CSHARP-2116: Implement auth tests

Author: MikalaiMazurenka

src/MongoDB.Driver/MongoCredential.cs

@@ -16,7 +16,6 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
-using System.Runtime.InteropServices;
 using System.Security;
 using MongoDB.Driver.Core.Authentication;
 using MongoDB.Shared;
@@ -165,7 +164,9 @@ public string Username
         /// <returns>A default credential.</returns>
         public static MongoCredential CreateCredential(string databaseName, string username, string password)
         {
-            return FromComponents(null,
+            return FromComponents(
+                mechanism: null,
+                source: null,
                 databaseName,
                 username,
                 new PasswordEvidence(password));
@@ -186,7 +187,9 @@ public static MongoCredential CreateCredential(string databaseName, string usern
         /// <returns>A default credential.</returns>
         public static MongoCredential CreateCredential(string databaseName, string username, SecureString password)
         {
-            return FromComponents(null,
+            return FromComponents(
+                mechanism: null,
+                source: null,
                 databaseName,
                 username,
                 new PasswordEvidence(password));
@@ -200,8 +203,10 @@ public static MongoCredential CreateCredential(string databaseName, string usern
         /// <remarks>This overload is used primarily on linux.</remarks>
         public static MongoCredential CreateGssapiCredential(string username)
         {
-            return FromComponents("GSSAPI",
-                "$external",
+            return FromComponents(
+                mechanism: "GSSAPI",
+                source: "$external",
+                databaseName: null,
                 username,
                 new ExternalEvidence());
         }
@@ -214,8 +219,10 @@ public static MongoCredential CreateGssapiCredential(string username)
         /// <returns>A credential for GSSAPI.</returns>
         public static MongoCredential CreateGssapiCredential(string username, string password)
         {
-            return FromComponents("GSSAPI",
-                "$external",
+            return FromComponents(
+                mechanism: "GSSAPI",
+                source: "$external",
+                databaseName: null,
                 username,
                 new PasswordEvidence(password));
         }
@@ -228,8 +235,10 @@ public static MongoCredential CreateGssapiCredential(string username, string pas
         /// <returns>A credential for GSSAPI.</returns>
         public static MongoCredential CreateGssapiCredential(string username, SecureString password)
         {
-            return FromComponents("GSSAPI",
-                "$external",
+            return FromComponents(
+                mechanism: "GSSAPI",
+                source: "$external",
+                databaseName: null,
                 username,
                 new PasswordEvidence(password));
         }
@@ -244,7 +253,9 @@ public static MongoCredential CreateGssapiCredential(string username, SecureStri
         [Obsolete("MONGODB-CR was replaced by SCRAM-SHA-1 in MongoDB 3.0, and is now deprecated.")]
         public static MongoCredential CreateMongoCRCredential(string databaseName, string username, string password)
         {
-            return FromComponents("MONGODB-CR",
+            return FromComponents(
+                mechanism: "MONGODB-CR",
+                source: null,
                 databaseName,
                 username,
                 new PasswordEvidence(password));
@@ -260,7 +271,9 @@ public static MongoCredential CreateMongoCRCredential(string databaseName, strin
         [Obsolete("MONGODB-CR was replaced by SCRAM-SHA-1 in MongoDB 3.0, and is now deprecated.")]
         public static MongoCredential CreateMongoCRCredential(string databaseName, string username, SecureString password)
         {
-            return FromComponents("MONGODB-CR",
+            return FromComponents(
+                mechanism: "MONGODB-CR",
+                source: null,
                 databaseName,
                 username,
                 new PasswordEvidence(password));
@@ -273,8 +286,10 @@ public static MongoCredential CreateMongoCRCredential(string databaseName, strin
         /// <returns>A credential for MONGODB-X509.</returns>
         public static MongoCredential CreateMongoX509Credential(string username)
         {
-            return FromComponents("MONGODB-X509",
-                "$external",
+            return FromComponents(
+                mechanism: "MONGODB-X509",
+                source: "$external",
+                databaseName: null,
                 username,
                 new ExternalEvidence());
         }
@@ -288,7 +303,9 @@ public static MongoCredential CreateMongoX509Credential(string username)
         /// <returns>A credential for PLAIN.</returns>
         public static MongoCredential CreatePlainCredential(string databaseName, string username, string password)
         {
-            return FromComponents("PLAIN",
+            return FromComponents(
+                mechanism: "PLAIN",
+                source: null,
                 databaseName,
                 username,
                 new PasswordEvidence(password));
@@ -303,7 +320,9 @@ public static MongoCredential CreatePlainCredential(string databaseName, string
         /// <returns>A credential for PLAIN.</returns>
         public static MongoCredential CreatePlainCredential(string databaseName, string username, SecureString password)
         {
-            return FromComponents("PLAIN",
+            return FromComponents(
+                mechanism: "PLAIN",
+                source: null,
                 databaseName,
                 username,
                 new PasswordEvidence(password));
@@ -452,9 +471,14 @@ internal IAuthenticator ToAuthenticator()
 
