test(NODE-4338): refactor auth prose tests

[durran]

Description

Re-enables SCRAM auth tests and refactors to not use withClient.

What is changing?

• Refactors the SCRAM auth tests to not use withClient
• Skips failing unicode username/password tests.

Is there new documentation needed for these changes?

None

What is the motivation for this change?

NODE-4338

Double check the following

• Ran npm run check:lint script
• Self-review completed using the steps outlined here
• PR title follows the correct format: type(NODE-xxxx)[!]: description
  • Example: feat(NODE-1234)!: rewriting everything in coffeescript
• Changes are covered by tests
• New TODOs have a related JIRA ticket

[orca-security-us]

Orca Security Scan Summary

Status	Check	Issues by priority
Passed	Infrastructure as Code	0   0   0   0	View in Orca
Passed	Vulnerabilities	0   0   0   0	View in Orca
Passed	Secrets	0   0   0   0	View in Orca

[durran]

Note the create user commands will fail on < 3.7.3 since mechanisms cannot be provided to the command.

[baileympearson]

every test already specifies a min server version. do we want to just move this logic into tests requires? We can also use the generic predicate filter

const metadata: MongoDBMetadataUI = {
  requires: { 
    auth: 'enabled',
    mongodb: '>=3.7.3',
    predicate: () => process.env.LOAD_BALANCER ? 'TODO(NODE-5631): fix tests to run in load balancer mode.' : true
  }
}

....

it('description', metadata, async function() { ...} );

[durran]

Updated to suggestion.

[baileympearson]

Suggested change

	[
	{ username: 'IX', password: 'IX' },
	{ username: 'IX', password: 'I\u00ADX' },
	{ username: '\u2168', password: 'IV' },
	{ username: '\u2168', password: 'I\u00ADV' }
	].forEach(({ username, password }) => {
	for (const { username, password } of [
	{ username: 'IX', password: 'IX' },
	{ username: 'IX', password: 'I\u00ADX' },
	{ username: '\u2168', password: 'IV' },
	{ username: '\u2168', password: 'I\u00ADV' }
	]) {

optional code modernization

[durran]

Done

[baileympearson]

every test already specifies a min server version. do we want to just move this logic into tests requires? We can also use the generic predicate filter

const metadata: MongoDBMetadataUI = {
  requires: { 
    auth: 'enabled',
    mongodb: '>=3.7.3',
    predicate: () => process.env.LOAD_BALANCER ? 'TODO(NODE-5631): fix tests to run in load balancer mode.' : true
  }
}

....

it('description', metadata, async function() { ...} );

[baileympearson]

Should this be updated to use the current user, instead of always hard-coding to sha256?

[durran]

It's basically explicitly stating that the sha256 only user cannot authenticate when specifying SCRAM-SHA-1 as the mechanism. I think it's clearer this way.

[baileympearson]

   * Step 3
   * For test users that support only one mechanism, verify that explictly specifying
   * the other mechanism fails.

The test implies that we also need to test that the SCRAM-SHA-1 user cannot authenticate by specifying SCRAM-SHA-256. Right now, this only covers the opposite.

[durran]

I've added the reverse test now.

[baileympearson]

I had to read the spec here to clarify:

Older servers will ignore the speculativeAuthenticate argument. New servers will participate in the standard authentication conversation if this argument is missing.

I don't think we have any branching logic determining when we use speculative authentication. Maybe we should remove the server version from the test?

[durran]

I've removed the 4.4+ version from the description but left the metadata there as all tests still need 3.7.3+.

[baileympearson]

   * Step 3
   * For test users that support only one mechanism, verify that explictly specifying
   * the other mechanism fails.

The test implies that we also need to test that the SCRAM-SHA-1 user cannot authenticate by specifying SCRAM-SHA-256. Right now, this only covers the opposite.