CSHARP-4675: Ignore __safecontent__ field in deserialization (#1150)

Author: BorisDog

src/MongoDB.Bson/Serialization/Serializers/BsonClassMapSerializer.cs

@@ -199,6 +199,13 @@ public TClass DeserializeClass(BsonDeserializationContext context)
                         continue;
                     }
 
+                    // In QE server returns __safeContent__ fields, which should be skipped over.
+                    if (elementName == "__safeContent__")
+                    {
+                        bsonReader.SkipValue(); // skip over unwanted element
+                        continue;
+                    }
+
                     if (extraElementsMemberMapIndex >= 0)
                     {
                         var extraElementsMemberMap = _classMap.ExtraElementsMemberMap;

tests/MongoDB.Bson.Tests/Jira/CSharp4675Tests.cs

@@ -0,0 +1,37 @@
+/* Copyright 2010-present MongoDB Inc.
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+using FluentAssertions;
+using MongoDB.Bson.Serialization;
+using Xunit;
+
+namespace MongoDB.Bson.Tests.Jira
+{
+    public class CSharp4675Tests
+    {
+        public class A
+        {
+            public int X { get; set; }
+        }
+
+        [Fact]
+        public void SafeContent_element_should_be_ignored()
+        {
+            var subject = BsonSerializer.Deserialize<A>("{ X : 1, \"__safeContent__\": [] }");
+
+            subject.X.Should().Be(1);
+        }
+    }
+}

tests/MongoDB.Driver.Tests/Specifications/client-side-encryption/prose-tests/ClientEncryptionProseTests.cs

@@ -148,7 +148,7 @@ void RunTestCase(int testCase)
                        case 4: // Case 4: Insert encrypted value
                             {
                                 var createCollectionOptions = new CreateCollectionOptions { EncryptedFields = encryptedFields };
-                                var collection = CreateEncryptedCollection(client, clientEncryption, __collCollectionNamespace, createCollectionOptions, kmsProvider, async, out var effectiveEncryptedFields);
+                                var collection = CreateEncryptedCollection<BsonDocument>(client, clientEncryption, __collCollectionNamespace, createCollectionOptions, kmsProvider, async, out var effectiveEncryptedFields);
                                 var dataKey = effectiveEncryptedFields["fields"].AsBsonArray[0].AsBsonDocument["keyId"].AsGuid; // get generated datakey
                                 var encryptedValue = ExplicitEncrypt(clientEncryption, new EncryptOptions(algorithm: EncryptionAlgorithm.Unindexed, keyId: dataKey), "123-45-6789", async); // use explicit encryption to encrypt data before inserting
                                 Insert(collection, async, new BsonDocument("ssn", encryptedValue));
@@ -486,6 +486,43 @@ DisposableMongoClient EnsureEnvironmentAndConfigureTestClientEncrypted()
             }
         }
 