         // internal static methods
         internal static MongoCredential FromComponents(string mechanism, string source, string username, string password)
+        {
+            return FromComponents(mechanism, source, databaseName: null, username, password);
+        }
+
+        internal static MongoCredential FromComponents(string mechanism, string source, string databaseName, string username, string password)
         {
             var evidence = password == null ? (MongoIdentityEvidence)new ExternalEvidence() : new PasswordEvidence(password);
-            return FromComponents(mechanism, source, username, evidence);
+            return FromComponents(mechanism, source, databaseName, username, evidence);
         }
 
         // private methods
@@ -471,7 +495,15 @@ private void ValidatePassword(string password)
         }
 
         // private static methods
-        private static MongoCredential FromComponents(string mechanism, string source, string username, MongoIdentityEvidence evidence)
+        private static void EnsureNullOrExternalSource(string mechanism, string source)
+        {
+            if (source != null && source != "$external")
+            {
+                throw new ArgumentException($"A {mechanism} source must be $external.", nameof(source));
+            }
+        }
+
+        private static MongoCredential FromComponents(string mechanism, string source, string databaseName, string username, MongoIdentityEvidence evidence)
         {
             var defaultedMechanism = (mechanism ?? "DEFAULT").Trim().ToUpperInvariant();
             switch (defaultedMechanism)
@@ -481,7 +513,7 @@ private static MongoCredential FromComponents(string mechanism, string source, s
                 case "SCRAM-SHA-1":
                 case "SCRAM-SHA-256":
                     // it is allowed for a password to be an empty string, but not a username
-                    source = source ?? "admin";
+                    source = source ?? databaseName ?? "admin";
                     if (evidence == null || !(evidence is PasswordEvidence))
                     {
                         var message = string.Format("A {0} credential must have a password.", defaultedMechanism);
@@ -493,8 +525,8 @@ private static MongoCredential FromComponents(string mechanism, string source, s
                         new MongoInternalIdentity(source, username),
                         evidence);
                 case "MONGODB-X509":
-                    // always $external for X509.  
-                    source = "$external";
+                    // MUST be "$external". Defaults to $external.
+                    EnsureNullOrExternalSource(mechanism, source);
                     if (evidence == null || !(evidence is ExternalEvidence))
                     {
                         throw new ArgumentException("A MONGODB-X509 does not support a password.");
@@ -505,15 +537,15 @@ private static MongoCredential FromComponents(string mechanism, string source, s
                         new MongoX509Identity(username),
                         evidence);
                 case "GSSAPI":
-                    // always $external for GSSAPI.  
-                    source = "$external";
+                    // MUST be "$external". Defaults to $external.
+                    EnsureNullOrExternalSource(mechanism, source);
 
                     return new MongoCredential(
-                        "GSSAPI",
-                        new MongoExternalIdentity(source, username),
+                        mechanism,
+                        new MongoExternalIdentity(username),
                         evidence);
                 case "PLAIN":
-                    source = source ?? "admin";
+                    source = source ?? databaseName ?? "$external";
                     if (evidence == null || !(evidence is PasswordEvidence))
                     {
                         throw new ArgumentException("A PLAIN credential must have a password.");
@@ -522,7 +554,7 @@ private static MongoCredential FromComponents(string mechanism, string source, s
                     MongoIdentity identity;
                     if (source == "$external")
                     {
-                        identity = new MongoExternalIdentity(source, username);
+                        identity = new MongoExternalIdentity(username);
                     }
                     else
                     {

src/MongoDB.Driver/MongoUrl.cs

@@ -596,7 +596,8 @@ public MongoCredential GetCredential()
             {
                 return MongoCredential.FromComponents(
                     _authenticationMechanism,
-                    _authenticationSource ?? _databaseName,
+                    _authenticationSource,
+                    _databaseName,
                     _username,
                     _password);
             }

