create external_auth_source_mechanisms set typing, add external_auth_source_mechanism validation, update/add tests

syz99 · syz99 · commit c27b5adcb10a · 2021-12-13T11:05:17.000-05:00
diff --git a/src/cmap/auth/defaultAuthProviders.ts b/src/cmap/auth/defaultAuthProviders.ts
@@ -18,6 +18,13 @@ export const AuthMechanism = Object.freeze({
   MONGODB_X509: 'MONGODB-X509'
 } as const);
 
+/** @public */
+export const $EXTERNAL_AUTH_SOURCE_MECHANISMS = new Set<string | undefined>([
+  AuthMechanism.MONGODB_GSSAPI,
+  AuthMechanism.MONGODB_AWS,
+  AuthMechanism.MONGODB_X509
+]);
+
 /** @public */
 export type AuthMechanism = typeof AuthMechanism[keyof typeof AuthMechanism];
 
diff --git a/src/cmap/auth/mongo_credentials.ts b/src/cmap/auth/mongo_credentials.ts
@@ -2,7 +2,7 @@
 
 import type { Document } from '../../bson';
 import { MongoAPIError, MongoMissingCredentialsError } from '../../error';
-import { AuthMechanism } from './defaultAuthProviders';
+import { $EXTERNAL_AUTH_SOURCE_MECHANISMS, AuthMechanism } from './defaultAuthProviders';
 
 // https://github.com/mongodb/specifications/blob/master/source/auth/auth.rst
 function getDefaultAuthMechanism(ismaster?: Document): AuthMechanism {
@@ -136,11 +136,7 @@ export class MongoCredentials {
       throw new MongoMissingCredentialsError(`Username required for mechanism '${this.mechanism}'`);
     }
 
-    if (
-      this.mechanism === AuthMechanism.MONGODB_GSSAPI ||
-      this.mechanism === AuthMechanism.MONGODB_AWS ||
-      this.mechanism === AuthMechanism.MONGODB_X509
-    ) {
+    if ($EXTERNAL_AUTH_SOURCE_MECHANISMS.has(this.mechanism)) {
       if (this.source != null && this.source !== '$external') {
         // TODO(NODE-3485): Replace this with a MongoAuthValidationError
         throw new MongoAPIError(
diff --git a/src/connection_string.ts b/src/connection_string.ts
@@ -2,7 +2,7 @@ import * as dns from 'dns';
 import * as fs from 'fs';
 import ConnectionString from 'mongodb-connection-string-url';
 import { URLSearchParams } from 'url';
-import { AuthMechanism } from './cmap/auth/defaultAuthProviders';
+import { $EXTERNAL_AUTH_SOURCE_MECHANISMS, AuthMechanism } from './cmap/auth/defaultAuthProviders';
 import { ReadPreference, ReadPreferenceMode } from './read_preference';
 import { ReadConcern, ReadConcernLevel } from './read_concern';
 import { W, WriteConcern } from './write_concern';
@@ -124,7 +124,11 @@ export function resolveSRVRecord(options: MongoOptions, callback: Callback<HostA
         const replicaSet = txtRecordOptions.get('replicaSet') ?? undefined;
         const loadBalanced = txtRecordOptions.get('loadBalanced') ?? undefined;
 
-        if (!options.userSpecifiedAuthSource && source) {
+        if (
+          !options.userSpecifiedAuthSource &&
+          source &&
+          !$EXTERNAL_AUTH_SOURCE_MECHANISMS.has(options.credentials?.mechanism)
+        ) {
           options.credentials = MongoCredentials.merge(options.credentials, { source });
         }
 
diff --git a/test/unit/connection_string.test.js b/test/unit/connection_string.test.js
@@ -94,6 +94,16 @@ describe('Connection String', function () {
     expect(options.credentials.mechanism).to.equal(AuthMechanism.MONGODB_GSSAPI);
   });
 
