationContinue, response.Status);
Assert.IsFalse(response.Success);
}
public void Test_SaslAuthenticate_Returns_AuthFailure_With_InvalidCredentials()
{
var operation = new SaslStart("PLAIN", GetAuthData("foo", "bar"), new DefaultTranscoder(), OperationLifespan);
var response = _ioService.Execute(operation);
Assert.AreEqual("Auth failure", response.Message);
Assert.AreEqual(ResponseStatus.AuthenticationError, response.Status);
Assert.IsFalse(response.Success);
}
public void When_CRAM_MD5_Used_SaslStart_Returns_AuthenticationContinue()
{
var operation = new SaslStart("CRAM-MD5", (VBucket)null, new DefaultTranscoder(), OperationLifespan);
var response = _ioService.Execute(operation);
Assert.That(() => !string.IsNullOrEmpty(response.Message));
Assert.AreEqual(ResponseStatus.AuthenticationContinue, response.Status);
Assert.IsFalse(response.Success);
}
public void Test_SaslAuthenticate_Returns_AuthFailure_With_InvalidCredentials()
{
var operation = new SaslStart("PLAIN", GetAuthData("foo", "bar"), new ManualByteConverter());
var response = _ioStrategy.Execute(operation);
Assert.AreEqual("Auth failure", response.Message);
Assert.AreEqual(ResponseStatus.AuthenticationError, response.Status);
Assert.IsFalse(response.Success);
}
public void When_CRAM_MD5_Used_SaslStart_Returns_AuthenticationContinue()
{
var operation = new SaslStart("CRAM-MD5", null, new ManualByteConverter());
var response = _ioStrategy.Execute(operation);
Assert.IsNotNullOrEmpty(response.Message);
Assert.AreEqual(ResponseStatus.AuthenticationContinue, response.Status);
Assert.IsFalse(response.Success);
}
public void Test_SaslAuthenticate_Returns_Succuss_With_ValidCredentials()
{
var operation = new SaslStart("PLAIN", GetAuthData("authenticated", "secret"), new ManualByteConverter());
var response = _ioStrategy.Execute(operation);
Assert.AreEqual("Authenticated", response.Value);
Assert.AreEqual(ResponseStatus.Success, response.Status);
Assert.IsTrue(response.Success);
}
public void When_CRAM_MD5_Used_SaslStart_Returns_AuthenticationContinue()
{
var operation = new SaslStart("CRAM-MD5", null, new ManualByteConverter());
var response = _ioStrategy.Execute(operation);
Assert.IsNotNullOrEmpty(response.Message);
Assert.AreEqual(ResponseStatus.AuthenticationContinue, response.Status);
Assert.IsFalse(response.Success);
}
public void Test_SaslAuthenticate_Returns_AuthFailure_With_InvalidCredentials()
{
var operation = new SaslStart("PLAIN", GetAuthData("foo", "bar"), new ManualByteConverter());
var response = _ioStrategy.Execute(operation);
Assert.AreEqual("Auth failure", response.Message);
Assert.AreEqual(ResponseStatus.AuthenticationError, response.Status);
Assert.IsFalse(response.Success);
}
protected async Task <string> SaslStart(IConnection connection, string message, CancellationToken token)
{
using var authOp = new SaslStart
{
Key = MechanismType.GetDescription(),
Content = message,
Transcoder = Transcoder,
Timeout = Timeout
};
return(await SendAsync(authOp, connection, token).ConfigureAwait(false));
}
protected async Task <string> SaslStart(IConnection connection, string message, IRequestSpan span, CancellationToken token)
{
using var childSpan = span.ChildSpan(OuterRequestSpans.ServiceSpan.Internal.SaslStart);
using var authOp = new SaslStart
{
Key = MechanismType.GetDescription(),
Content = message,
Timeout = Timeout,
Span = childSpan
};
OperationConfigurator.Configure(authOp, SaslOptions.Instance);
return(await SendAsync(authOp, connection, token).ConfigureAwait(false));
}
protected async Task <string> SaslStart(IConnection connection, string message, IInternalSpan span, CancellationToken token)
{
using var childSpan = Tracer.InternalSpan(OperationNames.SaslStart, span);
using var authOp = new SaslStart
{
Key = MechanismType.GetDescription(),
Content = message,
Transcoder = Transcoder,
Timeout = Timeout,
Span = childSpan
};
return(await SendAsync(authOp, connection, token).ConfigureAwait(false));
}
/// <summary>
/// Authenticates a username and password using a specific <see cref="IConnection"/> instance. The password will
/// be encrypted before being sent to the server.
