mongodb · qingyang-hu · May 9, 2025 · Apr 16, 2025 · Apr 16, 2025 · Apr 21, 2025
@@ -7,13 +7,19 @@
 package auth_test
 
 import (
+	"context"
+	"fmt"
 	"net/http"
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
 	"go.mongodb.org/mongo-driver/v2/internal/require"
 	"go.mongodb.org/mongo-driver/v2/x/bsonx/bsoncore"
+	"go.mongodb.org/mongo-driver/v2/x/mongo/driver"
 	"go.mongodb.org/mongo-driver/v2/x/mongo/driver/auth"
+	"go.mongodb.org/mongo-driver/v2/x/mongo/driver/description"
+	"go.mongodb.org/mongo-driver/v2/x/mongo/driver/drivertest"
+	"go.mongodb.org/mongo-driver/v2/x/mongo/driver/mnet"
 	"go.mongodb.org/mongo-driver/v2/x/mongo/driver/wiremessage"
 )
 
@@ -101,3 +107,56 @@ func compareResponses(t *testing.T, wm []byte, expectedPayload bsoncore.Document
 		t.Errorf("Payloads don't match. got %v; want %v", actualPayload, expectedPayload)
 	}
 }
+
+type testAuthenticator struct{}
+
+func (a *testAuthenticator) Auth(context.Context, *driver.AuthConfig) error {
+	return fmt.Errorf("test error")
+}
+
+func (a *testAuthenticator) Reauth(context.Context, *driver.AuthConfig) error {
+	return nil
+}
+
+func TestPerformAuthentication(t *testing.T) {
+	t.Parallel()
+
+	cases := []struct {
+		name          string
+		needToPerform bool
+		assert        func(*testing.T, error)
+	}{
+		{
+			name:          "positive",
+			needToPerform: true,
+			assert: func(t *testing.T, err error) {
+				require.EqualError(t, err, "auth error: test error")
+			},
+		},
+		{
+			name:          "negative",
+			needToPerform: false,
+			assert: func(t *testing.T, err error) {
+				require.NoError(t, err)
+			},
+		},
+	}
+	mnetconn := mnet.NewConnection(&drivertest.ChannelConn{})
+	for _, tc := range cases {
+		tc := tc
+
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			handshaker := auth.Handshaker(nil, &auth.HandshakeOptions{
+				Authenticator: &testAuthenticator{},
+				PerformAuthentication: func(description.Server) bool {
+					return tc.needToPerform
+				},
+			})
+
+			err := handshaker.FinishHandshake(context.Background(), mnetconn)
+			tc.assert(t, err)
+		})
+	}
+}
@@ -15,9 +15,11 @@ import (
 
 	"go.mongodb.org/mongo-driver/v2/event"
 	"go.mongodb.org/mongo-driver/v2/internal/logger"
+	internalOptions "go.mongodb.org/mongo-driver/v2/internal/options"
 	"go.mongodb.org/mongo-driver/v2/mongo/options"
 	"go.mongodb.org/mongo-driver/v2/x/mongo/driver"
 	"go.mongodb.org/mongo-driver/v2/x/mongo/driver/auth"
+	"go.mongodb.org/mongo-driver/v2/x/mongo/driver/description"
 	"go.mongodb.org/mongo-driver/v2/x/mongo/driver/ocsp"
 	"go.mongodb.org/mongo-driver/v2/x/mongo/driver/operation"
 	"go.mongodb.org/mongo-driver/v2/x/mongo/driver/session"
@@ -270,6 +272,14 @@ func NewConfigFromOptionsWithAuthenticator(opts *options.ClientOptions, clock *s
 			// Required for SASL mechanism negotiation during handshake
 			handshakeOpts.DBUser = opts.Auth.AuthSource + "." + opts.Auth.Username
 		}
+		if a := internalOptions.Value(opts.Custom, "authenticateToAnything"); a != nil {
+			if v, ok := a.(bool); ok && v {
+				// Authenticate arbiters
+				handshakeOpts.PerformAuthentication = func(_ description.Server) bool {
+					return true
+				}
+			}
+		}
 
 		handshaker = func(driver.Handshaker) driver.Handshaker {
 			return auth.Handshaker(nil, handshakeOpts)

@@ -7,6 +7,7 @@
 package topology
 
 import (
+	"context"
 	"fmt"
 	"net/url"
 	"reflect"
@@ -17,6 +18,10 @@ import (
 	"go.mongodb.org/mongo-driver/v2/internal/require"
 	"go.mongodb.org/mongo-driver/v2/mongo/options"
 	"go.mongodb.org/mongo-driver/v2/x/mongo/driver"
+	"go.mongodb.org/mongo-driver/v2/x/mongo/driver/description"
+	"go.mongodb.org/mongo-driver/v2/x/mongo/driver/drivertest"
+	"go.mongodb.org/mongo-driver/v2/x/mongo/driver/mnet"
+	"go.mongodb.org/mongo-driver/v2/x/mongo/driver/xoptions"
 )
 
 func TestDirectConnectionFromConnString(t *testing.T) {
@@ -85,6 +90,74 @@ func TestLoadBalancedFromConnString(t *testing.T) {
 	}
 }
 
