From eed480d4a90eff031711cc7d7a837489e5b414f4 Mon Sep 17 00:00:00 2001
From: Durran Jordan <durran@gmail.com>
Date: Tue, 1 Feb 2022 10:05:07 +0100
Subject: [PATCH 01/10] fix(NODE-3777): use hostname canonicalization

---
 src/cmap/auth/gssapi.ts      | 7 ++++++-
 test/manual/kerberos.test.js | 3 +--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/cmap/auth/gssapi.ts b/src/cmap/auth/gssapi.ts
index af0a03c28f..0188e4611d 100644
--- a/src/cmap/auth/gssapi.ts
+++ b/src/cmap/auth/gssapi.ts
@@ -13,7 +13,9 @@ import { Callback, ns } from '../../utils';
 import { AuthContext, AuthProvider } from './auth_provider';
 
 type MechanismProperties = {
+  // TODO: Remove in 5.0
   gssapiCanonicalizeHostName?: boolean;
+  CANONICALIZE_HOST_NAME?: boolean;
   SERVICE_NAME?: string;
   SERVICE_REALM?: string;
 };
@@ -174,7 +176,10 @@ function performGssapiCanonicalizeHostName(
   mechanismProperties: MechanismProperties,
   callback: Callback<string>
 ): void {
-  if (!mechanismProperties.gssapiCanonicalizeHostName) return callback(undefined, host);
+  if (
+    !mechanismProperties.gssapiCanonicalizeHostName &&
+    !mechanismProperties.CANONICALIZE_HOST_NAME
+  ) return callback(undefined, host);
 
   // Attempt to resolve the host name
   dns.resolveCname(host, (err, r) => {
diff --git a/test/manual/kerberos.test.js b/test/manual/kerberos.test.js
index 32764d19f0..cd7039fd42 100644
--- a/test/manual/kerberos.test.js
+++ b/test/manual/kerberos.test.js
@@ -51,8 +51,7 @@ describe('Kerberos', function () {
     });
   });
 
-  // Unskip this test when a proper setup is available - see NODE-3060
-  it.skip('validate that SERVICE_REALM and CANONICALIZE_HOST_NAME can be passed in', function (done) {
+  it('validate that SERVICE_REALM and CANONICALIZE_HOST_NAME can be passed in', function (done) {
     const client = new MongoClient(
       `${krb5Uri}&authMechanismProperties=SERVICE_NAME:mongodb,CANONICALIZE_HOST_NAME:false,SERVICE_REALM:windows&maxPoolSize=1`
     );

From cd449fd967acf8153aaa267c37edf7767a707ae9 Mon Sep 17 00:00:00 2001
From: Durran Jordan <durran@gmail.com>
Date: Tue, 1 Feb 2022 10:06:56 +0100
Subject: [PATCH 02/10] fix(NODE-3777): remove dead code

---
 src/cmap/auth/gssapi.ts      |  7 +------
 test/manual/kerberos.test.js | 12 +++++++++++-
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/src/cmap/auth/gssapi.ts b/src/cmap/auth/gssapi.ts
index 0188e4611d..edf1e24af3 100644
--- a/src/cmap/auth/gssapi.ts
+++ b/src/cmap/auth/gssapi.ts
@@ -13,8 +13,6 @@ import { Callback, ns } from '../../utils';
 import { AuthContext, AuthProvider } from './auth_provider';
 
 type MechanismProperties = {
-  // TODO: Remove in 5.0
-  gssapiCanonicalizeHostName?: boolean;
   CANONICALIZE_HOST_NAME?: boolean;
   SERVICE_NAME?: string;
   SERVICE_REALM?: string;
@@ -176,10 +174,7 @@ function performGssapiCanonicalizeHostName(
   mechanismProperties: MechanismProperties,
   callback: Callback<string>
 ): void {
-  if (
-    !mechanismProperties.gssapiCanonicalizeHostName &&
-    !mechanismProperties.CANONICALIZE_HOST_NAME
-  ) return callback(undefined, host);
+  if (!mechanismProperties.CANONICALIZE_HOST_NAME) return callback(undefined, host);
 
   // Attempt to resolve the host name
   dns.resolveCname(host, (err, r) => {
diff --git a/test/manual/kerberos.test.js b/test/manual/kerberos.test.js
index cd7039fd42..5e1d917b43 100644
--- a/test/manual/kerberos.test.js
+++ b/test/manual/kerberos.test.js
@@ -51,7 +51,17 @@ describe('Kerberos', function () {
     });
   });
 
