-
Notifications
You must be signed in to change notification settings - Fork 1.8k
/
kerberos.test.js
105 lines (95 loc) · 3.26 KB
/
kerberos.test.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
'use strict';
const { MongoClient } = require('../../src');
const chai = require('chai');
const expect = chai.expect;
function verifyKerberosAuthentication(client, done) {
client
.db('kerberos')
.collection('test')
.find()
.toArray(function (err, docs) {
let expectError;
try {
expect(err).to.not.exist;
expect(docs).to.have.length(1);
expect(docs[0].kerberos).to.be.true;
} catch (e) {
expectError = e;
}
client.close(e => done(expectError || e));
});
}
describe('Kerberos', function () {
if (process.env.MONGODB_URI == null) {
console.error('skipping Kerberos tests, MONGODB_URI environment variable is not defined');
return;
}
let krb5Uri = process.env.MONGODB_URI;
if (!process.env.KRB5_PRINCIPAL) {
console.error('skipping Kerberos tests, KRB5_PRINCIPAL environment variable is not defined');
return;
}
if (process.platform === 'win32') {
console.error('Win32 run detected');
if (process.env.LDAPTEST_PASSWORD == null) {
throw new Error('The env parameter LDAPTEST_PASSWORD must be set');
}
const parts = krb5Uri.split('@', 2);
krb5Uri = `${parts[0]}:${process.env.LDAPTEST_PASSWORD}@${parts[1]}`;
}
it('should authenticate with original uri', function (done) {
const client = new MongoClient(krb5Uri);
client.connect(function (err, client) {
expect(err).to.not.exist;
verifyKerberosAuthentication(client, done);
});
});
// Unskip this test when a proper setup is available - see NODE-3060
it.skip('validate that SERVICE_REALM and CANONICALIZE_HOST_NAME can be passed in', function (done) {
const client = new MongoClient(
`${krb5Uri}&authMechanismProperties=SERVICE_NAME:mongodb,CANONICALIZE_HOST_NAME:false,SERVICE_REALM:windows&maxPoolSize=1`
);
client.connect(function (err, client) {
expect(err).to.not.exist;
verifyKerberosAuthentication(client, done);
});
});
describe('should use the SERVICE_NAME property', function () {
it('as an option handed to the MongoClient', function (done) {
const client = new MongoClient(`${krb5Uri}&maxPoolSize=1`, {
authMechanismProperties: {
SERVICE_NAME: 'alternate'
}
});
client.connect(function (err) {
expect(err).to.exist;
expect(err.message).to.match(
/(Error from KDC: LOOKING_UP_SERVER)|(not found in Kerberos database)|(UNKNOWN_SERVER)/
);
done();
});
});
it('as part of the query string parameters', function (done) {
const client = new MongoClient(
`${krb5Uri}&authMechanismProperties=SERVICE_NAME:alternate&maxPoolSize=1`
);
client.connect(function (err) {
expect(err).to.exist;
expect(err.message).to.match(
/(Error from KDC: LOOKING_UP_SERVER)|(not found in Kerberos database)|(UNKNOWN_SERVER)/
);
done();
});
});
});
it('should fail to authenticate with bad credentials', function (done) {
const client = new MongoClient(
krb5Uri.replace(encodeURIComponent(process.env.KRB5_PRINCIPAL), 'bad%40creds.cc')
);
client.connect(function (err) {
expect(err).to.exist;
expect(err.message).to.match(/Authentication failed/);
done();
});
});
});