CSHARP-2913: Lift restriction on authSource without credentials

Author: MikalaiMazurenka

src/MongoDB.Driver/MongoUrl.cs

@@ -271,8 +271,7 @@ public bool HasAuthenticationSettings
                 return
                     _username != null ||
                     _password != null ||
-                    _authenticationMechanism != null ||
-                    _authenticationSource != null;
+                    _authenticationMechanism != null;
             }
         }
 

tests/MongoDB.Driver.Tests/Specifications/auth/AuthTestRunner.cs

@@ -65,7 +65,11 @@ private void AssertValid(MongoCredential mongoCredential, BsonDocument definitio
             }
 
             var expectedCredential = definition["credential"] as BsonDocument;
-            if (expectedCredential != null)
+            if (expectedCredential == null)
+            {
+                mongoCredential.Should().BeNull();
+            }
+            else
             {
                 JsonDrivenHelper.EnsureAllFieldsAreValid(expectedCredential, "username", "password", "source", "mechanism", "mechanism_properties");
                 mongoCredential.Username.Should().Be(ValueToString(expectedCredential["username"]));
@@ -75,10 +79,10 @@ private void AssertValid(MongoCredential mongoCredential, BsonDocument definitio
                 mongoCredential.Source.Should().Be(ValueToString(expectedCredential["source"]));
                 mongoCredential.Mechanism.Should().Be(ValueToString(expectedCredential["mechanism"]));
 
-                var authenticator = mongoCredential.ToAuthenticator();
-                if (authenticator is GssapiAuthenticator gssapiAuthenticator)
+                var expectedMechanismProperties = expectedCredential["mechanism_properties"];
+                if (mongoCredential.Mechanism == GssapiAuthenticator.MechanismName)
                 {
-                    expectedCredential.TryGetValue("mechanism_properties", out var expectedMechanismProperties);
+                    var gssapiAuthenticator = (GssapiAuthenticator)mongoCredential.ToAuthenticator();
                     if (expectedMechanismProperties.IsBsonNull)
                     {
                         var serviceName = gssapiAuthenticator._mechanism_serviceName();
@@ -109,7 +113,16 @@ private void AssertValid(MongoCredential mongoCredential, BsonDocument definitio
                 }
                 else
                 {
-                    // Other authenticators do not contain mechanism properties
+                    var actualMechanismProperties = mongoCredential._mechanismProperties();
+                    if (expectedMechanismProperties.IsBsonNull)
+                    {
+                        actualMechanismProperties.Should().BeEmpty();
+                    }
+                    else
+                    {
+                        var authMechanismProperties = new BsonDocument(actualMechanismProperties.Select(kv => new BsonElement(kv.Key, BsonValue.Create(kv.Value))));
+                        authMechanismProperties.Should().BeEquivalentTo(expectedMechanismProperties.AsBsonDocument);
+                    }
                 }
             }
         }
@@ -130,22 +143,7 @@ private string ValueToString(BsonValue value)
         // nested types
         private class TestCaseFactory : JsonDrivenTestCaseFactory
         {
-            #region static
-            private static readonly string[] __ignoredTestNames =
-            {
-                // Auth tests create auth mechanism which this test does not expect. Altering this behavior would break GSSAPI tests.
-                "should recognise the mechanism (MONGODB-AWS)"
-            };
-            #endregion
-
-            // protected properties
             protected override string PathPrefix => "MongoDB.Driver.Tests.Specifications.auth.tests.";
-
-            // protected methods
-            protected override IEnumerable<JsonDrivenTestCase> CreateTestCases(BsonDocument document)
-            {
-                return base.CreateTestCases(document).Where(test => !__ignoredTestNames.Any(ignoredName => test.Name.EndsWith(ignoredName)));
-            }
         }
     }
 
