No authentication system ?
syrm opened this issue · comments
There is no authentication system ?
I noticed this as well, however I haven't had a chance to set a password on mongodb to see if this makes it ask for the password.
+1
I think this should be actually very easy to implemented. I fooled around a little to see what needs to be done. Too bad the build system (build) doesn't work on Windows, which is my preferred development platform.
So basically something like this would need to be done:
Add username and password fields to HTML template at templates/connect.jade, like:
input#username.small-modal-box(type="text", placeholder="Username (optional)", value="")
input#password.small-modal-box(type="password", placeholder="Password (optional)", value="")
Pass data from form to in client/js/routes/connect.coffee
username = $('#username').val()
password = $('#password').val()
server.connect host, port, database, username, password, (err, okay) ->
If username and password are present, run authentication in lib/services/connect.coffee. Not sure about this, but something like:
dbt.open (err, db) ->
return res.send err if err?
res.socket.mongo.database = db
if not username or not password
db.admin (err, admin) ->
return res.send err if err?
res.socket.mongo.admin = admin
return res.send null, true
else
db.authenticate username, password, ((err, success) ->
return res.send err if err?
db.admin (err, admin) ->
return res.send err if err?
res.socket.mongo.admin = admin
return res.send null, true
)
@jsalonen can you submit those changes as a pull request? Sorry for the delay github didn't notify me of any issues on this repo
@contra I could, but I didn't get your build system running on Windows so I wasn't able to test if it even works :) I'm guessing those snippets could be helpful, but I'm not sure if they are suffient to make the code work.
I'm switching everything over to mongoskin so you can pass a standard mongoose-style URL vs. putting in everything by hand. mongodb://user:pass@host:port/?options
Fixed in 0.0.9