+  it('should provide default authSource when valid AuthMechanism provided', function () {
+    // const options = parseOptions(
+    //   'mongodb+srv://jira-sync.pw0q4.mongodb.net/testDB?authMechanism=MONGODB-AWS&retryWrites=true&w=majority'
+    // );
+    const options = parseOptions(
+      'mongodb+srv://jira-sync.pw0q4.mongodb.net/testDB?authMechanism=MONGODB-AWS&retryWrites=true&w=majority'
+    );
+    expect(options.credentials.source).to.equal('$external');
+  });
+
   it('should parse a numeric authSource with variable width', function () {
     const options = parseOptions('mongodb://test@localhost/?authSource=0001');
     expect(options.credentials.source).to.equal('0001');
diff --git a/test/unit/polling_srv_records_for_mongos_discovery.prose.test.ts b/test/unit/polling_srv_records_for_mongos_discovery.prose.test.ts
@@ -3,7 +3,6 @@ import * as sinon from 'sinon';
 import { expect } from 'chai';
 import { MongoClient } from '../../src';
 import { processTick } from '../tools/utils';
-import { it } from 'mocha';
 import * as mock from '../tools/mongodb-mock/index';
 
 /*
diff --git a/test/unit/srv_option_handling.test.ts b/test/unit/srv_option_handling.test.ts
@@ -0,0 +1,105 @@
+import * as dns from 'dns';
+import * as sinon from 'sinon';
+import { expect } from 'chai';
+import { MongoCredentials } from '../../src/cmap/auth/mongo_credentials';
+import { resolveSRVRecord } from '../../src/connection_string';
+import { AuthMechanism } from '../../src/cmap/auth/defaultAuthProviders';
+
+describe('Srv Option Handling', () => {
+  let resolveSrvStub: sinon.SinonStub;
+  let resolveTxtStub: sinon.SinonStub;
+  let resolveSRVRecordStub: sinon.SinonStub;
+  let lookupStub: sinon.SinonStub;
+
+  afterEach(async () => {
+    if (resolveSrvStub) {
+      resolveSrvStub.restore();
+      resolveSrvStub = undefined;
+    }
+    if (resolveTxtStub) {
+      resolveTxtStub.restore();
+      resolveTxtStub = undefined;
+    }
+    if (lookupStub) {
+      lookupStub.restore();
+      lookupStub = undefined;
+    }
+    if (resolveSRVRecordStub) {
+      resolveSRVRecordStub.restore();
+      resolveSRVRecordStub = undefined;
+    }
+  });
+
+  function makeStub(txtRecord: string) {
+    const mockAddress = [
+      {
+        name: 'localhost.test.mock.test.build.10gen.cc',
+        port: 2017,
+        weight: 0,
+        priority: 0
+      }
+    ];
+
+    const mockRecord: string[][] = [[txtRecord]];
+
+    // first call is for the driver initial connection
+    // second call will check the poller
+    resolveSrvStub = sinon.stub(dns, 'resolveSrv').callsFake((address, callback) => {
+      return process.nextTick(callback, null, mockAddress);
+    });
+
+    resolveTxtStub = sinon.stub(dns, 'resolveTxt').callsFake((address, thisIsWhatWeAreTesting) => {
+      thisIsWhatWeAreTesting(null, mockRecord);
+    });
+  }
+
+  for (const iterator of [
+    {
+      mechanism: AuthMechanism.MONGODB_AWS,
+      source: '',
+      userSpecifiedAuthSource: false,
+      expected: 'succeed'
+    },
+    {
+      mechanism: AuthMechanism.MONGODB_AWS,
+      source: 'admin',
+      userSpecifiedAuthSource: true,
+      expected: 'succeed'
+    },
+    {
+      mechanism: null,
+      source: 'admin',
+      userSpecifiedAuthSource: false,
+      expected: 'fail'
+    }
+  ]) {
+    it(`should ${iterator.expected} for ${iterator.mechanism} mechanism and ${
+      iterator.userSpecifiedAuthSource ? '' : 'non-'
+    }user-specified source: ${iterator.source}`, function () {
+      makeStub('authSource=admin');
+
+      const options = {
+        credentials: new MongoCredentials({
+          source: '$external',
+          mechanism: iterator.mechanism,
+          username: 'username',
+          password: 'password',
+          mechanismProperties: {}
+        }),
+        srvHost: 'host',
+        srvServiceName: 'mongodb',
+        userSpecifiedAuthSource: iterator.userSpecifiedAuthSource
+      };
+
+      resolveSRVRecord(options as any, (err, hostAddress) => {
+        if (iterator.expected === 'succeed') {
+          expect(options).to.have.nested.property('credentials.source', '$external');
+        } else {
+          expect(options).to.not.have.nested.property('credentials.source', '$external');
+        }
+      });
+
+      // expect(client).to.have.nested.property('options.credentials.source', '$external');
+    });
+  }
+});
