chore: cleanup

Author: durran

src/cmap/auth/mongodb_oidc.ts

@@ -12,6 +12,9 @@ import type { Workflow } from './mongodb_oidc/workflow';
  */
 export const OIDC_VERSION = 0;
 
+/** Error when credentials are missing. */
+const MISSING_CREDENTIALS_ERROR = 'AuthContext must provide credentials.';
+
 /**
  * @public
  * @experimental
@@ -110,7 +113,7 @@ export class MongoDBOIDC extends AuthProvider {
 function getCredentials(authContext: AuthContext): MongoCredentials {
   const { credentials } = authContext;
   if (!credentials) {
-    throw new MongoMissingCredentialsError('AuthContext must provide credentials.');
+    throw new MongoMissingCredentialsError(MISSING_CREDENTIALS_ERROR);
   }
   return credentials;
 }

src/cmap/auth/mongodb_oidc/aws_service_workflow.ts

@@ -3,6 +3,9 @@ import { readFile } from 'fs/promises';
 import { MongoAWSError } from '../../../error';
 import { ServiceWorkflow } from './service_workflow';
 
+/** Error for when the token is missing in the environment. */
+const TOKEN_MISSING_ERROR = 'AWS_WEB_IDENTITY_TOKEN_FILE must be set in the environment.';
+
 /**
  * Device workflow implementation for AWS.
  *
@@ -19,7 +22,7 @@ export class AwsServiceWorkflow extends ServiceWorkflow {
   async getToken(): Promise<string> {
     const tokenFile = process.env.AWS_WEB_IDENTITY_TOKEN_FILE;
     if (!tokenFile) {
-      throw new MongoAWSError('AWS_WEB_IDENTITY_TOKEN_FILE must be set in the environment.');
+      throw new MongoAWSError(TOKEN_MISSING_ERROR);
     }
     return readFile(tokenFile, 'utf8');
   }

src/cmap/auth/mongodb_oidc/callback_workflow.ts

@@ -27,6 +27,14 @@ const TIMEOUT_S = 300;
 /** Properties allowed on results of callbacks. */
 const RESULT_PROPERTIES = ['accessToken', 'expiresInSeconds', 'refreshToken'];
 
+/** Error message when the callback result is invalid. */
+const CALLBACK_RESULT_ERROR =
+  'User provided OIDC callbacks must return a valid object with an accessToken.';
+
+/** Error message for when request callback is missing. */
+const REQUEST_CALLBACK_REQUIRED_ERROR =
+  'Auth mechanism property REQUEST_TOKEN_CALLBACK is required.';
+
 /**
  * OIDC implementation of a callback based workflow.
  * @internal
@@ -64,9 +72,7 @@ export class CallbackWorkflow implements Workflow {
     const refreshCallback = credentials.mechanismProperties.REFRESH_TOKEN_CALLBACK;
     // At minimum a request callback must be provided by the user.
     if (!requestCallback) {
-      throw new MongoInvalidArgumentError(
-        'Auth mechanism property REQUEST_TOKEN_CALLBACK is required.'
-      );
+      throw new MongoInvalidArgumentError(REQUEST_CALLBACK_REQUIRED_ERROR);
     }
     // Look for an existing entry in the cache.
     const entry = this.cache.getEntry(
@@ -239,15 +245,14 @@ export class CallbackWorkflow implements Workflow {
     // Validate that the result returned by the callback is acceptable. If it is not
     // we must clear the token result from the cache.
     if (isCallbackResultInvalid(result)) {
+      console.log('GOT ERROR, DELETE FROM CACHE AND THROW');
       this.cache.deleteEntry(
         connection.address,
         credentials.username || '',
         requestCallback,
         refreshCallback || null
       );
-      throw new MongoMissingCredentialsError(
-        'User provided OIDC callbacks must return a valid object with an accessToken.'
-      );
+      throw new MongoMissingCredentialsError(CALLBACK_RESULT_ERROR);
     }
     // Cleanup the cache.
     this.cache.deleteExpiredEntries();

test/manual/mongodb_oidc.prose.test.ts

@@ -783,7 +783,9 @@ describe('MONGODB-OIDC', function () {
           try {
             await collection.findOne();
             expect.fail('Expected OIDC auth to fail with invalid fields from refresh callback');
-          } catch (e) {
+          } catch (error) {
+            expect(error).to.be.instanceOf(MongoMissingCredentialsError);
+            expect(error.message).to.include('');
             expect(cache.entries.size).to.equal(0);
           }
         });