fix(NODE-5289): prevent scram auth from throwing TypeError if saslprep is not a function

src/cmap/auth/scram.ts

@@ -34,7 +34,10 @@ class ScramSHA extends AuthProvider {
  if (!credentials) {
  throw new MongoMissingCredentialsError('AuthContext must provide credentials.');
  }
- if (cryptoMethod === 'sha256' && saslprep == null) {
+ if (
+ cryptoMethod === 'sha256' &&
+ ('kModuleError' in saslprep || typeof saslprep !== 'function')
+ ) {
  emitWarning('Warning: no saslprep library specified. Passwords will not be sanitized');
  }
 
@@ -140,7 +143,8 @@ async function continueScramConversation(
 
  let processedPassword;
  if (cryptoMethod === 'sha256') {
- processedPassword = 'kModuleError' in saslprep ? password : saslprep(password);
+ processedPassword =
+ 'kModuleError' in saslprep || typeof saslprep !== 'function' ? password : saslprep(password);
  } else {
  processedPassword = passwordDigest(username, password);
  }

test/integration/auth/scram_sha_256.test.ts

@@ -0,0 +1,45 @@
+import { expect } from 'chai';
+import * as sinon from 'sinon';
+
+// eslint-disable-next-line @typescript-eslint/no-restricted-imports
+import * as deps from '../../../src/deps';
+import { type MongoClient } from '../../mongodb';
+
+describe('SCRAM_SHA_256', function () {
+ context('when saslprep is not a function', () => {
+ let client: MongoClient;
+ beforeEach(function () {
+ if (!this.configuration.parameters.authenticationMechanisms.includes('SCRAM-SHA-256')) {
+ // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+ this.currentTest!.skipReason = 'Test requires that SCRAM-SHA-256 be enabled on the server.';
+ // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+ this.currentTest!.skip();
+ }
+ });
+
+ beforeEach('setup mocks', function () {
+ sinon.stub(deps, 'saslprep').value({});
+ client = this.configuration.newClient({ authMechanism: 'SCRAM-SHA-256' });
+ });
+
+ afterEach(() => {
+ sinon.restore();
+ return client.close();
+ });
+
+ it('does not throw an error', { requires: { auth: 'enabled' } }, async function () {
+ await client.connect();
+ });
+
+ it('emits a warning', { requires: { auth: 'enabled' } }, async function () {
+ const warnings: Array<Error> = [];
+ process.once('warning', w => warnings.push(w));
+ await client.connect();
+ expect(warnings).to.have.lengthOf(1);
+ expect(warnings[0]).to.have.property(
+ 'message',
+ 'Warning: no saslprep library specified. Passwords will not be sanitized'
+ );
+ });
+ });
+});

test/mongodb.ts

@@ -143,6 +143,7 @@ export * from '../src/cursor/list_indexes_cursor';
 export * from '../src/cursor/run_command_cursor';
 export * from '../src/db';
 export * from '../src/deps';
+export * as deps from '../src/deps';
 export * from '../src/encrypter';
 export * from '../src/error';
 export * from '../src/explain';