+type testAuthenticator struct{}
+
+func (a *testAuthenticator) Auth(context.Context, *driver.AuthConfig) error {
+	return fmt.Errorf("test error")
+}
+
+func (a *testAuthenticator) Reauth(context.Context, *driver.AuthConfig) error {
+	return nil
+}
+
+func TestAuthenticateToAnything(t *testing.T) {
+	t.Parallel()
+
+	cases := []struct {
+		name   string
+		set    func(*options.ClientOptions) error
+		assert func(*testing.T, error)
+	}{
+		{
+			name: "default",
+			set:  func(*options.ClientOptions) error { return nil },
+			assert: func(t *testing.T, err error) {
+				require.NoError(t, err)
+			},
+		},
+		{
+			name: "positive",
+			set: func(opt *options.ClientOptions) error {
+				return xoptions.SetInternalClientOptions(opt, "authenticateToAnything", true)
+			},
+			assert: func(t *testing.T, err error) {
+				require.EqualError(t, err, "auth error: test error")
+			},
+		},
+		{
+			name: "negative",
+			set: func(opt *options.ClientOptions) error {
+				return xoptions.SetInternalClientOptions(opt, "authenticateToAnything", false)
+			},
+			assert: func(t *testing.T, err error) {
+				require.NoError(t, err)
+			},
+		},
+	}
+
+	describer := &drivertest.ChannelConn{
+		Desc: description.Server{Kind: description.ServerKindRSArbiter},
+	}
+	for _, tc := range cases {
+		tc := tc
+
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			opt := options.Client().SetAuth(options.Credential{Username: "foo", Password: "bar"})
+			err := tc.set(opt)
+			require.NoError(t, err, "error setting authenticateToAnything: %v", err)
+			cfg, err := NewConfigFromOptionsWithAuthenticator(opt, nil, &testAuthenticator{})
+			require.NoError(t, err, "error constructing topology config: %v", err)
+
+			srvrCfg := newServerConfig(defaultConnectionTimeout, cfg.ServerOpts...)
+			connCfg := newConnectionConfig(srvrCfg.connectionOpts...)
+			err = connCfg.handshaker.FinishHandshake(context.TODO(), &mnet.Connection{Describer: describer})
+			tc.assert(t, err)
+		})
+	}
+}
+
 func TestTopologyNewConfig(t *testing.T) {
 	t.Run("default ServerSelectionTimeout", func(t *testing.T) {
 		cfg, err := NewConfig(options.Client(), nil)

@@ -9,6 +9,7 @@ package xoptions
 import (
 	"fmt"
 
+	internalOptions "go.mongodb.org/mongo-driver/v2/internal/options"
 	"go.mongodb.org/mongo-driver/v2/mongo/options"
 	"go.mongodb.org/mongo-driver/v2/x/mongo/driver"
 )
@@ -31,6 +32,12 @@ func SetInternalClientOptions(opts *options.ClientOptions, key string, option an
 			return fmt.Errorf(typeErr, key)
 		}
 		opts.Deployment = d
+	case "authenticateToAnything":
+		b, ok := option.(bool)
+		if !ok {
+			return fmt.Errorf(typeErr, key)
+		}
+		opts.Custom = internalOptions.WithValue(opts.Custom, key, b)
 	default:
 		return fmt.Errorf("unsupported option: %s", key)
 	}

@@ -7,8 +7,10 @@
 package xoptions
 
 import (
+	"fmt"
 	"testing"
 
+	internalOptions "go.mongodb.org/mongo-driver/v2/internal/options"
 	"go.mongodb.org/mongo-driver/v2/internal/require"
 	"go.mongodb.org/mongo-driver/v2/mongo/options"
 	"go.mongodb.org/mongo-driver/v2/x/mongo/driver"
@@ -18,6 +20,29 @@ import (
 func TestSetInternalClientOptions(t *testing.T) {
 	t.Parallel()
 
+	cases := []struct {
+		key   string
+		value any
+	}{
+		{
+			key:   "authenticateToAnything",
+			value: true,
+		},
+	}
+	for _, tc := range cases {
+		tc := tc
+
+		t.Run(fmt.Sprintf("set %s", tc.key), func(t *testing.T) {
+			t.Parallel()
+
+			opts := options.Client()
+			err := SetInternalClientOptions(opts, tc.key, tc.value)
+			require.NoError(t, err, "error setting %s: %v", tc.key, err)
+			v := internalOptions.Value(opts.Custom, tc.key)
+			require.Equal(t, tc.value, v, "expected %v, got %v", tc.value, v)
+		})
+	}
+
 	t.Run("set crypt", func(t *testing.T) {
 		t.Parallel()