+        [Fact]
+        public void ConcreteTypeDeserializationTest()
+        {
+            RequireServer.Check().Supports(Feature.Csfle2QEv2).ClusterTypes(ClusterType.ReplicaSet, ClusterType.Sharded, ClusterType.LoadBalanced);
+
+            using var client = ConfigureClient(keyVaultNamespace: __keyVaultCollectionNamespace, kmsProviders: EncryptionTestHelper.GetKmsProviders("local"));
+            using var clientEncryption = ConfigureClientEncryption(client, kmsProviderFilter: "local");
+
+            var datakeysCollection = GetCollection(client, __keyVaultCollectionNamespace);
+            var externalKey = JsonFileReader.Instance.Documents["external.external-key.json"];
+            datakeysCollection.InsertOne(externalKey);
+
+            var encryptedFields = new BsonDocument
+                {
+                    {
+                        "fields", new BsonArray
+                        {
+                            new BsonDocument
+                            {
+                                { "keyId", externalKey["_id"].AsBsonBinaryData },
+                                { "path", "Ssn" },
+                                { "bsonType", "string" },
+                                { "queries", new BsonDocument("queryType", "equality") }
+                            },
+                        }
+                    }
+                };
+
+            var collection = CreateEncryptedCollection<Patient>(client, clientEncryption, __collCollectionNamespace, encryptedFields, "local", false, out _);
+
+            var patient = new Patient() { Name = "Name", Ssn = "14159265359" };
+            collection.InsertOne(patient);
+
+            var deserializedPatient = collection.Find(FilterDefinition<Patient>.Empty).ToList().Single();
+            deserializedPatient.Ssn.Should().Be(patient.Ssn);
+        }
+
         [Theory]
         [ParameterAttributeData]
         public void CorpusTest(
@@ -2485,9 +2522,11 @@ private DisposableMongoClient ConfigureClient(
             WriteConcern writeConcern = null,
             ReadConcern readConcern = null,
             CollectionNamespace mainCollectionNamespace = null,
-            BsonDocument encryptedFields = null)
+            BsonDocument encryptedFields = null,
+            CollectionNamespace keyVaultNamespace = null,
+            IReadOnlyDictionary<string, IReadOnlyDictionary<string, object>> kmsProviders = null)
         {
-            var client = CreateMongoClient(maxPoolSize: maxPoolSize, writeConcern: writeConcern, readConcern: readConcern);
+            var client = CreateMongoClient(maxPoolSize: maxPoolSize, writeConcern: writeConcern, readConcern: readConcern, keyVaultNamespace: keyVaultNamespace, kmsProviders: kmsProviders);
             if (clearCollections)
             {
                 var clientKeyVaultDatabase = client.GetDatabase(__keyVaultCollectionNamespace.DatabaseNamespace.DatabaseName);
@@ -2636,10 +2675,16 @@ private void CreateCollection(IMongoClient client, CollectionNamespace collectio
         private IMongoCollection<BsonDocument> CreateEncryptedCollection(IMongoClient client, ClientEncryption clientEncryption, CollectionNamespace collectionNamespace, BsonDocument encryptedFields, string kmsProvider, bool async, out BsonDocument effectiveEncryptedFields)
         {
             var createCollectionOptions = new CreateCollectionOptions { EncryptedFields = encryptedFields };
-            return CreateEncryptedCollection(client, clientEncryption, collectionNamespace, createCollectionOptions, kmsProvider, async, out effectiveEncryptedFields);
+            return CreateEncryptedCollection<BsonDocument>(client, clientEncryption, collectionNamespace, createCollectionOptions, kmsProvider, async, out effectiveEncryptedFields);
         }
 
-        private IMongoCollection<BsonDocument> CreateEncryptedCollection(IMongoClient client, ClientEncryption clientEncryption, CollectionNamespace collectionNamespace, CreateCollectionOptions createCollectionOptions, string kmsProvider, bool async, out BsonDocument effectiveEncryptedFields)
+        private IMongoCollection<T> CreateEncryptedCollection<T>(IMongoClient client, ClientEncryption clientEncryption, CollectionNamespace collectionNamespace, BsonDocument encryptedFields, string kmsProvider, bool async, out BsonDocument effectiveEncryptedFields)
+        {
+            var createCollectionOptions = new CreateCollectionOptions { EncryptedFields = encryptedFields };
+            return CreateEncryptedCollection<T>(client, clientEncryption, collectionNamespace, createCollectionOptions, kmsProvider, async, out effectiveEncryptedFields);
+        }
+
+        private IMongoCollection<T> CreateEncryptedCollection<T>(IMongoClient client, ClientEncryption clientEncryption, CollectionNamespace collectionNamespace, CreateCollectionOptions createCollectionOptions, string kmsProvider, bool async, out BsonDocument effectiveEncryptedFields)
         {
             var datakeyOptions = CreateDataKeyOptions(kmsProvider, alternateKeyNames: null);
             var database = client.GetDatabase(collectionNamespace.DatabaseNamespace.DatabaseName);
@@ -2651,7 +2696,7 @@ private IMongoCollection<BsonDocument> CreateEncryptedCollection(IMongoClient cl
 
             effectiveEncryptedFields = result.EncryptedFields;
 
-            return client.GetDatabase(collectionNamespace.DatabaseNamespace.DatabaseName).GetCollection<BsonDocument>(collectionNamespace.CollectionName);
+            return client.GetDatabase(collectionNamespace.DatabaseNamespace.DatabaseName).GetCollection<T>(collectionNamespace.CollectionName);
         }
 
         private Guid CreateDataKey(
@@ -3090,6 +3135,13 @@ public Task<string> GetHttpContentAsync(HttpRequestMessage request, string excep
                 return _httpClientWrapper.GetHttpContentAsync(request, exceptionMessage, cancellationToken);
             }
         }
+
+        private class Patient
+        {
+            public ObjectId Id { get; set; }
+            public string Name { get; set; }
+            public string Ssn { get; set; }
+        }
     }
 
     public static class ClientEncryptionOptionsReflector