CDRIVER-2258 Import authentication spec tests

Author: bjori

src/mongoc/mongoc-uri.c

@@ -632,7 +632,6 @@ bool
 mongoc_uri_option_is_utf8 (const char *key)
 {
    return !strcasecmp (key, MONGOC_URI_APPNAME) ||
-          !strcasecmp (key, MONGOC_URI_GSSAPISERVICENAME) ||
           !strcasecmp (key, MONGOC_URI_REPLICASET) ||
           !strcasecmp (key, MONGOC_URI_READPREFERENCE) ||
           !strcasecmp (key, MONGOC_URI_SSLCLIENTCERTIFICATEKEYFILE) ||
@@ -751,6 +750,18 @@ mongoc_uri_parse_option (mongoc_uri_t *uri, const char *str)
          MONGOC_WARNING ("Overwriting previously provided value for '%s'", key);
       }
       mongoc_read_concern_set_level (uri->read_concern, value);
+   } else if (!strcmp (lkey, MONGOC_URI_GSSAPISERVICENAME)) {
+      char *tmp = bson_strdup_printf ("SERVICE_NAME:%s", value);
+      if (bson_has_field (&uri->credentials,
+                          MONGOC_URI_AUTHMECHANISMPROPERTIES)) {
+         MONGOC_WARNING (
+            "authMechanismProperties SERVICE_NAME already set, ignoring '%s'",
+            lkey);
+      } else if (!mongoc_uri_parse_auth_mechanism_properties (uri, tmp)) {
+         bson_free (tmp);
+         goto UNSUPPORTED_VALUE;
+      }
+      bson_free (tmp);
    } else if (!strcmp (lkey, MONGOC_URI_AUTHMECHANISMPROPERTIES)) {
       if (bson_has_field (&uri->credentials, lkey)) {
          MONGOC_WARNING ("Overwriting previously provided value for '%s'", key);
@@ -853,6 +864,15 @@ mongoc_uri_finalize_auth (mongoc_uri_t *uri, bson_error_t *error)
                &uri->credentials, MONGOC_URI_AUTHSOURCE, -1, "$external", -1);
          }
       }
+      /* MONGODB-X509 is the only mechanism that doesn't require username */
+      if (strcasecmp (mechanism, "MONGODB-X509")) {
+         if (!mongoc_uri_get_username (uri)) {
+            MONGOC_URI_ERROR (error,
+                              "'%s' authentication mechanism requires username",
+                              mechanism);
+            return false;
+         }
+      }
    }
    return true;
 }

