Skip to content

Commit b1e90dc

Browse files
baileympearsonbaileympearson
committed
DI sasl prep and handle non-function value
1 parent dc068ac commit b1e90dc

File tree

1 file changed

+15
-8
lines changed

1 file changed

+15
-8
lines changed

src/cmap/auth/scram.ts

Lines changed: 15 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ type CryptoMethod = 'sha1' | 'sha256';
1919
class ScramSHA extends AuthProvider {
2020
cryptoMethod: CryptoMethod;
2121
randomBytesAsync: (size: number) => Promise<Buffer>;
22-
constructor(cryptoMethod: CryptoMethod) {
22+
constructor(cryptoMethod: CryptoMethod, private saslPrep: typeof saslprep = saslprep) {
2323
super();
2424
this.cryptoMethod = cryptoMethod || 'sha1';
2525
this.randomBytesAsync = promisify(crypto.randomBytes);
@@ -34,7 +34,7 @@ class ScramSHA extends AuthProvider {
3434
if (!credentials) {
3535
throw new MongoMissingCredentialsError('AuthContext must provide credentials.');
3636
}
37-
if (cryptoMethod === 'sha256' && saslprep == null) {
37+
if (cryptoMethod === 'sha256' && this.saslPrep == null) {
3838
emitWarning('Warning: no saslprep library specified. Passwords will not be sanitized');
3939
}
4040

@@ -59,10 +59,11 @@ class ScramSHA extends AuthProvider {
5959
return continueScramConversation(
6060
this.cryptoMethod,
6161
response.speculativeAuthenticate,
62-
authContext
62+
authContext,
63+
this.saslPrep
6364
);
6465
}
65-
return executeScram(this.cryptoMethod, authContext);
66+
return executeScram(this.cryptoMethod, authContext, this.saslPrep);
6667
}
6768
}
6869

@@ -103,7 +104,11 @@ function makeFirstMessage(
103104
};
104105
}
105106

106-
async function executeScram(cryptoMethod: CryptoMethod, authContext: AuthContext): Promise<void> {
107+
async function executeScram(
108+
cryptoMethod: CryptoMethod,
109+
authContext: AuthContext,
110+
saslPrep: typeof saslprep
111+
): Promise<void> {
107112
const { connection, credentials } = authContext;
108113
if (!credentials) {
109114
throw new MongoMissingCredentialsError('AuthContext must provide credentials.');
@@ -116,13 +121,14 @@ async function executeScram(cryptoMethod: CryptoMethod, authContext: AuthContext
116121

117122
const saslStartCmd = makeFirstMessage(cryptoMethod, credentials, nonce);
118123
const response = await connection.commandAsync(ns(`${db}.$cmd`), saslStartCmd, undefined);
119-
await continueScramConversation(cryptoMethod, response, authContext);
124+
await continueScramConversation(cryptoMethod, response, authContext, saslPrep);
120125
}
121126

122127
async function continueScramConversation(
123128
cryptoMethod: CryptoMethod,
124129
response: Document,
125-
authContext: AuthContext
130+
authContext: AuthContext,
131+
saslPrep: typeof saslprep
126132
): Promise<void> {
127133
const connection = authContext.connection;
128134
const credentials = authContext.credentials;
@@ -140,7 +146,8 @@ async function continueScramConversation(
140146

141147
let processedPassword;
142148
if (cryptoMethod === 'sha256') {
143-
processedPassword = 'kModuleError' in saslprep ? password : saslprep(password);
149+
processedPassword =
150+
'kModuleError' in saslPrep || typeof saslPrep !== 'function' ? password : saslPrep(password);
144151
} else {
145152
processedPassword = passwordDigest(username, password);
146153
}

0 commit comments

Comments
 (0)