From e4dc740cd0ecb77758a7f7e609694de29991ac88 Mon Sep 17 00:00:00 2001 From: Warren James Date: Thu, 9 Jan 2025 11:15:59 -0500 Subject: [PATCH 1/8] Add int test --- test/integration/auth/mongodb_aws.test.ts | 69 +++++++++++++++++++++++ 1 file changed, 69 insertions(+) diff --git a/test/integration/auth/mongodb_aws.test.ts b/test/integration/auth/mongodb_aws.test.ts index 93778cedf1e..0e7b8d04007 100644 --- a/test/integration/auth/mongodb_aws.test.ts +++ b/test/integration/auth/mongodb_aws.test.ts @@ -9,9 +9,14 @@ import * as sinon from 'sinon'; import { refreshKMSCredentials } from '../../../src/client-side-encryption/providers'; import { AWSTemporaryCredentialProvider, + type CommandOptions, + Connection, + type Document, MongoAWSError, type MongoClient, MongoDBAWS, + type MongoDBNamespace, + type MongoDBResponseConstructor, MongoMissingCredentialsError, MongoServerError, setDifference @@ -61,6 +66,70 @@ describe('MONGODB-AWS', function () { expect(result).to.be.a('number'); }); + describe('ConversationId', function () { + let commandStub: sinon.SinonStub< + [ + ns: MongoDBNamespace, + command: Document, + options?: CommandOptions, + responseType?: MongoDBResponseConstructor + ], + Promise + >; + + let saslStartResult, saslContinue; + + beforeEach(function () { + // spy on connection.command, filter for saslStart and saslContinue commands + commandStub = sinon.stub(Connection.prototype, 'command').callsFake(async function ( + ns: MongoDBNamespace, + command: Document, + options: CommandOptions, + responseType?: MongoDBResponseConstructor + ) { + if (command.saslStart != null || command.saslContinue != null) { + console.log(command); + } + + const result = await commandStub.wrappedMethod.call( + this, + ns, + command, + options, + responseType + ); + + if (command.saslStart != null) { + // Modify the result to check if the saslContinue uses it + result.conversationId = 999; + saslStartResult = { ...result }; + } + if (command.saslContinue != null) { + saslContinue = { ...command }; + } + + return result; + }); + }); + + afterEach(function () { + sinon.restore(); + }); + + it.only('should use conversationId returned by saslStart in saslContinue', async function () { + client = this.configuration.newClient(process.env.MONGODB_URI); // use the URI built by the test environment + + await client.db('aws').collection('aws_test').estimatedDocumentCount(); + + expect(saslStartResult).to.not.be.undefined; + expect(saslContinue).to.not.be.undefined; + + expect(saslStartResult).to.have.property('conversationId', 999); + + expect(saslContinue).to.have.property('conversationId').equal(saslStartResult.conversationId); + }); + }); + it('should allow empty string in authMechanismProperties.AWS_SESSION_TOKEN to override AWS_SESSION_TOKEN environment variable', function () { client = this.configuration.newClient(this.configuration.url(), { authMechanismProperties: { AWS_SESSION_TOKEN: '' } From d91411187752a594f78d0c50a84eb9982c4c348c Mon Sep 17 00:00:00 2001 From: kggau <118902369+kggau@users.noreply.github.com> Date: Tue, 14 Jan 2025 10:57:12 -0800 Subject: [PATCH 2/8] fix(NODE-6407): use conversationId returned by the server instead of hardcoded integer in SASL implementation for MONGODB-AWS. (#4258) --- src/cmap/auth/mongodb_aws.