/// </summary>
/// <param name="connection">An implementation of <see cref="IConnection"/> which represents a TCP connection to a Couchbase Server.</param>
/// <param name="username">The username or bucket name to authentic against.</param>
/// <param name="password">The password to authenticate against.</param>
/// <returns>True if succesful.</returns>
public bool Authenticate(IConnection connection, string username, string password)
{
var authenticated = false;
Username = username;
Password = password ?? string.Empty;
var temp = connection;
Log.Debug(m => m("Authenticating socket {0}", temp.Identity));
var operation = new SaslStart(MechanismType, null, _converter);
var result = _ioStrategy.Execute(operation, connection);
if (result.Status == ResponseStatus.AuthenticationContinue)
{
var challenge = result.Message;
var reply = ComputeResponse(challenge);
operation = new SaslStep(MechanismType, reply, _converter);
result = _ioStrategy.Execute(operation, connection);
}
//even if the request succeeded, if the body doesn't contain 'Authenticated' then auth failed.
authenticated = result.Status == ResponseStatus.Success &&
result.Value.Equals("Authenticated");
if (result.Status == ResponseStatus.AuthenticationError)
{
var tempResult = result;
Log.Debug(m => m("Authentication for socket {0} failed: {1}", temp.Identity, tempResult.Message));
}
else if (result.Status != ResponseStatus.Success)
{
var tempResult = result;
Log.Debug(m => m("Authentication for socket {0} failed for a non-auth related reason: {1} - {2}", temp.Identity, tempResult.Message, tempResult.Status));
if (operation.Exception != null)
{
Log.Debug(m => m("Throwing exception for connection {0}", temp.Identity));
throw operation.Exception;
}
}
else
{
Log.Debug(m => m("Authentication for socket {0} succeeded.", temp.Identity));
}
return(authenticated);
}
public void When_SaslMechinism_Is_Set_On_MultiplexingIOService_And_Authentication_Fails_Return_AuthenticationError()
{
var mockAuthenticator = new Mock<ISaslMechanism>();
mockAuthenticator.Setup(x => x.Authenticate(It.IsAny<IConnection>(), Username, Password))
.Returns(false);
mockAuthenticator.SetupGet(x => x.Username).Returns(BucketName);
var service = new MultiplexingIOService(_connectionPool, mockAuthenticator.Object);
var operation = new SaslStart("PLAIN", GetAuthData(Username, Password), new DefaultTranscoder(), OperationLifespan);
var response = service.Execute(operation);
Assert.AreEqual(string.Format("Authentication failed for bucket '{0}'", BucketName), response.Message);
Assert.AreEqual(ResponseStatus.AuthenticationError, response.Status);
Assert.IsFalse(response.Success);
}
public void When_SaslMechinism_Is_Set_On_MultiplexingIOService_And_Authentication_Fails_Return_AuthenticationError()
{
var mockAuthenticator = new Mock <ISaslMechanism>();
mockAuthenticator.Setup(x => x.Authenticate(It.IsAny <IConnection>(), Username, Password))
.Returns(false);
mockAuthenticator.SetupGet(x => x.Username).Returns(BucketName);
var service = new MultiplexingIOService(_connectionPool, mockAuthenticator.Object);
var operation = new SaslStart("PLAIN", GetAuthData(Username, Password), new DefaultTranscoder(), OperationLifespan);
var response = service.Execute(operation);
Assert.AreEqual(string.Format("Authentication failed for bucket '{0}'", BucketName), response.Message);
Assert.AreEqual(ResponseStatus.AuthenticationError, response.Status);
Assert.IsFalse(response.Success);
}
/// <summary>
/// Authenticates a username and password using a specific <see cref="IConnection"/> instance. The password will
/// be encrypted before being sent to the server.