tests/json/auth/connection-string.json

@@ -0,0 +1,291 @@
+{
+	"tests": [
+		{
+			"description": "should use the default source and mechanism",
+			"uri": "mongodb://user:password@localhost",
+			"hosts": [],
+			"valid": true,
+			"warning": false,
+			"auth": {
+				"db": "admin"
+			},
+			"options": null
+		},
+		{
+			"description": "should use the database when no authSource is specified",
+			"uri": "mongodb://user:password@localhost/foo",
+			"hosts": [],
+			"valid": true,
+			"warning": false,
+			"auth": {
+				"db": "foo"
+			},
+			"options": null
+		},
+		{
+			"description": "should use the authSource when specified",
+			"uri": "mongodb://user:password@localhost/foo?authSource=bar",
+			"hosts": [],
+			"valid": true,
+			"warning": false,
+			"auth": {
+				"db": "bar"
+			},
+			"options": null
+		},
+		{
+			"description": "should recognize an empty password",
+			"uri": "mongodb://user:@localhost",
+			"hosts": [],
+			"valid": true,
+			"warning": false,
+			"auth": {
+				"username": "user",
+				"password": ""
+			},
+			"options": null
+		},
+		{
+			"description": "should recognize no password",
+			"uri": "mongodb://user@localhost",
+			"hosts": [],
+			"valid": true,
+			"warning": false,
+			"auth": {
+				"username": "user",
+				"password": null
+			},
+			"options": null
+		},
+		{
+			"description": "should recognize no password",
+			"uri": "mongodb://user@localhost",
+			"hosts": [],
+			"valid": true,
+			"warning": false,
+			"auth": {
+				"username": "user",
+				"password": null
+			},
+			"options": null
+		},
+		{
+			"description": "should recognize a url escaped character in the username",
+			"uri": "mongodb://user%40DOMAIN.COM:password@localhost",
+			"hosts": [],
+			"valid": true,
+			"warning": false,
+			"auth": {
+				"username": "user@DOMAIN.COM"
+			},
+			"options": null
+		},
+		{
+			"description": "should recognize the mechanism",
+			"uri": "mongodb://user@localhost/?authMechanism=GSSAPI",
+			"hosts": [],
+			"valid": true,
+			"warning": false,
+			"auth": null,
+			"options": {
+				"authmechanism": "GSSAPI"
+			}
+		},
+		{
+			"description": "should use $external as the source",
+			"uri": "mongodb://user%40DOMAIN.COM:password@localhost/?authMechanism=GSSAPI",
+			"hosts": [],
+			"valid": true,
+			"warning": false,
+			"auth": {
+				"db": "$external"
+			},
+			"options": null
+		},
+		{
+			"description": "should use $external as the source when a database is specified",
+			"uri": "mongodb://user%40DOMAIN.COM:password@localhost/foo?authMechanism=GSSAPI",
+			"hosts": [],
+			"valid": true,
+			"warning": false,
+			"auth": {
+				"db": "$external"
+			},
+			"options": null
+		},
+		{
+			"description": "should throw an exception when an authSource is specified other than $external",
+			"uri": "mongodb://user%40DOMAIN.COM:password@localhost/foo?authMechanism=GSSAPI&authSource=bar",
+			"hosts": [],
+			"valid": false,
+			"warning": true,
+			"auth": null,
+			"options": null
+
+		},
+		{
+			"description": "should throw an exception when an authMechanism is specified with no username",
+			"uri": "mongodb://localhost/?authMechanism=GSSAPI",
+			"hosts": [],
+			"valid": false,
+			"warning": true,
+			"auth": null,
+			"options": null
+		},
+		{
+			"description": "should accept generic mechanism property",
+			"uri": "mongodb://user%40DOMAIN.COM:password@localhost/?authMechanism=GSSAPI&authMechanismProperties=SERVICE_NAME:other,CANONICALIZE_HOST_NAME:true",
+			"hosts": [],
+			"valid": true,
+			"warning": false,
+			"auth": null,
+			"options": {
+				"authmechanism": "GSSAPI",
+				"authmechanismproperties": {
+					"SERVICE_NAME": "other",
+					"CANONICALIZE_HOST_NAME": true
+				}
+			}
+		},
+		{
+			"description": "should accept legacy gssapiServiceName",
+			"uri": "mongodb://user%40DOMAIN.COM:password@localhost/?authMechanism=GSSAPI&gssapiServiceName=other",
+			"hosts": [],
+			"valid": true,
+			"warning": false,
+			"auth": null,
+			"options": {
+				"authmechanism": "GSSAPI",
+				"authmechanismproperties": {
+					"SERVICE_NAME": "other"
+				}
+			}
+		},
+		{
+			"description": "should recognize the mechanism",
+			"uri": "mongodb://user:pass@localhost/?authMechanism=MONGODB-CR",
+			"hosts": [],
+			"valid": true,
+			"warning": false,
+			"auth": null,
+			"options": {
+				"authmechanism": "MONGODB-CR"
+			}
+		},
+		{
+			"description": "should throw an exception when an authMechanism is specified with no username",
+			"uri": "mongodb://localhost/?authMechanism=MONGODB-CR",
+			"hosts": [],
+			"valid": false,
+			"warning": true,
+			"auth": null,
+			"options": null
+		},
+		{
+			"description": "should use $external as the source",
+			"uri": "mongodb://CN%3DmyName%2COU%3DmyOrgUnit%2CO%3DmyOrg%2CL%3DmyLocality%2CST%3DmyState%2CC%3DmyCountry@localhost/?authMechanism=MONGODB-X509",
+			"hosts": [],
+			"valid": true,
+			"warning": false,
+			"auth": {
+				"db": "$external"
+			},
+			"options": null
+		},
+		{
+			"description": "should use $external as the source when a database is specified",
+			"uri": "mongodb://CN%3DmyName%2COU%3DmyOrgUnit%2CO%3DmyOrg%2CL%3DmyLocality%2CST%3DmyState%2CC%3DmyCountry@localhost/foo?authMechanism=MONGODB-X509",
+			"hosts": [],
+			"valid": true,
+			"warning": false,
+			"auth": {
+				"db": "$external"
+			},
+			"options": null
+		},
+		{
+			"description": "should throw an exception when an authSource is specified other than $external",
+			"uri": "mongodb://CN%3DmyName%2COU%3DmyOrgUnit%2CO%3DmyOrg%2CL%3DmyLocality%2CST%3DmyState%2CC%3DmyCountry@localhost/foo?authMechanism=MONGODB-X509&authSource=bar",
+			"hosts": [],
+			"valid": false,
+			"warning": true,
+			"auth": null,
+			"options": null
+		},
+		{
+			"description": "should recognize the mechanism",
+			"uri": "mongodb://CN%3DmyName%2COU%3DmyOrgUnit%2CO%3DmyOrg%2CL%3DmyLocality%2CST%3DmyState%2CC%3DmyCountry@localhost/?authMechanism=MONGODB-X509",
+			"hosts": [],
+			"valid": true,
+			"warning": false,
+			"auth": null,
+			"options": {
+				"authmechanism": "MONGODB-X509"
+			}
+		},
+		{
+			"description": "should recognize the mechanism with no username",
+			"uri": "mongodb://localhost/?authMechanism=MONGODB-X509",
+			"hosts": [],
+			"valid": true,
+			"warning": false,
+			"auth": {
+				"username": null
+			},
+			"options": {
+				"authmechanism": "MONGODB-X509"
+			}
+		},
+		{
+			"description": "should recognize the encoded username",
+			"uri": "mongodb://CN%3DmyName%2COU%3DmyOrgUnit%2CO%3DmyOrg%2CL%3DmyLocality%2CST%3DmyState%2CC%3DmyCountry@localhost/?authMechanism=MONGODB-X509",
+			"hosts": [],
+			"valid": true,
+			"warning": false,
+			"auth": {
+				"username": "CN=myName,OU=myOrgUnit,O=myOrg,L=myLocality,ST=myState,C=myCountry"
+			},
+			"options": null
+		},
+		{
+			"description": "should recognize the mechanism",
+			"uri": "mongodb://user:password@localhost/?authMechanism=PLAIN",
+			"hosts": [],
+			"valid": true,
+			"warning": false,
+			"auth": null,
+			"options": {
+				"authmechanism": "PLAIN"
+			}
+		},
+		{
+			"description": "should throw an exception when an authMechanism is specified with no username",
+			"uri": "mongodb://localhost/?authMechanism=PLAIN",
+			"hosts": [],
+			"valid": false,
+			"warning": true,
+			"auth": null,
+			"options": null
+		},
+		{
+			"description": "should recognize the mechanism",
+			"uri": "mongodb://user:password@localhost/?authMechanism=SCRAM-SHA-1",
+			"hosts": [],
+			"valid": true,
+			"warning": false,
+			"auth": null,
+			"options": {
+				"authmechanism": "SCRAM-SHA-1"
+			}
+		},
+		{
+			"description": "should throw an exception when an authMechanism is specified with no username",
+			"uri": "mongodb://localhost/?authMechanism=SCRAM-SHA-1",
+			"hosts": [],
+			"valid": false,
+			"warning": true,
+			"auth": null,
+			"options": null
+		}
+	]
+}

