feat: Add support for Access Token Authentication for SQL Server Driv…

…er (mssql) (#7477) * feat: add support for sql server authentication types * feat: revert user and password deprecation for compatibility with other drivers `options.domain` is an advanced driver-based authentication type and node-mssql fallbacks it as ntlm type. Because of that, it should be passed in the same way as other advanced authentication types in `options.authentication` object.
typeorm · Mar 29, 2021 · e639772 · e639772
1 parent 8d7afaf
commit e639772
Show file tree

Hide file tree

Showing 9 changed files with 154 additions and 6 deletions.
diff --git a/src/driver/sqlserver/SqlServerConnectionCredentialsOptions.ts b/src/driver/sqlserver/SqlServerConnectionCredentialsOptions.ts
@@ -1,3 +1,20 @@
+import {DefaultAuthentication} from "./authentication/DefaultAuthentication";
+import {AzureActiveDirectoryAccessTokenAuthentication} from "./authentication/AzureActiveDirectoryAccessTokenAuthentication";
+import {AzureActiveDirectoryMsiAppServiceAuthentication} from "./authentication/AzureActiveDirectoryMsiAppServiceAuthentication";
+import {AzureActiveDirectoryMsiVmAuthentication} from "./authentication/AzureActiveDirectoryMsiVmAuthentication";
+import {AzureActiveDirectoryPasswordAuthentication} from "./authentication/AzureActiveDirectoryPasswordAuthentication";
+import {AzureActiveDirectoryServicePrincipalSecret} from "./authentication/AzureActiveDirectoryServicePrincipalSecret";
+import {NtlmAuthentication} from "./authentication/NtlmAuthentication";
+
+export type SqlServerConnectionCredentialsAuthenticationOptions =
+    DefaultAuthentication
+    | NtlmAuthentication
+    | AzureActiveDirectoryAccessTokenAuthentication
+    | AzureActiveDirectoryMsiAppServiceAuthentication
+    | AzureActiveDirectoryMsiVmAuthentication
+    | AzureActiveDirectoryPasswordAuthentication
+    | AzureActiveDirectoryServicePrincipalSecret
+
 /**
  * SqlServer specific connection credential options.
  */
@@ -18,6 +35,11 @@ export interface SqlServerConnectionCredentialsOptions {
      */
     readonly port?: number;
 
+    /**
+     * Database name to connect to.
+     */
+    readonly database?: string;
+
     /**
      * Database username.
      */
@@ -29,13 +51,17 @@ export interface SqlServerConnectionCredentialsOptions {
     readonly password?: string;
 
     /**
-     * Database name to connect to.
+     * Authentication settings
+     * It overrides username and password, when passed.
      */
-    readonly database?: string;
+    readonly authentication?: SqlServerConnectionCredentialsAuthenticationOptions
 
     /**
      * Once you set domain, driver will connect to SQL Server using domain login.
+     * @see SqlServerConnectionCredentialsOptions.authentication
+     * @see NtlmAuthentication
+     * @deprecated
      */
     readonly domain?: string;
 
-}
+}
diff --git a/src/driver/sqlserver/SqlServerDriver.ts b/src/driver/sqlserver/SqlServerDriver.ts
@@ -765,6 +765,15 @@ export class SqlServerDriver implements Driver {
 
         credentials = Object.assign({}, credentials, DriverUtils.buildDriverOptions(credentials)); // todo: do it better way
 
+        // todo: credentials.domain is deprecation. remove it in future
+        const authentication = !credentials.domain ? credentials.authentication : {
+            type: "ntlm",
+            options: {
+                domain: credentials.domain,
+                userName: credentials.username,
+                password: credentials.password
+            }
+        };
         // build connection options for the driver
         const connectionOptions = Object.assign({}, {
             connectionTimeout: this.options.connectionTimeout,
@@ -774,11 +783,11 @@ export class SqlServerDriver implements Driver {
             options: this.options.options,
         }, {
             server: credentials.host,
-            user: credentials.username,
-            password: credentials.password,
             database: credentials.database,
             port: credentials.port,
-            domain: credentials.domain,
+            user: credentials.username,
+            password: credentials.password,
+            authentication: authentication,
         }, options.extra || {});
 
