diff --git a/src/cmap/auth/gssapi.ts b/src/cmap/auth/gssapi.ts index af0a03c28f..c55acacb07 100644 --- a/src/cmap/auth/gssapi.ts +++ b/src/cmap/auth/gssapi.ts @@ -13,7 +13,9 @@ import { Callback, ns } from '../../utils'; import { AuthContext, AuthProvider } from './auth_provider'; type MechanismProperties = { + /** @deprecated use `CANONICALIZE_HOST_NAME` instead */ gssapiCanonicalizeHostName?: boolean; + CANONICALIZE_HOST_NAME?: boolean; SERVICE_NAME?: string; SERVICE_REALM?: string; }; @@ -174,7 +176,7 @@ function performGssapiCanonicalizeHostName( mechanismProperties: MechanismProperties, callback: Callback ): void { - if (!mechanismProperties.gssapiCanonicalizeHostName) return callback(undefined, host); + if (!mechanismProperties.CANONICALIZE_HOST_NAME) return callback(undefined, host); // Attempt to resolve the host name dns.resolveCname(host, (err, r) => { diff --git a/src/cmap/auth/mongo_credentials.ts b/src/cmap/auth/mongo_credentials.ts index 6f0e453ed3..d974333bdd 100644 --- a/src/cmap/auth/mongo_credentials.ts +++ b/src/cmap/auth/mongo_credentials.ts @@ -1,7 +1,7 @@ // Resolves the default auth mechanism according to - import type { Document } from '../../bson'; import { MongoAPIError, MongoMissingCredentialsError } from '../../error'; +import { emitWarningOnce } from '../../utils'; import { AUTH_MECHS_AUTH_SRC_EXTERNAL, AuthMechanism } from './providers'; // https://github.com/mongodb/specifications/blob/master/source/auth/auth.rst @@ -89,6 +89,14 @@ export class MongoCredentials { } } + if ('gssapiCanonicalizeHostName' in this.mechanismProperties) { + emitWarningOnce( + 'gssapiCanonicalizeHostName is deprecated. Please use CANONICALIZE_HOST_NAME instead.' + ); + this.mechanismProperties.CANONICALIZE_HOST_NAME = + this.mechanismProperties.gssapiCanonicalizeHostName; + } + Object.freeze(this.mechanismProperties); Object.freeze(this); } diff --git a/test/manual/kerberos.test.js b/test/manual/kerberos.test.js index 32764d19f0..b03fc7a1e6 100644 --- a/test/manual/kerberos.test.js +++ b/test/manual/kerberos.test.js @@ -1,8 +1,11 @@ 'use strict'; const { MongoClient } = require('../../src'); const chai = require('chai'); +const sinon = require('sinon'); +const dns = require('dns'); const expect = chai.expect; +chai.use(require('sinon-chai')); function verifyKerberosAuthentication(client, done) { client @@ -23,6 +26,16 @@ function verifyKerberosAuthentication(client, done) { } describe('Kerberos', function () { + const sandbox = sinon.createSandbox(); + + beforeEach(function () { + sandbox.spy(dns); + }); + + afterEach(function () { + sandbox.restore(); + }); + if (process.env.MONGODB_URI == null) { console.error('skipping Kerberos tests, MONGODB_URI environment variable is not defined'); return; @@ -51,6 +64,28 @@ describe('Kerberos', function () { }); }); + it('validate that gssapiCanonicalizeHostName can be passed in', function (done) { + const client = new MongoClient( + `${krb5Uri}&authMechanismProperties=SERVICE_NAME:mongodb,gssapiCanonicalizeHostName:true&maxPoolSize=1` + ); + client.connect(function (err, client) { + if (err) return done(err); + expect(dns.resolveCname).to.be.calledOnce; + verifyKerberosAuthentication(client, done); + }); + }); + + it('validate that CANONICALIZE_HOST_NAME can be passed in', function (done) { + const client = new MongoClient( + `${krb5Uri}&authMechanismProperties=SERVICE_NAME:mongodb,CANONICALIZE_HOST_NAME:true&maxPoolSize=1` + ); + client.connect(function (err, client) { + if (err) return done(err); + expect(dns.resolveCname).to.be.calledOnce; + verifyKerberosAuthentication(client, done); + }); + }); + // Unskip this test when a proper setup is available - see NODE-3060 it.skip('validate that SERVICE_REALM and CANONICALIZE_HOST_NAME can be passed in', function (done) { const client = new MongoClient(