@@ -168,4 +166,12 @@ private static object _mechanism(GssapiAuthenticator obj)
             return Reflector.GetFieldValue(obj, nameof(_mechanism));
         }
     }
+
+    internal static class MongoCredentialReflector
+    {
+        public static Dictionary<string, object> _mechanismProperties(this MongoCredential obj)
+        {
+            return (Dictionary<string, object>)Reflector.GetFieldValue(obj, nameof(_mechanismProperties));
+        }
+    }
 }

tests/MongoDB.Driver.Tests/Specifications/auth/tests/connection-string.json

@@ -216,6 +216,18 @@
         "mechanism_properties": null
       }
     },
+    {
+      "description": "should recognize the mechanism with no username when auth source is explicitly specified (MONGODB-X509)",
+      "uri": "mongodb://localhost/?authMechanism=MONGODB-X509&authSource=$external",
+      "valid": true,
+      "credential": {
+        "username": null,
+        "password": null,
+        "source": "$external",
+        "mechanism": "MONGODB-X509",
+        "mechanism_properties": null
+      }
+    },
     {
       "description": "should throw an exception if supplied a password (MONGODB-X509)",
       "uri": "mongodb://user:password@localhost/?authMechanism=MONGODB-X509",
@@ -362,9 +374,10 @@
       "credential": null
     },
     {
-      "description": "authSource without username is invalid (default mechanism)",
+      "description": "authSource without username doesn't create credential (default mechanism)",
       "uri": "mongodb://localhost/?authSource=foo",
-      "valid": false
+      "valid": true,
+      "credential": null
     },
     {
       "description": "should throw an exception if no username provided (userinfo implies default mechanism)",
@@ -388,6 +401,18 @@
         "mechanism_properties": null
       }
     },
+    {
+      "description": "should recognise the mechanism when auth source is explicitly specified (MONGODB-AWS)",
+      "uri": "mongodb://localhost/?authMechanism=MONGODB-AWS&authSource=$external",
+      "valid": true,
+      "credential": {
+        "username": null,
+        "password": null,
+        "source": "$external",
+        "mechanism": "MONGODB-AWS",
+        "mechanism_properties": null
+      }
+    },
     {
       "description": "should throw an exception if username and no password (MONGODB-AWS)",
       "uri": "mongodb://user@localhost/?authMechanism=MONGODB-AWS",
@@ -421,4 +446,4 @@
       }
     }
   ]
-}
+}

tests/MongoDB.Driver.Tests/Specifications/auth/tests/connection-string.yml

@@ -175,6 +175,16 @@ tests:
             source: "$external"
             mechanism: "MONGODB-X509"
             mechanism_properties: ~
+    -
+        description: "should recognize the mechanism with no username when auth source is explicitly specified (MONGODB-X509)"
+        uri: "mongodb://localhost/?authMechanism=MONGODB-X509&authSource=$external"
+        valid: true
+        credential:
+            username: ~
+            password: ~
+            source: "$external"
+            mechanism: "MONGODB-X509"
+            mechanism_properties: ~
     -
         description: "should throw an exception if supplied a password (MONGODB-X509)"
         uri: "mongodb://user:password@localhost/?authMechanism=MONGODB-X509"
@@ -296,9 +306,10 @@ tests:
         valid: true
         credential: ~
     -
-        description: "authSource without username is invalid (default mechanism)"
+        description: "authSource without username doesn't create credential (default mechanism)"
         uri: "mongodb://localhost/?authSource=foo"
-        valid: false
+        valid: true
+        credential: ~
     -
         description: "should throw an exception if no username provided (userinfo implies default mechanism)"
         uri: "mongodb://@localhost.com/"
@@ -317,6 +328,16 @@ tests:
             source: "$external"
             mechanism: "MONGODB-AWS"
             mechanism_properties: ~
+    -
+        description: "should recognise the mechanism when auth source is explicitly specified (MONGODB-AWS)"
+        uri: "mongodb://localhost/?authMechanism=MONGODB-AWS&authSource=$external"
+        valid: true
+        credential:
+            username: ~
+            password: ~
+            source: "$external"
+            mechanism: "MONGODB-AWS"
+            mechanism_properties: ~
     -
         description: "should throw an exception if username and no password (MONGODB-AWS)"
         uri: "mongodb://user@localhost/?authMechanism=MONGODB-AWS"
@@ -342,4 +363,4 @@ tests:
           source: "$external"
           mechanism: "MONGODB-AWS"
           mechanism_properties:
-              AWS_SESSION_TOKEN: "token!@#$%^&*()_+"
+              AWS_SESSION_TOKEN: "token!@#$%^&*()_+"