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cmap/auth/mongodb_aws.ts b/src/cmap/auth/mongodb_aws.ts index 72859f49676..d9071496b54 100644 --- a/src/cmap/auth/mongodb_aws.ts +++ b/src/cmap/auth/mongodb_aws.ts @@ -148,7 +148,7 @@ export class MongoDBAWS extends AuthProvider { const saslContinue = { saslContinue: 1, - conversationId: 1, + conversationId: saslStartResponse.conversationId, payload: BSON.serialize(payload, bsonOptions) }; From af853f001e3c3a00e0e45def3aad8e8611c07975 Mon Sep 17 00:00:00 2001 From: Warren James Date: Tue, 14 Jan 2025 14:02:03 -0500 Subject: [PATCH 3/8] remove only and update test predicates --- test/integration/auth/mongodb_aws.test.ts | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/test/integration/auth/mongodb_aws.test.ts b/test/integration/auth/mongodb_aws.test.ts index 0e7b8d04007..3c0e43ece12 100644 --- a/test/integration/auth/mongodb_aws.test.ts +++ b/test/integration/auth/mongodb_aws.test.ts @@ -17,6 +17,7 @@ import { MongoDBAWS, type MongoDBNamespace, type MongoDBResponseConstructor, + MongoError, MongoMissingCredentialsError, MongoServerError, setDifference @@ -116,10 +117,17 @@ describe('MONGODB-AWS', function () { sinon.restore(); }); - it.only('should use conversationId returned by saslStart in saslContinue', async function () { + it('should use conversationId returned by saslStart in saslContinue', async function () { client = this.configuration.newClient(process.env.MONGODB_URI); // use the URI built by the test environment - await client.db('aws').collection('aws_test').estimatedDocumentCount(); + const err = await client + .db('aws') + .collection('aws_test') + .estimatedDocumentCount() + .catch(e => e); + + // Expecting the saslContinue to fail since we changed the conversationId + expect(err).to.be.instanceof(MongoError); expect(saslStartResult).to.not.be.undefined; expect(saslContinue).to.not.be.undefined; From b680d2482f2d39808a7b0e4cc288cc8a7eceef0d Mon Sep 17 00:00:00 2001 From: Warren James Date: Tue, 14 Jan 2025 14:03:59 -0500 Subject: [PATCH 4/8] update error predicate --- test/integration/auth/mongodb_aws.test.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/integration/auth/mongodb_aws.test.ts b/test/integration/auth/mongodb_aws.test.ts index 3c0e43ece12..846e7f144f8 100644 --- a/test/integration/auth/mongodb_aws.test.ts +++ b/test/integration/auth/mongodb_aws.test.ts @@ -127,7 +127,8 @@ describe('MONGODB-AWS', function () { .catch(e => e); // Expecting the saslContinue to fail since we changed the conversationId - expect(err).to.be.instanceof(MongoError); + expect(err).to.be.instanceof(MongoServerError); + expect(err.messsage).to.match(/Mismatched conversation id/); expect(saslStartResult).to.not.be.undefined; expect(saslContinue).to.not.be.undefined; From 659a17ed962d10b34ed9a7312c1647e9aea98fd2 Mon Sep 17 00:00:00 2001 From: Warren James Date: Tue, 14 Jan 2025 14:09:21 -0500 Subject: [PATCH 5/8] fix typo --- test/integration/auth/mongodb_aws.test.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/integration/auth/mongodb_aws.test.ts b/test/integration/auth/mongodb_aws.test.ts index 846e7f144f8..2383b344a2f 100644 --- a/test/integration/auth/mongodb_aws.test.ts +++ b/test/integration/auth/mongodb_aws.test.ts @@ -128,7 +128,7 @@ describe('MONGODB-AWS', function () { // Expecting the saslContinue to fail since we changed the conversationId expect(err).to.be.instanceof(MongoServerError); - expect(err.messsage).to.match(/Mismatched conversation id/); + expect(err.message).to.match(/Mismatched conversation id/); expect(saslStartResult).to.not.be.undefined; expect(saslContinue).to.not.be.undefined; From 9b941b6b96ed4db557139b0fc293c70bbafb6c19 Mon Sep 17 00:00:00 2001 From: Warren James Date: Tue, 14 Jan 2025 14:45:02 -0500 Subject: [PATCH 6/8] wip --- test/integration/auth/mongodb_aws.test.ts | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/test/integration/auth/mongodb_aws.test.ts b/test/integration/auth/mongodb_aws.test.ts index 2383b344a2f..d495cf4824b 100644 --- a/test/integration/auth/mongodb_aws.test.ts +++ b/test/integration/auth/mongodb_aws.test.ts @@ -88,10 +88,6 @@ describe('MONGODB-AWS', function () { options: CommandOptions, responseType?: MongoDBResponseConstructor ) { - if (command.saslStart != null || command.saslContinue != null) { - console.log(command); - } - const result = await commandStub.wrappedMethod.call( this, ns, @@ -100,12 +96,14 @@ describe('MONGODB-AWS', function () { responseType ); - if (command.saslStart != null) { - // Modify the result to check if the saslContinue uses it + if (command.saslStart != null && command.mechanism === 'MONGODB-AWS') { + // Modify the result of the saslStart to check if the saslContinue uses it result.conversationId = 999; saslStartResult = { ...result }; } + if (command.saslContinue != null) { + console.log('saving saslContinue'); saslContinue = { ...command }; } @@ -125,6 +123,7 @@ describe('MONGODB-AWS', function () { .collection('aws_test') .estimatedDocumentCount() .catch(e => e); + console.log(err); // Expecting the saslContinue to fail since we changed the conversationId expect(err).to.be.instanceof(MongoServerError); From 979e021dc2efad95288e4acfee16c21723313d0c Mon Sep 17 00:00:00 2001 From: Warren James Date: Thu, 23 Jan 2025 17:01:55 -0500 Subject: [PATCH 7/8] fix test --- test/integration/auth/mongodb_aws.test.ts | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/test/integration/auth/mongodb_aws.test.ts b/test/integration/auth/mongodb_aws.test.ts index d495cf4824b..d022e0235fd 100644 --- a/test/integration/auth/mongodb_aws.test.ts +++ b/test/integration/auth/mongodb_aws.test.ts @@ -88,6 +88,10 @@ describe('MONGODB-AWS', function () { options: CommandOptions, responseType?: MongoDBResponseConstructor ) { + if (command.saslContinue != null) { + saslContinue = { ...command }; + } + const result = await commandStub.wrappedMethod.call( this, ns, @@ -96,22 +100,18 @@ describe('MONGODB-AWS', function () { responseType ); - if (command.saslStart != null && command.mechanism === 'MONGODB-AWS') { + if (command.saslStart != null) { // Modify the result of the saslStart to check if the saslContinue uses it result.conversationId = 999; saslStartResult = { ...result }; } - if (command.saslContinue != null) { - console.log('saving saslContinue'); - saslContinue = { ...command }; - } - return result; }); }); afterEach(function () { + commandStub.restore(); sinon.restore(); }); @@ -123,7 +123,6 @@ describe('MONGODB-AWS', function () { .collection('aws_test') .estimatedDocumentCount() .catch(e => e); - console.log(err); // Expecting the saslContinue to fail since we changed the conversationId expect(err).to.be.instanceof(MongoServerError); From 827835a768d735cf50d086635b44b4d377c4105b Mon Sep 17 00:00:00 2001 From: Warren James Date: Fri, 24 Jan 2025 15:38:19 -0500 Subject: [PATCH 8/8] lint fix --- test/integration/auth/mongodb_aws.test.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/test/integration/auth/mongodb_aws.test.ts b/test/integration/auth/mongodb_aws.test.ts index d022e0235fd..74feeff48fc 100644 --- a/test/integration/auth/mongodb_aws.test.ts +++ b/test/integration/auth/mongodb_aws.test.ts @@ -17,7 +17,6 @@ import { MongoDBAWS, type MongoDBNamespace, type MongoDBResponseConstructor, - MongoError, MongoMissingCredentialsError, MongoServerError, setDifference