         // set default useUTC option if it hasn't been set

diff --git a/src/driver/sqlserver/authentication/AzureActiveDirectoryAccessTokenAuthentication.ts b/src/driver/sqlserver/authentication/AzureActiveDirectoryAccessTokenAuthentication.ts
@@ -0,0 +1,10 @@
+export interface AzureActiveDirectoryAccessTokenAuthentication {
+    type: "azure-active-directory-access-token";
+    options: {
+        /**
+         * A user need to provide `token` which they retrived else where
+         * to forming the connection.
+         */
+        token: string;
+    };
+}
diff --git a/src/driver/sqlserver/authentication/AzureActiveDirectoryMsiAppServiceAuthentication.ts b/src/driver/sqlserver/authentication/AzureActiveDirectoryMsiAppServiceAuthentication.ts
@@ -0,0 +1,20 @@
+export interface AzureActiveDirectoryMsiAppServiceAuthentication {
+    type: "azure-active-directory-msi-app-service";
+    options: {
+        /**
+         * If you user want to connect to an Azure app service using a specific client account
+         * they need to provide `clientId` asscoiate to their created idnetity.
+         *
+         * This is optional for retrieve token from azure web app service
+         */
+        clientId?: string;
+        /**
+         * A msi app service environment need to provide `msiEndpoint` for retriving the accesstoken.
+         */
+        msiEndpoint?: string;
+        /**
+         * A msi app service environment need to provide `msiSecret` for retriving the accesstoken.
+         */
+        msiSecret?: string;
+    };
+}
diff --git a/src/driver/sqlserver/authentication/AzureActiveDirectoryMsiVmAuthentication.ts b/src/driver/sqlserver/authentication/AzureActiveDirectoryMsiVmAuthentication.ts
@@ -0,0 +1,16 @@
+export interface AzureActiveDirectoryMsiVmAuthentication {
+    type: "azure-active-directory-msi-vm";
+    options: {
+        /**
+         * If you user want to connect to an Azure app service using a specific client account
+         * they need to provide `clientId` asscoiate to their created idnetity.
+         *
+         * This is optional for retrieve token from azure web app service
+         */
+        clientId?: string;
+        /**
+         * A user need to provide `msiEndpoint` for retriving the accesstoken.
+         */
+        msiEndpoint?: string;
+    };
+}
diff --git a/src/driver/sqlserver/authentication/AzureActiveDirectoryPasswordAuthentication.ts b/src/driver/sqlserver/authentication/AzureActiveDirectoryPasswordAuthentication.ts
@@ -0,0 +1,18 @@
+export interface AzureActiveDirectoryPasswordAuthentication {
+    type: "azure-active-directory-password";
+    options: {
+        /**
+         * A user need to provide `userName` asscoiate to their account.
+         */
+        userName: string;
+        /**
+         * A user need to provide `password` asscoiate to their account.
+         */
+        password: string;
+
+        /**
+         * Optional parameter for specific Azure tenant ID
+         */
+        domain: string;
+    };
+}
diff --git a/src/driver/sqlserver/authentication/AzureActiveDirectoryServicePrincipalSecret.ts b/src/driver/sqlserver/authentication/AzureActiveDirectoryServicePrincipalSecret.ts
@@ -0,0 +1,17 @@
+export interface AzureActiveDirectoryServicePrincipalSecret {
+    type: "azure-active-directory-service-principal-secret";
+    options: {
+        /**
+         * Application (`client`) ID from your registered Azure application
+         */
+        clientId: string;
+        /**
+         * The created `client secret` for this registered Azure application
+         */
+        clientSecret: string;
+        /**
+         * Directory (`tenant`) ID from your registered Azure application
+         */
+        tenantId: string;
+    };
+}
diff --git a/src/driver/sqlserver/authentication/DefaultAuthentication.ts b/src/driver/sqlserver/authentication/DefaultAuthentication.ts
@@ -0,0 +1,13 @@
+export interface DefaultAuthentication {
+    type: "default";
+    options: {
+        /**
+         * User name to use for sql server login.
+         */
+        userName?: string;
+        /**
+         * Password to use for sql server login.
+         */
+        password?: string;
+    };
+}
diff --git a/src/driver/sqlserver/authentication/NtlmAuthentication.ts b/src/driver/sqlserver/authentication/NtlmAuthentication.ts
@@ -0,0 +1,19 @@
+export interface NtlmAuthentication {
+    type: "ntlm";
+    options: {
+        /**
+         * User name from your windows account.
+         */
+        userName: string;
+        /**
+         * Password from your windows account.
+         */
+        password: string;
+        /**
+         * Once you set domain for ntlm authentication type, driver will connect to SQL Server using domain login.
+         *
+         * This is necessary for forming a connection using ntlm type
+         */
+        domain: string;
+    };
+}