-  it('validate that SERVICE_REALM and CANONICALIZE_HOST_NAME can be passed in', function (done) {
+  it('validate that CANONICALIZE_HOST_NAME can be passed in', function (done) {
+    const client = new MongoClient(
+      `${krb5Uri}&authMechanismProperties=SERVICE_NAME:mongodb,CANONICALIZE_HOST_NAME:true&maxPoolSize=1`
+    );
+    client.connect(function (err, client) {
+      expect(err).to.not.exist;
+      verifyKerberosAuthentication(client, done);
+    });
+  });
+
+  it.skip('validate that SERVICE_REALM and CANONICALIZE_HOST_NAME can be passed in', function (done) {
     const client = new MongoClient(
       `${krb5Uri}&authMechanismProperties=SERVICE_NAME:mongodb,CANONICALIZE_HOST_NAME:false,SERVICE_REALM:windows&maxPoolSize=1`
     );

From f79eae0b01a102c1c13223ac44de963dc68325b5 Mon Sep 17 00:00:00 2001
From: Durran Jordan <durran@gmail.com>
Date: Fri, 4 Feb 2022 14:05:01 +0100
Subject: [PATCH 03/10] fix(NODE-3351): adding back skip comment

---
 test/manual/kerberos.test.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/test/manual/kerberos.test.js b/test/manual/kerberos.test.js
index 5e1d917b43..567ed60689 100644
--- a/test/manual/kerberos.test.js
+++ b/test/manual/kerberos.test.js
@@ -61,6 +61,7 @@ describe('Kerberos', function () {
     });
   });
 
+  // Unskip this test when a proper setup is available - see NODE-3060
   it.skip('validate that SERVICE_REALM and CANONICALIZE_HOST_NAME can be passed in', function (done) {
     const client = new MongoClient(
       `${krb5Uri}&authMechanismProperties=SERVICE_NAME:mongodb,CANONICALIZE_HOST_NAME:false,SERVICE_REALM:windows&maxPoolSize=1`

From d52df198ada26f8b358218d301f7677c24f9893b Mon Sep 17 00:00:00 2001
From: Durran Jordan <durran@gmail.com>
Date: Fri, 4 Feb 2022 14:06:41 +0100
Subject: [PATCH 04/10] fix(NODE-3351): make test async function

---
 test/manual/kerberos.test.js | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/test/manual/kerberos.test.js b/test/manual/kerberos.test.js
index 567ed60689..ee7d347c7b 100644
--- a/test/manual/kerberos.test.js
+++ b/test/manual/kerberos.test.js
@@ -51,13 +51,12 @@ describe('Kerberos', function () {
     });
   });
 
-  it('validate that CANONICALIZE_HOST_NAME can be passed in', function (done) {
+  it('validate that CANONICALIZE_HOST_NAME can be passed in', async function () {
     const client = new MongoClient(
       `${krb5Uri}&authMechanismProperties=SERVICE_NAME:mongodb,CANONICALIZE_HOST_NAME:true&maxPoolSize=1`
     );
-    client.connect(function (err, client) {
-      expect(err).to.not.exist;
-      verifyKerberosAuthentication(client, done);
+    await client.connect();
+    verifyKerberosAuthentication(client, done);
     });
   });
 

From 44abf042a754a46542193703d8c4dc79b083ff53 Mon Sep 17 00:00:00 2001
From: Durran Jordan <durran@gmail.com>
Date: Fri, 4 Feb 2022 14:38:13 +0100
Subject: [PATCH 05/10] fix(NODE-3351): fix lint errors and missing callback

---
 test/manual/kerberos.test.js | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/test/manual/kerberos.test.js b/test/manual/kerberos.test.js
index ee7d347c7b..f792a7f8a2 100644
--- a/test/manual/kerberos.test.js
+++ b/test/manual/kerberos.test.js
@@ -51,12 +51,13 @@ describe('Kerberos', function () {
     });
   });
 
-  it('validate that CANONICALIZE_HOST_NAME can be passed in', async function () {
+  it('validate that CANONICALIZE_HOST_NAME can be passed in', function (done) {
     const client = new MongoClient(
       `${krb5Uri}&authMechanismProperties=SERVICE_NAME:mongodb,CANONICALIZE_HOST_NAME:true&maxPoolSize=1`
     );
-    await client.connect();
-    verifyKerberosAuthentication(client, done);
+    client.connect(function (err, client) {
+      if (err) return done(err);
+      verifyKerberosAuthentication(client, done);
     });
   });
 

