test(NODE-2939): add additional kerberos tests

mongodb · Feb 4, 2022 · 392bb8e · 392bb8e
1 parent 7d95b94
commit 392bb8e
Show file tree

Hide file tree

Showing 3 changed files with 116 additions and 0 deletions.
diff --git a/test/manual/kerberos.test.js b/test/manual/kerberos.test.js
@@ -51,6 +51,68 @@ describe('Kerberos', function () {
     });
   });
 
+  context('when passing in CANONICALIZE_HOST_NAME', function () {
+    context('when the value is true', function () {
+      it('successfully authenticates', function (done) {
+        const client = new MongoClient(
+          `${krb5Uri}&authMechanismProperties=SERVICE_NAME:mongodb,CANONICALIZE_HOST_NAME:true&maxPoolSize=1`
+        );
+        client.connect(function (err, client) {
+          if (err) return done(err);
+          verifyKerberosAuthentication(client, done);
+        });
+      });
+    });
+
+    context('when the value is forward', function () {
+      it('successfully authenticates', function (done) {
+        const client = new MongoClient(
+          `${krb5Uri}&authMechanismProperties=SERVICE_NAME:mongodb,CANONICALIZE_HOST_NAME:forward&maxPoolSize=1`
+        );
+        client.connect(function (err, client) {
+          if (err) return done(err);
+          verifyKerberosAuthentication(client, done);
+        });
+      });
+    });
+
+    context('when the value is forwardAndReverse', function () {
+      it('successfully authenticates', function (done) {
+        const client = new MongoClient(
+          `${krb5Uri}&authMechanismProperties=SERVICE_NAME:mongodb,CANONICALIZE_HOST_NAME:forwardAndReverse&maxPoolSize=1`
+        );
+        client.connect(function (err, client) {
+          if (err) return done(err);
+          verifyKerberosAuthentication(client, done);
+        });
+      });
+    });
+
+    context('when the value is false', function () {
+      it('successfully authenticates', function (done) {
+        const client = new MongoClient(
+          `${krb5Uri}&authMechanismProperties=SERVICE_NAME:mongodb,CANONICALIZE_HOST_NAME:false&maxPoolSize=1`
+        );
+        client.connect(function (err, client) {
+          if (err) return done(err);
+          verifyKerberosAuthentication(client, done);
+        });
+      });
+    });
+
+    context('when the value is none', function () {
+      it('successfully authenticates', function (done) {
+        const client = new MongoClient(
+          `${krb5Uri}&authMechanismProperties=SERVICE_NAME:mongodb,CANONICALIZE_HOST_NAME:none&maxPoolSize=1`
+        );
+        client.connect(function (err, client) {
+          if (err) return done(err);
+          verifyKerberosAuthentication(client, done);
+        });
+      });
+    });
+  });
+
   // Unskip this test when a proper setup is available - see NODE-3060
   it.skip('validate that SERVICE_REALM and CANONICALIZE_HOST_NAME can be passed in', function (done) {
     const client = new MongoClient(

diff --git a/test/spec/auth/connection-string.json b/test/spec/auth/connection-string.json
@@ -93,6 +93,21 @@
         }
       }
     },
+    {
+      "description": "should accept true as hostname canonicalization (GSSAPI)",
+      "uri": "mongodb://user%40DOMAIN.COM@localhost/?authMechanism=GSSAPI&authMechanismProperties=SERVICE_NAME:other,CANONICALIZE_HOST_NAME:true",
+      "valid": true,
+      "credential": {
+        "username": "user@DOMAIN.COM",
+        "password": null,
+        "source": "$external",
+        "mechanism": "GSSAPI",
+        "mechanism_properties": {
+          "SERVICE_NAME": "other",
+          "CANONICALIZE_HOST_NAME": true
+        }
+      }
+    },
     {
       "description": "should accept forwardAndReverse hostname canonicalization (GSSAPI)",
       "uri": "mongodb://user%40DOMAIN.COM@localhost/?authMechanism=GSSAPI&authMechanismProperties=SERVICE_NAME:other,CANONICALIZE_HOST_NAME:forwardAndReverse",
@@ -123,6 +138,21 @@
         }
       }
     },
+    {
+      "description": "should accept false hostname canonicalization (GSSAPI)",
+      "uri": "mongodb://user%40DOMAIN.COM@localhost/?authMechanism=GSSAPI&authMechanismProperties=SERVICE_NAME:other,CANONICALIZE_HOST_NAME:false",
+      "valid": true,
+      "credential": {
+        "username": "user@DOMAIN.COM",
+        "password": null,
+        "source": "$external",
+        "mechanism": "GSSAPI",
+        "mechanism_properties": {
+          "SERVICE_NAME": "other",
+          "CANONICALIZE_HOST_NAME": false
+        }
+      }
+    },
     {
       "description": "must raise an error when the hostname canonicalization is invalid",
       "uri": "mongodb://user%40DOMAIN.COM@localhost/?authMechanism=GSSAPI&authMechanismProperties=SERVICE_NAME:other,CANONICALIZE_HOST_NAME:invalid",

diff --git a/test/spec/auth/connection-string.yml b/test/spec/auth/connection-string.yml
@@ -74,6 +74,18 @@ tests:
             mechanism_properties:
                 SERVICE_NAME: "other"
                 CANONICALIZE_HOST_NAME: "forward"
+    -
+        description: "should accept true as hostname canonicalization (GSSAPI)"
+        uri: "mongodb://user%40DOMAIN.COM@localhost/?authMechanism=GSSAPI&authMechanismProperties=SERVICE_NAME:other,CANONICALIZE_HOST_NAME:true"
+        valid: true
+        credential:
+            username: "user@DOMAIN.COM"
+            password: ~
+            source: "$external"
+            mechanism: "GSSAPI"
+            mechanism_properties:
+                SERVICE_NAME: "other"
+                CANONICALIZE_HOST_NAME: true
     -
         description: "should accept forwardAndReverse hostname canonicalization (GSSAPI)"
         uri: "mongodb://user%40DOMAIN.COM@localhost/?authMechanism=GSSAPI&authMechanismProperties=SERVICE_NAME:other,CANONICALIZE_HOST_NAME:forwardAndReverse"
@@ -98,6 +110,18 @@ tests:
             mechanism_properties:
                 SERVICE_NAME: "other"
                 CANONICALIZE_HOST_NAME: "none"
+    -
+        description: "should accept false hostname canonicalization (GSSAPI)"
+        uri: "mongodb://user%40DOMAIN.COM@localhost/?authMechanism=GSSAPI&authMechanismProperties=SERVICE_NAME:other,CANONICALIZE_HOST_NAME:false"
+        valid: true
+        credential:
+            username: "user@DOMAIN.COM"
+            password: ~
+            source: "$external"
+            mechanism: "GSSAPI"
+            mechanism_properties:
+                SERVICE_NAME: "other"
+                CANONICALIZE_HOST_NAME: false
     -
         description: "must raise an error when the hostname canonicalization is invalid"
         uri: "mongodb://user%40DOMAIN.COM@localhost/?authMechanism=GSSAPI&authMechanismProperties=SERVICE_NAME:other,CANONICALIZE_HOST_NAME:invalid"