/// </summary>
/// <param name="connection">An implementation of <see cref="IConnection"/> which represents a TCP connection to a Couchbase Server.</param>
/// <param name="username">The username or bucket name to authentic against.</param>
/// <param name="password">The password to authenticate against.</param>
/// <returns>True if succesful.</returns>
public bool Authenticate(IConnection connection, string username, string password)
{
Username = username;
Password = password ?? string.Empty;
var temp = connection;
var operation = new SaslStart(MechanismType, (VBucket)null, _transcoder, SaslFactory.DefaultTimeout);
Log.Debug("Authenticating socket {0} with opaque {1}", temp.Identity, operation.Opaque);
var result = Execute(operation, connection);
if (result.Status == ResponseStatus.AuthenticationContinue)
{
var challenge = result.Value;
var reply = ComputeResponse(challenge);
operation = new SaslStep(MechanismType, reply, _transcoder, SaslFactory.DefaultTimeout);
result = Execute(operation, connection);
}
if (result.Status == ResponseStatus.AuthenticationError)
{
var tempResult = result;
Log.Debug("Authentication for socket {0} failed: {1}", temp.Identity, tempResult.Message);
}
else if (result.Status != ResponseStatus.Success)
{
var tempResult = result;
Log.Debug("Authentication for socket {0} failed for a non-auth related reason: {1} - {2}", temp.Identity, tempResult.Message, tempResult.Status);
if (operation.Exception != null)
{
Log.Debug("Throwing exception for connection {0}", temp.Identity);
throw operation.Exception;
}
}
else
{
Log.Debug("Authentication for socket {0} succeeded.", temp.Identity);
}
return(result.Status == ResponseStatus.Success);
}
public bool Authenticate(IConnection connection, string username, string password)
{
var authenticated = false;
ClientFirstMessage = "n,,n=" + username + ",r=" + ClientNonce;
ClientFirstMessageBare = ClientFirstMessage.Substring(3);
Log.Debug("Client First Message {0} - {1}: {2} [U:{3}|P:{4}", connection.EndPoint, connection.Identity, ClientFirstMessage, username, password);
var authOp = new SaslStart(MechanismType, ClientFirstMessage, _transcoder, SaslFactory.DefaultTimeout);
var serverFirstResult = Execute(authOp, connection);
if (serverFirstResult.Status == ResponseStatus.AuthenticationContinue)
{
Log.Debug("Server First Message {0} - {1}: {2}", connection.EndPoint, connection.Identity, serverFirstResult.Message);
//get the server nonce, salt and iterationcount from the server
var serverFirstMessage = DecodeResponse(serverFirstResult.Value);
ServerNonce = serverFirstMessage["r"];
Salt = Convert.FromBase64String(serverFirstMessage["s"]);
IterationCount = Convert.ToInt32(serverFirstMessage["i"]);
//normalize and salt the password using the salt and iteration count
var normalizedPassword = password.Normalize(NormalizationForm.FormKC);
SaltedPassword = GetSaltedPassword(normalizedPassword);
//build the final client message
ClientFinalMessageNoProof = "c=biws,r=" + ServerNonce;
ClientFinalMessage = ClientFinalMessageNoProof + ",p=" + Convert.ToBase64String(GetClientProof());
Log.Debug("Client Final Message {0} - {1}: {2}", connection.EndPoint, connection.Identity, ClientFinalMessage);
//send the final client message
authOp = new SaslStep(MechanismType, ClientFinalMessage, _transcoder, SaslFactory.DefaultTimeout);
var serverFinalResult = Execute(authOp, connection);
Log.Debug("Server Final Message {0} - {1}: {2}", connection.EndPoint, connection.Identity, serverFinalResult.Message);
authenticated = serverFinalResult.Status == ResponseStatus.Success;
}
return(authenticated);
}
bool Authenticate(IPooledSocket socket)
{
var isAuthenticated = true;
const int authContinue = 0x21;
SaslStep step = new SaslStart(_provider);
socket.Write(step.GetBuffer());
while (!step.ReadResponse(socket).Success)
{
if (step.StatusCode == authContinue)
{
step = new SaslContinue(_provider, step.Data);
socket.Write(step.GetBuffer());
}
else
{
isAuthenticated = false;
break;
}
}
return(isAuthenticated);
}
/// <summary>
/// Authenticates a username and password using a specific <see cref="IConnection"/> instance.
/// </summary>
/// <param name="connection">An implementation of <see cref="IConnection"/> which represents a TCP connection to a Couchbase Server.</param>
/// <param name="username">The username or bucket name to authentic against.</param>
/// <param name="password">The password to authenticate against.</param>
/// <returns>True if succesful.</returns>
public bool Authenticate(IConnection connection, string username, string password)
{
var authenticated = false;
var temp = connection;
Log.LogDebug("Authenticating socket {0}", temp.Identity);
try
{
var operation = new SaslStart(MechanismType, GetAuthData(username, password), _transcoder, SaslFactory.DefaultTimeout);
var result = _service.Execute(operation, connection);
if (!result.Success &&
result.Status == ResponseStatus.AuthenticationError)
{
Log.LogDebug("Authentication for socket {0} failed: {1}", temp.Identity, result.Value);
}
else
{
authenticated = true;
Log.LogDebug("Authenticated socket {0} succeeded: {1}", temp.Identity, result.Value);
}
}
catch (Exception e)
{
Log.LogError(e.Message, e);
}
return authenticated;
}
/// <summary>
/// Authenticates a username and password using a specific <see cref="IConnection"/> instance. The password will
/// be encrypted before being sent to the server.