tests/MongoDB.Driver.Tests/Specifications/auth/AuthTestRunner.cs

@@ -0,0 +1,154 @@
+/* Copyright 2018-present MongoDB Inc.
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+using System;
+using FluentAssertions;
+using MongoDB.Bson;
+using MongoDB.Bson.TestHelpers;
+using MongoDB.Bson.TestHelpers.JsonDrivenTests;
+using MongoDB.Bson.TestHelpers.XunitExtensions;
+using MongoDB.Driver.Core.Authentication;
+using Xunit;
+
+namespace MongoDB.Driver.Tests.Specifications.auth
+{
+    public class AuthTestRunner
+    {
+        [SkippableTheory]
+        [ClassData(typeof(TestCaseFactory))]
+        public void RunTestDefinition(JsonDrivenTestCase testCase)
+        {
+            var definition = testCase.Test;
+            JsonDrivenHelper.EnsureAllFieldsAreValid(definition, "description", "uri", "valid", "credential");
+
+            MongoCredential mongoCredential = null;
+            Exception parseException = null;
+            try
+            {
+                var connectionString = (string)definition["uri"];
+                mongoCredential = MongoClientSettings.FromConnectionString(connectionString).Credential;
+            }
+            catch (Exception ex)
+            {
+                parseException = ex;
+            }
+
+            if (parseException == null)
+            {
+                AssertValid(mongoCredential, definition);
+            }
+            else
+            {
+                AssertInvalid(parseException, definition);
+            }
+        }
+
+        private void AssertValid(MongoCredential mongoCredential, BsonDocument definition)
+        {
+            if (!definition["valid"].ToBoolean())
+            {
+                throw new AssertionException($"The connection string '{definition["uri"]}' should be invalid.");
+            }
+
+            var expectedCredential = definition["credential"] as BsonDocument;
+            if (expectedCredential != null)
+            {
+                JsonDrivenHelper.EnsureAllFieldsAreValid(expectedCredential, "username", "password", "source", "mechanism", "mechanism_properties");
+                mongoCredential.Username.Should().Be(ValueToString(expectedCredential["username"]));
+#pragma warning disable 618
+                mongoCredential.Password.Should().Be(ValueToString(expectedCredential["password"]));
+#pragma warning restore 618
+                mongoCredential.Source.Should().Be(ValueToString(expectedCredential["source"]));
+                mongoCredential.Mechanism.Should().Be(ValueToString(expectedCredential["mechanism"]));
+
+                var authenticator = mongoCredential.ToAuthenticator();
+                if (authenticator is GssapiAuthenticator gssapiAuthenticator)
+                {
+                    expectedCredential.TryGetValue("mechanism_properties", out var expectedMechanismProperties);
+                    if (expectedMechanismProperties.IsBsonNull)
+                    {
+                        var serviceName = gssapiAuthenticator._mechanism_serviceName();
+                        serviceName.Should().Be("mongodb"); // The default is "mongodb".
+                        var canonicalizeHostName = gssapiAuthenticator._mechanism_canonicalizeHostName();
+                        canonicalizeHostName.Should().BeFalse(); // The default is "false".
+                    }
+                    else
+                    {
+                        foreach (var expectedMechanismProperty in expectedMechanismProperties.AsBsonDocument)
+                        {
+                            var mechanismName = expectedMechanismProperty.Name;
+                            switch (mechanismName)
+                            {
+                                case "SERVICE_NAME":
+                                    var serviceName = gssapiAuthenticator._mechanism_serviceName();
+                                    serviceName.Should().Be(ValueToString(expectedMechanismProperty.Value));
+                                    break;
+                                case "CANONICALIZE_HOST_NAME":
+                                    var canonicalizeHostName = gssapiAuthenticator._mechanism_canonicalizeHostName();
+                                    canonicalizeHostName.Should().Be(expectedMechanismProperty.Value.ToBoolean());
+                                    break;
+                                default:
+                                    throw new Exception($"Invalid mechanism property '{mechanismName}'.");
+                            }
+                        }
+                    }
+                }
+                else
+                {
+                    // Other authenticators do not contain mechanism properties
+                }
+            }
+        }
+
+        private void AssertInvalid(Exception ex, BsonDocument definition)
+        {
+            if (definition["valid"].ToBoolean())
+            {
+                throw new AssertionException($"The connection string '{definition["uri"]}' should be valid.", ex);
+            }
+        }
+
+        private string ValueToString(BsonValue value)
+        {
+            return value == BsonNull.Value ? null : value.ToString();
+        }
+
+        // nested types
+        private class TestCaseFactory : JsonDrivenTestCaseFactory
+        {
+            protected override string PathPrefix => "MongoDB.Driver.Tests.Specifications.auth.tests.";
+        }
+    }
+
+    internal static class GssapiAuthenticatorReflector
+    {
+        public static bool _mechanism_canonicalizeHostName(this GssapiAuthenticator obj)
+        {
+            var mechanism = _mechanism(obj);
+            return (bool)Reflector.GetFieldValue(mechanism, "_canonicalizeHostName");
+        }
+
+        public static string _mechanism_serviceName(this GssapiAuthenticator obj)
+        {
+            var mechanism = _mechanism(obj);
+            return (string)Reflector.GetFieldValue(mechanism, "_serviceName");
+        }
+
+        private static object _mechanism(GssapiAuthenticator obj)
+        {
+            return Reflector.GetFieldValue(obj, nameof(_mechanism));
+        }
+    }
+}