From bd4552224382ff5236264fa88663f5c557d063e3 Mon Sep 17 00:00:00 2001
From: Durran Jordan <durran@gmail.com>
Date: Tue, 8 Feb 2022 14:48:21 +0100
Subject: [PATCH 06/10] test(NODE-3351): accept gssapiCanonicalizeHostName

---
 src/cmap/auth/mongo_credentials.ts |  5 +++++
 test/manual/kerberos.test.js       | 24 ++++++++++++++++++++++++
 2 files changed, 29 insertions(+)

diff --git a/src/cmap/auth/mongo_credentials.ts b/src/cmap/auth/mongo_credentials.ts
index 6f0e453ed3..096f2180da 100644
--- a/src/cmap/auth/mongo_credentials.ts
+++ b/src/cmap/auth/mongo_credentials.ts
@@ -89,6 +89,11 @@ export class MongoCredentials {
       }
     }
 
+    if ('gssapiCanonicalizeHostName' in this.mechanismProperties) {
+      this.mechanismProperties.CANONICALIZE_HOST_NAME =
+        this.mechanismProperties.gssapiCanonicalizeHostName;
+    }
+
     Object.freeze(this.mechanismProperties);
     Object.freeze(this);
   }
diff --git a/test/manual/kerberos.test.js b/test/manual/kerberos.test.js
index f792a7f8a2..45b8f59add 100644
--- a/test/manual/kerberos.test.js
+++ b/test/manual/kerberos.test.js
@@ -1,6 +1,8 @@
 'use strict';
 const { MongoClient } = require('../../src');
 const chai = require('chai');
+const sinon = require('sinon');
+const dns = require('dns');
 
 const expect = chai.expect;
 
@@ -23,6 +25,16 @@ function verifyKerberosAuthentication(client, done) {
 }
 
 describe('Kerberos', function () {
+  const sandbox = sinon.createSandbox();
+
+  beforeEach(function () {
+    sandbox.spy(dns);
+  });
+
+  afterEach(function () {
+    sandbox.restore();
+  });
+
   if (process.env.MONGODB_URI == null) {
     console.error('skipping Kerberos tests, MONGODB_URI environment variable is not defined');
     return;
@@ -51,12 +63,24 @@ describe('Kerberos', function () {
     });
   });
 
+  it('validate that gssapiCanonicalizeHostName can be passed in', function (done) {
+    const client = new MongoClient(
+      `${krb5Uri}&authMechanismProperties=SERVICE_NAME:mongodb,gssapiCanonicalizeHostName:true&maxPoolSize=1`
+    );
+    client.connect(function (err, client) {
+      if (err) return done(err);
+      expect(dns.resolveCname.calledOnce);
+      verifyKerberosAuthentication(client, done);
+    });
+  });
+
   it('validate that CANONICALIZE_HOST_NAME can be passed in', function (done) {
     const client = new MongoClient(
       `${krb5Uri}&authMechanismProperties=SERVICE_NAME:mongodb,CANONICALIZE_HOST_NAME:true&maxPoolSize=1`
     );
     client.connect(function (err, client) {
       if (err) return done(err);
+      expect(dns.resolveCname.calledOnce);
       verifyKerberosAuthentication(client, done);
     });
   });

From 31ca7871865b1c28f5789f4ac842f0ad390846cb Mon Sep 17 00:00:00 2001
From: Durran Jordan <durran@gmail.com>
Date: Tue, 8 Feb 2022 15:25:29 +0100
Subject: [PATCH 07/10] fix(NODE-3351): mark gssapiCanonicalizeHostName as
 deprecated

---
 src/cmap/auth/gssapi.ts | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/cmap/auth/gssapi.ts b/src/cmap/auth/gssapi.ts
index edf1e24af3..c55acacb07 100644
--- a/src/cmap/auth/gssapi.ts
+++ b/src/cmap/auth/gssapi.ts
@@ -13,6 +13,8 @@ import { Callback, ns } from '../../utils';
 import { AuthContext, AuthProvider } from './auth_provider';
 
 type MechanismProperties = {
+  /** @deprecated use `CANONICALIZE_HOST_NAME` instead */
+  gssapiCanonicalizeHostName?: boolean;
   CANONICALIZE_HOST_NAME?: boolean;
   SERVICE_NAME?: string;
   SERVICE_REALM?: string;

