node-mongodb-native icon indicating copy to clipboard operation
node-mongodb-native copied to clipboard
verified publisher icon mongodb

fix(NODE-6407): use conversationId returned by the server instead of hardcoded integer in SASL implementation for MONGODB-AWS.

Open kggau opened this issue 1 year ago • 2 comments

Description

MONGODB-AWS authentication mechanism should follow SASL spec. Current implementation ignores the conversationId sent by the server and uses a hardcoded integer for all saslContinue messages across all conversations.

What is changing?

Changing the hardcoded integer for conversationId to utilize the one that gets returned in the saslStart response.

Is there new documentation needed for these changes?

No. This change brings the implementation to spec.

What is the motivation for this change?

This is a bug. MONGODB-AWS authentication failed on database emulating MongoDB.

Release Highlight

Fixes SASL implementation for MONGODB-AWS to use conversationId returned by the server instead of hardcoded integer.

Double check the following

  • [x] Ran npm run check:lint script
  • [x] Self-review completed using the steps outlined here
  • [x] PR title follows the correct format: type(NODE-xxxx)[!]: description
    • Example: feat(NODE-1234)!: rewriting everything in coffeescript
  • [ ] Changes are covered by tests
  • [x] New TODOs have a related JIRA ticket

kggau avatar Sep 30 '24 23:09 kggau

Hey @kggau, thanks for sharing this patch. Our team will give it a once over to validate it addresses the problem (it looks like it does on a quick inspection).

This is a bug. MONGODB-AWS authentication failed on database emulating MongoDB.

Can you clarify which emulating database this issue occurred in?

alexbevi avatar Oct 01 '24 02:10 alexbevi

Thanks @alexbevi!

Can you clarify which emulating database this issue occurred in?

This issue happened when using MONGODB-AWS auth mechanism with Amazon DocumentDB. Given loss of conversationId information, I am not sure why it is functional with MongoDB (assuming it works).

kggau avatar Oct 01 '24 13:10 kggau

Given loss of conversationId information, I am not sure why it is functional with MongoDB (assuming it works).

@kggau just to clarify, this does work with the MONGODB-AWS authentication mechanism within the MongoDB server.

alexbevi avatar Oct 21 '24 13:10 alexbevi

Would anyone be able to provide an update on when this might get released? We're eagerly awaiting this functionality.

todd avatar Dec 06 '24 20:12 todd

@todd Thanks for reaching out. We're currently at capacity with our end-of-year wrap-up, but we plan to look into this early next year. The changes here are pending further testing. We appreciate your patience and you'll be notified here or on the JIRA ticket NODE-6407 of our progress.

nbbeeken avatar Dec 06 '24 20:12 nbbeeken

@kggau I've put up a PR with test for this change (#4368) and will be merging this PR into that new branch to have the change and the test in one PR for review by the team

W-A-James avatar Jan 14 '25 18:01 W-A-James