fix: Auth mechanism use consolidation

Author: nbbeeken

src/cmap/auth/mongo_credentials.ts

@@ -1,7 +1,6 @@
 // Resolves the default auth mechanism according to
 
 import type { Document } from '../../bson';
-import { MongoParseError } from '../../error';
 import { AuthMechanismId, AuthMechanism } from './defaultAuthProviders';
 
 // https://github.com/mongodb/specifications/blob/master/source/auth/auth.rst
@@ -10,7 +9,7 @@ function getDefaultAuthMechanism(ismaster?: Document): AuthMechanismId {
     // If ismaster contains saslSupportedMechs, use scram-sha-256
     // if it is available, else scram-sha-1
     if (Array.isArray(ismaster.saslSupportedMechs)) {
-      return ismaster.saslSupportedMechs.indexOf('SCRAM-SHA-256') >= 0
+      return ismaster.saslSupportedMechs.includes(AuthMechanism.MONGODB_SCRAM_SHA256)
         ? AuthMechanism.MONGODB_SCRAM_SHA256
         : AuthMechanism.MONGODB_SCRAM_SHA1;
     }
@@ -112,34 +111,34 @@ export class MongoCredentials {
 
   validate(): void {
     if (
-      (this.mechanism === 'GSSAPI' ||
-        this.mechanism === 'MONGODB-CR' ||
-        this.mechanism === 'PLAIN' ||
-        this.mechanism === 'SCRAM-SHA-1' ||
-        this.mechanism === 'SCRAM-SHA-256') &&
+      (this.mechanism === AuthMechanism.MONGODB_GSSAPI ||
+        this.mechanism === AuthMechanism.MONGODB_CR ||
+        this.mechanism === AuthMechanism.MONGODB_PLAIN ||
+        this.mechanism === AuthMechanism.MONGODB_SCRAM_SHA1 ||
+        this.mechanism === AuthMechanism.MONGODB_SCRAM_SHA256) &&
       !this.username
     ) {
-      throw new MongoParseError(`Username required for mechanism '${this.mechanism}'`);
+      throw new TypeError(`Username required for mechanism '${this.mechanism}'`);
     }
 
     if (
-      this.mechanism === 'GSSAPI' ||
-      this.mechanism === 'MONGODB-AWS' ||
-      this.mechanism === 'MONGODB-X509'
+      this.mechanism === AuthMechanism.MONGODB_GSSAPI ||
+      this.mechanism === AuthMechanism.MONGODB_AWS ||
+      this.mechanism === AuthMechanism.MONGODB_X509
     ) {
       if (this.source != null && this.source !== '$external') {
-        throw new MongoParseError(
+        throw new TypeError(
           `Invalid source '${this.source}' for mechanism '${this.mechanism}' specified.`
         );
       }
     }
 
-    if (this.mechanism === 'PLAIN' && this.source == null) {
-      throw new MongoParseError('PLAIN Authentication Mechanism needs an auth source');
+    if (this.mechanism === AuthMechanism.MONGODB_PLAIN && this.source == null) {
+      throw new TypeError('PLAIN Authentication Mechanism needs an auth source');
     }
 
-    if (this.mechanism === 'MONGODB-X509' && this.password != null) {
-      throw new MongoParseError(`Password not allowed for mechanism MONGODB-X509`);
+    if (this.mechanism === AuthMechanism.MONGODB_X509 && this.password != null) {
+      throw new TypeError(`Password not allowed for mechanism MONGODB-X509`);
     }
   }
 }

src/cmap/auth/scram.ts

@@ -7,6 +7,7 @@ import type { MongoCredentials } from './mongo_credentials';
 import type { HandshakeDocument } from '../connect';
 
 import { saslprep } from '../../deps';
+import { AuthMechanism } from './defaultAuthProviders';
 
 type CryptoMethod = 'sha1' | 'sha256';
 
@@ -83,7 +84,8 @@ function makeFirstMessage(
   nonce: Buffer
 ) {
   const username = cleanUsername(credentials.username);
-  const mechanism = cryptoMethod === 'sha1' ? 'SCRAM-SHA-1' : 'SCRAM-SHA-256';
+  const mechanism =
+    cryptoMethod === 'sha1' ? AuthMechanism.MONGODB_SCRAM_SHA1 : AuthMechanism.MONGODB_SCRAM_SHA256;
 
