feat(NODE-5396): add mongodb-js/saslprep as a required dependency (#3815)

baileympearson · web-flow · commit bd031fc26bdb · 2023-08-16T11:09:17.000-04:00
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -26,10 +26,8 @@
   },
   "dependencies": {
     "bson": "^5.4.0",
-    "mongodb-connection-string-url": "^2.6.0"
-  },
-  "optionalDependencies": {
-    "saslprep": "^1.0.3"
+    "mongodb-connection-string-url": "^2.6.0",
+    "@mongodb-js/saslprep": "^1.1.0"
   },
   "peerDependencies": {
     "@aws-sdk/credential-providers": "^3.188.0",
diff --git a/src/cmap/auth/scram.ts b/src/cmap/auth/scram.ts
@@ -1,14 +1,14 @@
+import { saslprep } from '@mongodb-js/saslprep';
 import * as crypto from 'crypto';
 import { promisify } from 'util';
 
 import { Binary, type Document } from '../../bson';
-import { saslprep } from '../../deps';
 import {
   MongoInvalidArgumentError,
   MongoMissingCredentialsError,
   MongoRuntimeError
 } from '../../error';
-import { emitWarning, ns } from '../../utils';
+import { ns } from '../../utils';
 import type { HandshakeDocument } from '../connect';
 import { type AuthContext, AuthProvider } from './auth_provider';
 import type { MongoCredentials } from './mongo_credentials';
@@ -34,12 +34,6 @@ class ScramSHA extends AuthProvider {
     if (!credentials) {
       throw new MongoMissingCredentialsError('AuthContext must provide credentials.');
     }
-    if (
-      cryptoMethod === 'sha256' &&
-      ('kModuleError' in saslprep || typeof saslprep !== 'function')
-    ) {
-      emitWarning('Warning: no saslprep library specified. Passwords will not be sanitized');
-    }
 
     const nonce = await this.randomBytesAsync(24);
     // store the nonce for later use
@@ -141,13 +135,8 @@ async function continueScramConversation(
   const username = cleanUsername(credentials.username);
   const password = credentials.password;
 
-  let processedPassword;
-  if (cryptoMethod === 'sha256') {
-    processedPassword =
-      'kModuleError' in saslprep || typeof saslprep !== 'function' ? password : saslprep(password);
-  } else {
-    processedPassword = passwordDigest(username, password);
-  }
+  const processedPassword =
+    cryptoMethod === 'sha256' ? saslprep(password) : passwordDigest(username, password);
 
   const payload = Buffer.isBuffer(response.payload)
     ? new Binary(response.payload)
diff --git a/src/deps.ts b/src/deps.ts
@@ -189,19 +189,6 @@ export function getSocks(): SocksLib | { kModuleError: MongoMissingDependencyErr
   }
 }
 
-export let saslprep: typeof import('saslprep') | { kModuleError: MongoMissingDependencyError } =
-  makeErrorModule(
-    new MongoMissingDependencyError(
-      'Optional module `saslprep` not found.' +
-        ' Please install it to enable Stringprep Profile for User Names and Passwords'
-    )
-  );
-
-try {
-  // Ensure you always wrap an optional require in the try block NODE-3199
-  saslprep = require('saslprep');
-} catch {} // eslint-disable-line
-
 interface AWS4 {
   /**
    * Created these inline types to better assert future usage of this API
diff --git a/test/action/dependency.test.ts b/test/action/dependency.test.ts
@@ -5,9 +5,10 @@ import * as path from 'node:path';
 import { expect } from 'chai';
 
 import { dependencies, peerDependencies, peerDependenciesMeta } from '../../package.json';
+import { setDifference } from '../mongodb';
 import { itInNodeProcess } from '../tools/utils';
 
-const EXPECTED_DEPENDENCIES = ['bson', 'mongodb-connection-string-url'];
+const EXPECTED_DEPENDENCIES = ['bson', 'mongodb-connection-string-url', '@mongodb-js/saslprep'];
 const EXPECTED_PEER_DEPENDENCIES = [
   '@aws-sdk/credential-providers',
   '@mongodb-js/zstd',
@@ -21,7 +22,7 @@ const EXPECTED_PEER_DEPENDENCIES = [
 describe('package.json', function () {
   describe('dependencies', function () {
     it('only contains the expected dependencies', function () {
-      expect(dependencies).to.have.keys(EXPECTED_DEPENDENCIES);
+      expect(Object.keys(dependencies)).to.deep.equal(EXPECTED_DEPENDENCIES);
     });
   });
 
@@ -118,7 +119,7 @@ describe('package.json', function () {
 
   const EXPECTED_IMPORTS = [
     'bson',
-    'saslprep',
+    '@mongodb-js/saslprep',
     'sparse-bitfield',
     'memory-pager',
     'mongodb-connection-string-url',
@@ -150,7 +151,7 @@ describe('package.json', function () {
 
     context('when importing mongodb', () => {
       it('only contains the expected imports', function () {
-        expect(imports).to.deep.equal(EXPECTED_IMPORTS);
+        expect(setDifference(imports, EXPECTED_IMPORTS)).to.deep.equal(new Set());
       });
 
       it('does not import optional dependencies', () => {
diff --git a/test/integration/auth/scram_sha_256.test.ts b/test/integration/auth/scram_sha_256.test.ts
