mongodb
diff --git a/‎pymongo/monitoring.py
Lines changed: 15 additions & 2 deletions b/‎pymongo/monitoring.py
Lines changed: 15 additions & 2 deletions
diff --git a/‎test/command_monitoring/bulkWrite.json renamed to ‎test/command_monitoring/legacy/bulkWrite.json b/‎test/command_monitoring/bulkWrite.json renamed to ‎test/command_monitoring/legacy/bulkWrite.json
diff --git a/‎test/command_monitoring/command.json renamed to ‎test/command_monitoring/legacy/command.json b/‎test/command_monitoring/command.json renamed to ‎test/command_monitoring/legacy/command.json
diff --git a/‎test/command_monitoring/deleteMany.json renamed to ‎test/command_monitoring/legacy/deleteMany.json b/‎test/command_monitoring/deleteMany.json renamed to ‎test/command_monitoring/legacy/deleteMany.json
diff --git a/‎test/command_monitoring/deleteOne.json renamed to ‎test/command_monitoring/legacy/deleteOne.json b/‎test/command_monitoring/deleteOne.json renamed to ‎test/command_monitoring/legacy/deleteOne.json
diff --git a/‎test/command_monitoring/find.json renamed to ‎test/command_monitoring/legacy/find.json b/‎test/command_monitoring/find.json renamed to ‎test/command_monitoring/legacy/find.json
diff --git a/‎test/command_monitoring/insertMany.json renamed to ‎test/command_monitoring/legacy/insertMany.json b/‎test/command_monitoring/insertMany.json renamed to ‎test/command_monitoring/legacy/insertMany.json
diff --git a/‎test/command_monitoring/insertOne.json renamed to ‎test/command_monitoring/legacy/insertOne.json b/‎test/command_monitoring/insertOne.json renamed to ‎test/command_monitoring/legacy/insertOne.json
diff --git a/‎test/command_monitoring/unacknowledgedBulkWrite.json renamed to ‎test/command_monitoring/legacy/unacknowledgedBulkWrite.json b/‎test/command_monitoring/unacknowledgedBulkWrite.json renamed to ‎test/command_monitoring/legacy/unacknowledgedBulkWrite.json
diff --git a/‎test/command_monitoring/updateMany.json renamed to ‎test/command_monitoring/legacy/updateMany.json b/‎test/command_monitoring/updateMany.json renamed to ‎test/command_monitoring/legacy/updateMany.json
@@ -498,6 +498,15 @@ def register(listener):
      "updateuser", "copydbgetnonce", "copydbsaslstart", "copydb"])
 
 
+# The "hello" command is also deemed sensitive when attempting speculative
+# authentication.
+def _is_speculative_authenticate(command_name, doc):
+    if (command_name.lower() in ('hello', 'ismaster') and
+            'speculativeAuthenticate' in doc):
+        return True
+    return False
+
+
 class _CommandEvent(object):
     """Base class for command events."""
 
@@ -564,7 +573,9 @@ def __init__(self, command, database_name, request_id, connection_id,
         super(CommandStartedEvent, self).__init__(
             command_name, request_id, connection_id, operation_id,
             service_id=service_id)
-        if command_name.lower() in _SENSITIVE_COMMANDS:
+        cmd_name, cmd_doc = command_name.lower(), command[command_name]
+        if (cmd_name in _SENSITIVE_COMMANDS or
+                _is_speculative_authenticate(cmd_name, command)):
             self.__cmd = {}
         else:
             self.__cmd = command
@@ -610,7 +621,9 @@ def __init__(self, duration, reply, command_name,
             command_name, request_id, connection_id, operation_id,
             service_id=service_id)
         self.__duration_micros = _to_micros(duration)
-        if command_name.lower() in _SENSITIVE_COMMANDS:
+        cmd_name = command_name.lower()
+        if (cmd_name in _SENSITIVE_COMMANDS or
+                _is_speculative_authenticate(cmd_name, reply)):
             self.__reply = {}
         else:
             self.__reply = reply