Skip to content

Commit

Permalink
fix(NODE-5289): prevent scram auth from throwing TypeError if saslpre…
Browse files Browse the repository at this point in the history
…p is not a function (#3727)
  • Loading branch information
baileympearson committed Jun 16, 2023
1 parent 0e1afc0 commit 2f7a2bf
Show file tree
Hide file tree
Showing 3 changed files with 70 additions and 124 deletions.
8 changes: 6 additions & 2 deletions src/cmap/auth/scram.ts
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,10 @@ class ScramSHA extends AuthProvider {
if (!credentials) {
return callback(new MongoMissingCredentialsError('AuthContext must provide credentials.'));
}
if (cryptoMethod === 'sha256' && saslprep == null) {
if (
cryptoMethod === 'sha256' &&
('kModuleError' in saslprep || typeof saslprep !== 'function')
) {
emitWarning('Warning: no saslprep library specified. Passwords will not be sanitized');
}

Expand Down Expand Up @@ -152,7 +155,8 @@ function continueScramConversation(

let processedPassword;
if (cryptoMethod === 'sha256') {
processedPassword = 'kModuleError' in saslprep ? password : saslprep(password);
processedPassword =
'kModuleError' in saslprep || typeof saslprep !== 'function' ? password : saslprep(password);
} else {
try {
processedPassword = passwordDigest(username, password);
Expand Down
122 changes: 0 additions & 122 deletions test/integration/auth/scram_sha_256.test.js

This file was deleted.

64 changes: 64 additions & 0 deletions test/integration/auth/scram_sha_256.test.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
import { expect } from 'chai';
import * as sinon from 'sinon';

// eslint-disable-next-line @typescript-eslint/no-restricted-imports
import * as deps from '../../../src/deps';
import { type MongoClient } from '../../mongodb';

describe('SCRAM_SHA_256', function () {
beforeEach(function () {
if (!this.configuration.parameters.authenticationMechanisms.includes('SCRAM-SHA-256')) {
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
this.currentTest!.skipReason = 'Test requires that SCRAM-SHA-256 be enabled on the server.';
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
this.currentTest!.skip();
}
});

context('when saslprep is not a function', () => {
let client: MongoClient;

beforeEach(function () {
sinon.stub(deps, 'saslprep').value({});
client = this.configuration.newClient({ authMechanism: 'SCRAM-SHA-256' });
});

afterEach(() => {
sinon.restore();
return client.close();
});

it('does not throw an error', { requires: { auth: 'enabled' } }, async function () {
await client.connect();
});

it('emits a warning', { requires: { auth: 'enabled' } }, async function () {
const warnings: Array<Error> = [];
process.once('warning', w => warnings.push(w));
await client.connect();
expect(warnings).to.have.lengthOf(1);
expect(warnings[0]).to.have.property(
'message',
'Warning: no saslprep library specified. Passwords will not be sanitized'
);
});
});

context('when saslprep is a function', () => {
let client: MongoClient;

beforeEach(function () {
client = this.configuration.newClient({ authMechanism: 'SCRAM-SHA-256' });
});

afterEach(() => client.close());

it('calls saslprep', { requires: { auth: 'enabled' } }, async function () {
const spy = sinon.spy(deps, 'saslprep');

await client.connect();

expect(spy).to.have.been.called;
});
});
});

0 comments on commit 2f7a2bf

Please sign in to comment.