Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(NODE-3921): error on invalid TLS option combinations #3405

Merged
merged 4 commits into from
Oct 4, 2022
Merged

fix(NODE-3921): error on invalid TLS option combinations #3405

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
87096c6
passing tests
biniona-mongodb Sep 11, 2022
8b0ba59
remove export, update doc comment, change error type, move check
biniona-mongodb Sep 11, 2022
5bcf4a7
tweak doc comment
biniona-mongodb Sep 11, 2022
75cb6cf
Merge remote-tracking branch 'upstream/main' into NODE-3921
biniona-mongodb Oct 4, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
17 changes: 8 additions & 9 deletions src/connection_string.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,6 @@ import { ReadConcern, ReadConcernLevel } from './read_concern';
import { ReadPreference, ReadPreferenceMode } from './read_preference';
import type { TagSet } from './sdam/server_description';
import {
AnyOptions,
DEFAULT_PK_FACTORY,
emitWarning,
emitWarningOnce,
Expand Down Expand Up @@ -157,14 +156,14 @@ export async function resolveSRVRecord(options: MongoOptions): Promise<HostAddre
/**
* Checks if TLS options are valid
*
* @param options - The options used for options parsing
* @throws MongoParseError if TLS options are invalid
* @param allOptions - All options provided by user or included in default options map
* @throws MongoAPIError if TLS options are invalid
*/
export function checkTLSOptions(options: AnyOptions): void {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove export because AFAICT checkTLSOptions is not used outside this module and is not included in public API.

if (!options) return;
function checkTLSOptions(allOptions: CaseInsensitiveMap): void {
if (!allOptions) return;
const check = (a: string, b: string) => {
if (Reflect.has(options, a) && Reflect.has(options, b)) {
throw new MongoParseError(`The '${a}' option cannot be used with '${b}'`);
if (allOptions.has(a) && allOptions.has(b)) {
throw new MongoAPIError(`The '${a}' option cannot be used with the '${b}' option`);
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See this thread for context on why this error type was changed

}
};
check('tlsInsecure', 'tlsAllowInvalidCertificates');
Expand Down Expand Up @@ -360,6 +359,8 @@ export function parseOptions(
}
}

checkTLSOptions(allOptions);
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed check to use allOptions from mongoOptions as mongoOptions object does not have key value pairs when value would be falsy.


const unsupportedOptions = setDifference(
allKeys,
Array.from(Object.keys(OPTIONS)).map(s => s.toLowerCase())
Expand Down Expand Up @@ -427,8 +428,6 @@ export function parseOptions(
mongoOptions.dbName = 'test';
}

checkTLSOptions(mongoOptions);

if (options.promiseLibrary) {
PromiseProvider.set(options.promiseLibrary);
}
Expand Down
10 changes: 0 additions & 10 deletions test/unit/assorted/uri_options.spec.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,16 +10,6 @@ describe('URI option spec tests', function () {
// Skipped because this does not apply to Node
'Valid options specific to single-threaded drivers are parsed correctly',

// TODO(NODE-3921): fix tls option validation
'tlsInsecure and tlsAllowInvalidCertificates both present (and true) raises an error',
'tlsInsecure and tlsAllowInvalidCertificates both present (and false) raises an error',
'tlsAllowInvalidCertificates and tlsInsecure both present (and true) raises an error',
'tlsAllowInvalidCertificates and tlsInsecure both present (and false) raises an error',
'tlsAllowInvalidHostnames and tlsInsecure both present (and true) raises an error',
'tlsAllowInvalidHostnames and tlsInsecure both present (and false) raises an error',
'tlsInsecure and tlsAllowInvalidHostnames both present (and true) raises an error',
'tlsInsecure and tlsAllowInvalidHostnames both present (and false) raises an error',

// TODO(NODE-3922): have not implemented option support
'tlsDisableCertificateRevocationCheck can be set to true',
'tlsDisableCertificateRevocationCheck can be set to false',
Expand Down