Skip to content

Commit

Permalink
fix(NODE-3166): allowInvalidHostnames and allowInvalidCertificates fl…
Browse files Browse the repository at this point in the history
…ags are ignored (#2784)
  • Loading branch information
nbbeeken authored and ljhaywar committed Nov 9, 2021
1 parent bebbd68 commit ff73d85
Show file tree
Hide file tree
Showing 2 changed files with 54 additions and 4 deletions.
18 changes: 14 additions & 4 deletions src/connection_string.ts
Original file line number Diff line number Diff line change
Expand Up @@ -938,10 +938,18 @@ export const OPTIONS = {
type: 'boolean'
},
tlsAllowInvalidCertificates: {
type: 'boolean'
target: 'rejectUnauthorized',
transform({ name, values: [value] }) {
// allowInvalidCertificates is the inverse of rejectUnauthorized
return !getBoolean(name, value);
}
},
tlsAllowInvalidHostnames: {
type: 'boolean'
target: 'checkServerIdentity',
transform({ name, values: [value] }) {
// tlsAllowInvalidHostnames means setting the checkServerIdentity function to a noop
return getBoolean(name, value) ? () => undefined : undefined;
}
},
tlsCAFile: {
target: 'ca',
Expand Down Expand Up @@ -969,10 +977,12 @@ export const OPTIONS = {
transform({ name, options, values: [value] }) {
const tlsInsecure = getBoolean(name, value);
if (tlsInsecure) {
options.checkServerIdentity = undefined;
options.checkServerIdentity = () => undefined;
options.rejectUnauthorized = false;
} else {
options.checkServerIdentity = options.tlsAllowInvalidHostnames ? undefined : (true as any);
options.checkServerIdentity = options.tlsAllowInvalidHostnames
? () => undefined
: undefined;
options.rejectUnauthorized = options.tlsAllowInvalidCertificates ? false : true;
}
return tlsInsecure;
Expand Down
40 changes: 40 additions & 0 deletions test/unit/mongo_client_options.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -296,4 +296,44 @@ describe('MongoOptions', function () {
expect(options.credentials.username).to.equal('USERNAME');
expect(options.credentials.password).to.equal('PASSWORD');
});

it('transforms tlsAllowInvalidCertificates and tlsAllowInvalidHostnames correctly', function () {
const optionsTrue = parseOptions('mongodb://localhost/', {
tlsAllowInvalidCertificates: true,
tlsAllowInvalidHostnames: true
});
expect(optionsTrue.rejectUnauthorized).to.equal(false);
expect(optionsTrue.checkServerIdentity).to.be.a('function');
expect(optionsTrue.checkServerIdentity()).to.equal(undefined);

const optionsFalse = parseOptions('mongodb://localhost/', {
tlsAllowInvalidCertificates: false,
tlsAllowInvalidHostnames: false
});
expect(optionsFalse.rejectUnauthorized).to.equal(true);
expect(optionsFalse.checkServerIdentity).to.equal(undefined);

const optionsUndefined = parseOptions('mongodb://localhost/');
expect(optionsUndefined.rejectUnauthorized).to.equal(undefined);
expect(optionsUndefined.checkServerIdentity).to.equal(undefined);
});

it('transforms tlsInsecure correctly', function () {
const optionsTrue = parseOptions('mongodb://localhost/', {
tlsInsecure: true
});
expect(optionsTrue.rejectUnauthorized).to.equal(false);
expect(optionsTrue.checkServerIdentity).to.be.a('function');
expect(optionsTrue.checkServerIdentity()).to.equal(undefined);

const optionsFalse = parseOptions('mongodb://localhost/', {
tlsInsecure: false
});
expect(optionsFalse.rejectUnauthorized).to.equal(true);
expect(optionsFalse.checkServerIdentity).to.equal(undefined);

const optionsUndefined = parseOptions('mongodb://localhost/');
expect(optionsUndefined.rejectUnauthorized).to.equal(undefined);
expect(optionsUndefined.checkServerIdentity).to.equal(undefined);
});
});

0 comments on commit ff73d85

Please sign in to comment.