(username: string, password: string)
| 215 | } |
| 216 | |
| 217 | function passwordDigest(username: string, password: string) { |
| 218 | if (typeof username !== 'string') { |
| 219 | throw new MongoInvalidArgumentError('Username must be a string'); |
| 220 | } |
| 221 | |
| 222 | if (typeof password !== 'string') { |
| 223 | throw new MongoInvalidArgumentError('Password must be a string'); |
| 224 | } |
| 225 | |
| 226 | if (password.length === 0) { |
| 227 | throw new MongoInvalidArgumentError('Password cannot be empty'); |
| 228 | } |
| 229 | |
| 230 | let nodeCrypto; |
| 231 | try { |
| 232 | // TODO: NODE-7424 - remove dependency on 'crypto' for SCRAM-SHA-1 authentication |
| 233 | // eslint-disable-next-line @typescript-eslint/no-require-imports |
| 234 | nodeCrypto = require('crypto'); |
| 235 | } catch (e) { |
| 236 | throw new MongoRuntimeError( |
| 237 | 'Node.js crypto module is required for SCRAM-SHA-1 authentication', |
| 238 | { |
| 239 | cause: e |
| 240 | } |
| 241 | ); |
| 242 | } |
| 243 | |
| 244 | try { |
| 245 | const md5 = nodeCrypto.createHash('md5'); |
| 246 | md5.update(`${username}:mongo:${password}`, 'utf8'); |
| 247 | return md5.digest('hex'); |
| 248 | } catch (err) { |
| 249 | if (nodeCrypto.getFips()) { |
| 250 | // This error is (slightly) more helpful than what comes from OpenSSL directly, e.g. |
| 251 | // 'Error: error:060800C8:digital envelope routines:EVP_DigestInit_ex:disabled for FIPS' |
| 252 | throw new Error('Auth mechanism SCRAM-SHA-1 is not supported in FIPS mode'); |
| 253 | } |
| 254 | throw err; |
| 255 | } |
| 256 | } |
| 257 | |
| 258 | // XOR two buffers |
| 259 | function xor(a: Uint8Array, b: Uint8Array) { |
no test coverage detected