fix: mechanism properties

durran · durran · commit 1c249b3124d5 · 2023-04-14T14:12:19.000+02:00
diff --git a/.evergreen/run-oidc-tests.sh b/.evergreen/run-oidc-tests.sh
@@ -10,5 +10,6 @@ MONGODB_URI_SINGLE="${MONGODB_URI}/?authMechanism=MONGODB-OIDC&authMechanismProp
 echo $MONGODB_URI_SINGLE
 
 export MONGODB_URI="$MONGODB_URI_SINGLE"
+expoort OIDC_TOKEN_DIR=${OIDC_TOKEN_DIR}
 
 npm run check:oidc
diff --git a/src/cmap/auth/mongo_credentials.ts b/src/cmap/auth/mongo_credentials.ts
@@ -117,7 +117,10 @@ export class MongoCredentials {
     }
 
     if (this.mechanism === AuthMechanism.MONGODB_OIDC && !this.mechanismProperties.ALLOWED_HOSTS) {
-      this.mechanismProperties.ALLOWED_HOSTS = DEFAULT_ALLOWED_HOSTS;
+      this.mechanismProperties = {
+        ...this.mechanismProperties,
+        ALLOWED_HOSTS: DEFAULT_ALLOWED_HOSTS
+      };
     }
 
     Object.freeze(this.mechanismProperties);
diff --git a/test/manual/mongodb_oidc.prose.test.ts b/test/manual/mongodb_oidc.prose.test.ts
@@ -12,7 +12,6 @@ import {
   OIDCMechanismServerStep1,
   OIDCRequestTokenResult
 } from '../mongodb';
-import { request } from 'node:http';
 
 describe('MONGODB-OIDC', function () {
   context('when running in the environment', function () {
@@ -351,11 +350,29 @@ describe('MONGODB-OIDC', function () {
       });
 
       describe('3.3 Refresh Callback Returns Null', function () {
+        before(function () {
+          client = new MongoClient('mongodb://localhost/?authMechanism=MONGODB-OIDC', {
+            authMechanismProperties: {
+              REQUEST_TOKEN_CALLBACK: createRequestCallback('test_user1', 60),
+              REFRESH_TOKEN_CALLBACK: () => {
+                return Promise.resolve(null);
+              }
+            }
+          });
+          collection = client.db('test').collection('test');
+        });
+
         // Clear the cache.
         // Create request callback that returns a valid token that will expire in a minute, and a refresh callback that returns null.
         // Perform a find operation that succeeds.
         // Perform a find operation that fails.
         // Close the client.
+        it('fails authentication on refresh', async function () {
+          await collection.findOne();
+          expect(async () => {
+            await collection.findOne();
+          }).to.throw;
+        });
       });
 
       describe('3.4 Request Callback Returns Invalid Data', function () {

Original file line number	Diff line number	Diff line change
`@@ -117,7 +117,10 @@ export class MongoCredentials {`
`117`	`117`	`}`
`118`	`118`
`119`	`119`	`if (this.mechanism === AuthMechanism.MONGODB_OIDC && !this.mechanismProperties.ALLOWED_HOSTS) {`
`120`		`- this.mechanismProperties.ALLOWED_HOSTS = DEFAULT_ALLOWED_HOSTS;`
	`120`	`+ this.mechanismProperties = {`
	`121`	`+ ...this.mechanismProperties,`
	`122`	`+ ALLOWED_HOSTS: DEFAULT_ALLOWED_HOSTS`
	`123`	`+ };`
`121`	`124`	`}`
`122`	`125`
`123`	`126`	`Object.freeze(this.mechanismProperties);`