   // NOTE: This is done b/c Javascript uses UTF-16, but the server is hashing in UTF-8.
   // Since the username is not sasl-prep-d, we need to do this here.

src/connection_string.ts

@@ -182,17 +182,7 @@ const BOOLEAN_OPTIONS = new Set([
 const STRING_OPTIONS = new Set(['authsource', 'replicaset']);
 
 // Supported text representations of auth mechanisms
-// NOTE: this list exists in native already, if it is merged here we should deduplicate
-const AUTH_MECHANISMS = new Set([
-  'GSSAPI',
-  'MONGODB-AWS',
-  'MONGODB-X509',
-  'MONGODB-CR',
-  'DEFAULT',
-  'SCRAM-SHA-1',
-  'SCRAM-SHA-256',
-  'PLAIN'
-]);
+export const AUTH_MECHANISMS = new Set([...Object.values(AuthMechanism)]);
 
 // Lookup table used to translate normalized (lower-cased) forms of connection string
 // options to their expected camelCase version
@@ -1107,16 +1097,16 @@ export const OPTIONS: Record<keyof MongoClientOptions, OptionDescriptor> = {
       }
       let source = options.credentials.source; // some mechanisms have '$external' as the Auth Source
       if (
-        mechanism === 'PLAIN' ||
-        mechanism === 'GSSAPI' ||
-        mechanism === 'MONGODB-AWS' ||
-        mechanism === 'MONGODB-X509'
+        mechanism === AuthMechanism.MONGODB_PLAIN ||
+        mechanism === AuthMechanism.MONGODB_GSSAPI ||
+        mechanism === AuthMechanism.MONGODB_AWS ||
+        mechanism === AuthMechanism.MONGODB_X509
       ) {
         source = '$external';
       }
 
       let password: string | undefined = options.credentials.password;
-      if (mechanism === 'MONGODB-X509' && password === '') {
+      if (mechanism === AuthMechanism.MONGODB_X509 && password === '') {
         password = undefined;
       }
       return new MongoCredentials({

src/operations/connect.ts

@@ -3,7 +3,7 @@ import { Logger } from '../logger';
 import { ReadPreference } from '../read_preference';
 import { MongoError, AnyError } from '../error';
 import { Topology, TopologyOptions, ServerAddress } from '../sdam/topology';
-import { parseConnectionString } from '../connection_string';
+import { AUTH_MECHANISMS, parseConnectionString } from '../connection_string';
 import { ReadConcern } from '../read_concern';
 import { emitDeprecationWarning, Callback } from '../utils';
 import { CMAP_EVENT_NAMES } from '../cmap/events';
@@ -12,20 +12,9 @@ import * as BSON from '../bson';
 import type { Document } from '../bson';
 import type { MongoClient } from '../mongo_client';
 import { ConnectionOptions, Connection } from '../cmap/connection';
-import type { AuthMechanismId } from '../cmap/auth/defaultAuthProviders';
+import { AuthMechanism, AuthMechanismId } from '../cmap/auth/defaultAuthProviders';
 import { Server } from '../sdam/server';
 
-const VALID_AUTH_MECHANISMS = new Set([
-  'DEFAULT',
-  'PLAIN',
-  'GSSAPI',
-  'MONGODB-CR',
-  'MONGODB-X509',
-  'MONGODB-AWS',
-  'SCRAM-SHA-1',
-  'SCRAM-SHA-256'
-]);
-
 const validOptionNames = [
   'poolSize',
   'ssl',
@@ -461,11 +450,11 @@ function generateCredentials(
   const source = options.authSource || options.authdb || options.dbName;
 
   // authMechanism
-  const authMechanismRaw = options.authMechanism || 'DEFAULT';
+  const authMechanismRaw = options.authMechanism || AuthMechanism.MONGODB_DEFAULT;
   const mechanism = authMechanismRaw.toUpperCase() as AuthMechanismId;
   const mechanismProperties = options.authMechanismProperties;
 
-  if (!VALID_AUTH_MECHANISMS.has(mechanism)) {
+  if (!AUTH_MECHANISMS.has(mechanism)) {
     throw new MongoError(`authentication mechanism ${mechanism} not supported`);
   }