tests/test-mongoc-connection-uri.c

@@ -189,6 +189,9 @@ test_all_spec_tests (TestSuite *suite)
 
    ASSERT (realpath (JSON_DIR "/connection_uri", resolved));
    install_json_test_suite (suite, resolved, &test_connection_uri_cb);
+
+   ASSERT (realpath (JSON_DIR "/auth", resolved));
+   install_json_test_suite (suite, resolved, &test_connection_uri_cb);
 }
 
 

tests/test-mongoc-uri.c

@@ -376,22 +376,6 @@ test_mongoc_uri_new (void)
    ASSERT (uri);
    mongoc_uri_destroy (uri);
 
-   /* deprecated gssapiServiceName option */
-   uri = mongoc_uri_new ("mongodb://christian%40realm.cc@localhost:27017/"
-                         "?" MONGOC_URI_AUTHMECHANISM
-                         "=GSSAPI&" MONGOC_URI_GSSAPISERVICENAME "=blah");
-   ASSERT (uri);
-   options = mongoc_uri_get_options (uri);
-   ASSERT (options);
-   BSON_ASSERT (0 == strcmp (mongoc_uri_get_auth_mechanism (uri), "GSSAPI"));
-   BSON_ASSERT (0 ==
-                strcmp (mongoc_uri_get_username (uri), "christian@realm.cc"));
-   BSON_ASSERT (
-      bson_iter_init_find_case (&iter, options, MONGOC_URI_GSSAPISERVICENAME) &&
-      BSON_ITER_HOLDS_UTF8 (&iter) &&
-      (0 == strcmp (bson_iter_utf8 (&iter, NULL), "blah")));
-   mongoc_uri_destroy (uri);
-
    /* MONGODB-CR */
 
    /* should recognize this mechanism */
@@ -463,6 +447,7 @@ test_mongoc_uri_authmechanismproperties (void)
 {
    mongoc_uri_t *uri;
    bson_t props;
+   const bson_t *options;
 
    uri = mongoc_uri_new ("mongodb://user@localhost/?" MONGOC_URI_AUTHMECHANISM
                          "=SCRAM-SHA1"
@@ -491,6 +476,20 @@ test_mongoc_uri_authmechanismproperties (void)
    ASSERT_MATCH (&props, "{'a': 'four', 'b': {'$exists': false}}");
 
    mongoc_uri_destroy (uri);
+
+   /* deprecated gssapiServiceName option */
+   uri = mongoc_uri_new ("mongodb://christian%40realm.cc@localhost:27017/"
+                         "?" MONGOC_URI_AUTHMECHANISM
+                         "=GSSAPI&" MONGOC_URI_GSSAPISERVICENAME "=blah");
+   ASSERT (uri);
+   options = mongoc_uri_get_options (uri);
+   ASSERT (options);
+   BSON_ASSERT (0 == strcmp (mongoc_uri_get_auth_mechanism (uri), "GSSAPI"));
+   BSON_ASSERT (0 ==
+                strcmp (mongoc_uri_get_username (uri), "christian@realm.cc"));
+   ASSERT (mongoc_uri_get_mechanism_properties (uri, &props));
+   ASSERT_MATCH (&props, "{'SERVICE_NAME': 'blah'}");
+   mongoc_uri_destroy (uri);
 }