GODRIVER-1473 Allow authSource without credentials (#381)

Author: Divjot Arora

data/auth/connection-string.json

@@ -352,10 +352,11 @@
       "credential": null
     },
     {
-      "description": "authSource without username is invalid (default mechanism)",
+      "description": "authSource without username doesn't create credential (default mechanism)",
       "uri": "mongodb://localhost/?authSource=foo",
-      "valid": false
-        },
+      "valid": true,
+      "credential": null
+    },
     {
       "description": "should recognise the mechanism (MONGODB-AWS)",
       "uri": "mongodb://localhost/?authMechanism=MONGODB-AWS",

data/auth/connection-string.yml

@@ -288,9 +288,10 @@ tests:
         valid: true
         credential: ~
     -
-        description: "authSource without username is invalid (default mechanism)"
+        description: "authSource without username doesn't create credential (default mechanism)"
         uri: "mongodb://localhost/?authSource=foo"
-        valid: false
+        valid: true
+        credential: ~
     -
         description: "should recognise the mechanism (MONGODB-AWS)"
         uri: "mongodb://localhost/?authMechanism=MONGODB-AWS"

mongo/options/clientoptions.go

@@ -174,8 +174,8 @@ func (c *ClientOptions) ApplyURI(uri string) *ClientOptions {
 		c.AppName = &cs.AppName
 	}
 
-	if cs.AuthMechanism != "" || cs.AuthMechanismProperties != nil || cs.AuthSource != "" ||
-		cs.Username != "" || cs.PasswordSet {
+	// Only create a Credential if there is a request for authentication via non-empty credentials in the URI.
+	if cs.HasAuthParameters() {
 		c.Auth = &Credential{
 			AuthMechanism:           cs.AuthMechanism,
 			AuthMechanismProperties: cs.AuthMechanismProperties,

mongo/options/clientoptions_test.go

@@ -240,13 +240,6 @@ func TestClientOptions(t *testing.T) {
 					Username:                "foo",
 				}),
 			},
-			{
-				"AuthSourceNoUsername",
-				"mongodb://localhost/?authSource=random-database-example",
-				&ClientOptions{err: internal.WrapErrorf(
-					errors.New("authsource without username is invalid"), "error validating uri",
-				)},
-			},
 			{
 				"AuthSource",
 				"mongodb://foo@localhost/?authSource=random-database-example",

x/mongo/driver/connstring/connstring.go

@@ -130,6 +130,14 @@ func (u *ConnString) String() string {
 	return u.Original
 }
 
+// HasAuthParameters returns true if this ConnString has any authentication parameters set and therefore represents
+// a request for authentication.
+func (u *ConnString) HasAuthParameters() bool {
+	// Check all auth parameters except for AuthSource because an auth source without other credentials is semantically
+	// valid and must not be interpreted as a request for authentication.
+	return u.AuthMechanism != "" || u.AuthMechanismProperties != nil || u.Username != "" || u.PasswordSet
+}
+
 // Validate checks that the Auth and SSL parameters are valid values.
 func (u *ConnString) Validate() error {
 	p := parser{
@@ -345,6 +353,7 @@ func (p *parser) setDefaultAuthParams(dbName string) error {
 			}
 		}
 	case "":
+		// Only set auth source if there is a request for authentication via non-empty credentials.
 		if p.AuthSource == "" && (p.AuthMechanismProperties != nil || p.Username != "" || p.PasswordSet) {
 			p.AuthSource = dbName
 			if p.AuthSource == "" {
@@ -433,9 +442,6 @@ func (p *parser) validateAuth() error {
 			return fmt.Errorf("SCRAM-SHA-256 cannot have mechanism properties")
 		}
 	case "":
-		if p.Username == "" && p.AuthSource != "" {
-			return fmt.Errorf("authsource without username is invalid")
-		}
 	default:
 		return fmt.Errorf("invalid auth mechanism")
 	}