From 047321823ea1e5a8d55e8e25faa17c96cb0e6fde Mon Sep 17 00:00:00 2001
From: Durran Jordan <durran@gmail.com>
Date: Tue, 8 Feb 2022 15:54:59 +0100
Subject: [PATCH 08/10] feat(NODE-3777): emit deprecation warning

---
 src/cmap/auth/mongo_credentials.ts | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/cmap/auth/mongo_credentials.ts b/src/cmap/auth/mongo_credentials.ts
index 096f2180da..d974333bdd 100644
--- a/src/cmap/auth/mongo_credentials.ts
+++ b/src/cmap/auth/mongo_credentials.ts
@@ -1,7 +1,7 @@
 // Resolves the default auth mechanism according to
-
 import type { Document } from '../../bson';
 import { MongoAPIError, MongoMissingCredentialsError } from '../../error';
+import { emitWarningOnce } from '../../utils';
 import { AUTH_MECHS_AUTH_SRC_EXTERNAL, AuthMechanism } from './providers';
 
 // https://github.com/mongodb/specifications/blob/master/source/auth/auth.rst
@@ -90,6 +90,9 @@ export class MongoCredentials {
     }
 
     if ('gssapiCanonicalizeHostName' in this.mechanismProperties) {
+      emitWarningOnce(
+        'gssapiCanonicalizeHostName is deprecated. Please use CANONICALIZE_HOST_NAME instead.'
+      );
       this.mechanismProperties.CANONICALIZE_HOST_NAME =
         this.mechanismProperties.gssapiCanonicalizeHostName;
     }

From a62b1f45dea99180b50184c847a4e3287137ceb4 Mon Sep 17 00:00:00 2001
From: Durran Jordan <durran@gmail.com>
Date: Tue, 8 Feb 2022 18:06:35 +0100
Subject: [PATCH 09/10] test(NODE-3351): update assertion

---
 test/manual/kerberos.test.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/test/manual/kerberos.test.js b/test/manual/kerberos.test.js
index 45b8f59add..e568849afe 100644
--- a/test/manual/kerberos.test.js
+++ b/test/manual/kerberos.test.js
@@ -69,7 +69,7 @@ describe('Kerberos', function () {
     );
     client.connect(function (err, client) {
       if (err) return done(err);
-      expect(dns.resolveCname.calledOnce);
+      expect(dns.resolveCname.calledOnce).to.be.true;
       verifyKerberosAuthentication(client, done);
     });
   });
@@ -80,7 +80,7 @@ describe('Kerberos', function () {
     );
     client.connect(function (err, client) {
       if (err) return done(err);
-      expect(dns.resolveCname.calledOnce);
+      expect(dns.resolveCname.calledOnce).to.be.true;
       verifyKerberosAuthentication(client, done);
     });
   });

From 03fdd526ddbfccae3672ee72f6841bb8f3daad46 Mon Sep 17 00:00:00 2001
From: Durran Jordan <durran@gmail.com>
Date: Tue, 8 Feb 2022 18:25:19 +0100
Subject: [PATCH 10/10] test(NODE-3777): update calledOnce syntax

---
 test/manual/kerberos.test.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/test/manual/kerberos.test.js b/test/manual/kerberos.test.js
index e568849afe..b03fc7a1e6 100644
--- a/test/manual/kerberos.test.js
+++ b/test/manual/kerberos.test.js
@@ -5,6 +5,7 @@ const sinon = require('sinon');
 const dns = require('dns');
 
 const expect = chai.expect;
+chai.use(require('sinon-chai'));
 
 function verifyKerberosAuthentication(client, done) {
   client
@@ -69,7 +70,7 @@ describe('Kerberos', function () {
     );
     client.connect(function (err, client) {
       if (err) return done(err);
-      expect(dns.resolveCname.calledOnce).to.be.true;
+      expect(dns.resolveCname).to.be.calledOnce;
       verifyKerberosAuthentication(client, done);
     });
   });
@@ -80,7 +81,7 @@ describe('Kerberos', function () {
     );
     client.connect(function (err, client) {
       if (err) return done(err);
-      expect(dns.resolveCname.calledOnce).to.be.true;
+      expect(dns.resolveCname).to.be.calledOnce;
       verifyKerberosAuthentication(client, done);
     });
   });