/// </summary>
/// <param name="connection">An implementation of <see cref="IConnection"/> which represents a TCP connection to a Couchbase Server.</param>
/// <param name="username">The username or bucket name to authentic against.</param>
/// <param name="password">The password to authenticate against.</param>
/// <returns>True if succesful.</returns>
public bool Authenticate(IConnection connection, string username, string password)
{
Username = username;
Password = password ?? string.Empty;
var temp = connection;
var operation = new SaslStart(MechanismType, (VBucket)null, _transcoder, SaslFactory.DefaultTimeout);
Log.LogDebug("Authenticating socket {0} with opaque {1}", temp.Identity, operation.Opaque);
var result = _ioService.Execute(operation, connection);
if (result.Status == ResponseStatus.AuthenticationContinue)
{
var challenge = result.Message;
var reply = ComputeResponse(challenge);
operation = new SaslStep(MechanismType, reply, _transcoder, SaslFactory.DefaultTimeout);
result = _ioService.Execute(operation, connection);
}
if (result.Status == ResponseStatus.AuthenticationError)
{
var tempResult = result;
Log.LogDebug("Authentication for socket {0} failed: {1}", temp.Identity, tempResult.Message);
}
else if (result.Status != ResponseStatus.Success)
{
var tempResult = result;
Log.LogDebug("Authentication for socket {0} failed for a non-auth related reason: {1} - {2}", temp.Identity, tempResult.Message, tempResult.Status);
if (operation.Exception != null)
{
Log.LogDebug("Throwing exception for connection {0}", temp.Identity);
throw operation.Exception;
}
}
else
{
Log.LogDebug("Authentication for socket {0} succeeded.", temp.Identity);
}
return result.Status == ResponseStatus.Success;
}
/// <summary>
/// Authenticates a username and password using a specific <see cref="IConnection"/> instance.
/// </summary>
/// <param name="connection">An implementation of <see cref="IConnection"/> which represents a TCP connection to a Couchbase Server.</param>
/// <param name="username">The username or bucket name to authentic against.</param>
/// <param name="password">The password to authenticate against.</param>
/// <returns>True if succesful.</returns>
public bool Authenticate(IConnection connection, string username, string password)
{
var authenticated = false;
var temp = connection;
Log.Debug(m => m("Authenticating socket {0}", temp.Identity));
try
{
var operation = new SaslStart(MechanismType, GetAuthData(username, password), _converter);
var result = _strategy.Execute(operation, connection);
if (!result.Success &&
result.Status == ResponseStatus.AuthenticationError)
{
Log.Debug(m => m("Authentication for socket {0} failed: {1}", temp.Identity, result.Value));
}
else
{
authenticated = true;
Log.Debug(m => m("Authenticated socket {0} succeeded: {1}", temp.Identity, result.Value));
}
}
catch (Exception e)
{
Log.Error(e);
}
return authenticated;
}
/// <summary>
/// Authenticates a username and password using a specific <see cref="IConnection"/> instance. The password will
/// be encrypted before being sent to the server.
/// </summary>
/// <param name="connection">An implementation of <see cref="IConnection"/> which represents a TCP connection to a Couchbase Server.</param>
/// <param name="username">The username or bucket name to authentic against.</param>
/// <param name="password">The password to authenticate against.</param>
/// <returns>True if succesful.</returns>
public bool Authenticate(IConnection connection, string username, string password)
{
var authenticated = false;
Username = username;
Password = password ?? string.Empty;
var temp = connection;
Log.Debug(m => m("Authenticating socket {0}", temp.Identity));
var operation = new SaslStart(MechanismType, null, _converter);
var result = _ioStrategy.Execute(operation, connection);
if (result.Status == ResponseStatus.AuthenticationContinue)
{
var challenge = result.Message;
var reply = ComputeResponse(challenge);
operation = new SaslStep(MechanismType, reply, _converter);
result = _ioStrategy.Execute(operation, connection);
}
authenticated = result.Status == ResponseStatus.Success &&
result.Value.Equals("Authenticated");
if (result.Status == ResponseStatus.AuthenticationError)
{
var tempResult = result;
Log.Debug(m => m("Authentication for socket {0} failed: {1}", temp.Identity, tempResult.Message));
}
else if (result.Status != ResponseStatus.Success)
{
var tempResult = result;
Log.Debug(m => m("Authentication for socket {0} failed: {1}", temp.Identity, tempResult.Message));
if (operation.Exception != null)
{
throw operation.Exception;
}
}
else
{
Log.Debug(m => m("Authentication for socket {0} succeeded.", temp.Identity));
}
return authenticated;
}
