DI sasl prep and handle non-function value

mongodb · Jun 15, 2023 · b1e90dc · b1e90dc
1 parent dc068ac
commit b1e90dc
Showing 1 changed file with 15 additions and 8 deletions.
diff --git a/src/cmap/auth/scram.ts b/src/cmap/auth/scram.ts
@@ -19,7 +19,7 @@ type CryptoMethod = 'sha1' | 'sha256';
 class ScramSHA extends AuthProvider {
   cryptoMethod: CryptoMethod;
   randomBytesAsync: (size: number) => Promise<Buffer>;
-  constructor(cryptoMethod: CryptoMethod) {
+  constructor(cryptoMethod: CryptoMethod, private saslPrep: typeof saslprep = saslprep) {
     super();
     this.cryptoMethod = cryptoMethod || 'sha1';
     this.randomBytesAsync = promisify(crypto.randomBytes);
@@ -34,7 +34,7 @@ class ScramSHA extends AuthProvider {
     if (!credentials) {
       throw new MongoMissingCredentialsError('AuthContext must provide credentials.');
     }
-    if (cryptoMethod === 'sha256' && saslprep == null) {
+    if (cryptoMethod === 'sha256' && this.saslPrep == null) {
       emitWarning('Warning: no saslprep library specified. Passwords will not be sanitized');
     }
 
@@ -59,10 +59,11 @@ class ScramSHA extends AuthProvider {
       return continueScramConversation(
         this.cryptoMethod,
         response.speculativeAuthenticate,
-        authContext
+        authContext,
+        this.saslPrep
       );
     }
-    return executeScram(this.cryptoMethod, authContext);
+    return executeScram(this.cryptoMethod, authContext, this.saslPrep);
   }
 }
 
@@ -103,7 +104,11 @@ function makeFirstMessage(
   };
 }
 
-async function executeScram(cryptoMethod: CryptoMethod, authContext: AuthContext): Promise<void> {
+async function executeScram(
+  cryptoMethod: CryptoMethod,
+  authContext: AuthContext,
+  saslPrep: typeof saslprep
+): Promise<void> {
   const { connection, credentials } = authContext;
   if (!credentials) {
     throw new MongoMissingCredentialsError('AuthContext must provide credentials.');
@@ -116,13 +121,14 @@ async function executeScram(cryptoMethod: CryptoMethod, authContext: AuthContext
 
   const saslStartCmd = makeFirstMessage(cryptoMethod, credentials, nonce);
   const response = await connection.commandAsync(ns(`${db}.$cmd`), saslStartCmd, undefined);
-  await continueScramConversation(cryptoMethod, response, authContext);
+  await continueScramConversation(cryptoMethod, response, authContext, saslPrep);
 }
 
 async function continueScramConversation(
   cryptoMethod: CryptoMethod,
   response: Document,
-  authContext: AuthContext
+  authContext: AuthContext,
+  saslPrep: typeof saslprep
 ): Promise<void> {
   const connection = authContext.connection;
   const credentials = authContext.credentials;
@@ -140,7 +146,8 @@ async function continueScramConversation(
 
   let processedPassword;
   if (cryptoMethod === 'sha256') {
-    processedPassword = 'kModuleError' in saslprep ? password : saslprep(password);
+    processedPassword =
+      'kModuleError' in saslPrep || typeof saslPrep !== 'function' ? password : saslPrep(password);
   } else {
     processedPassword = passwordDigest(username, password);
   }