Kerberos auth requires token in credentials field

Deprecate `auth_tokens.keyTicket`, should be "credentials".
neo4j · Sep 28, 2021 · 0e482e5 · 0e482e5
1 parent d670b9c
commit 0e482e5
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 6 deletions.
diff --git a/neo4j/auth_tokens.go b/neo4j/auth_tokens.go
@@ -31,7 +31,8 @@ const schemeKerberos = "kerberos"
 const keyPrincipal = "principal"
 const keyCredentials = "credentials"
 const keyRealm = "realm"
-const keyTicket = "ticket"
+// Deprecated: will be removed in 5.0. Use keyCredentials instead.
+const keyTicket = keyCredentials
 
 // NoAuth generates an empty authentication token
 func NoAuth() AuthToken {
@@ -62,7 +63,7 @@ func KerberosAuth(ticket string) AuthToken {
 			keyScheme: schemeKerberos,
 			// Backwards compatibility: Neo4j servers pre 4.4 require the presence of the principal.
 			keyPrincipal: "",
-			keyTicket: ticket,
+			keyCredentials: ticket,
 		},
 	}
 

diff --git a/neo4j/auth_tokens_test.go b/neo4j/auth_tokens_test.go
@@ -92,16 +92,20 @@ func TestKerberosAuth(t *testing.T) {
 
 	token := KerberosAuth(ticket)
 
-	if len(token.tokens) != 2 {
+	if len(token.tokens) != 3 {
 		t.Errorf("should contain 2 keys")
 	}
 
 	if token.tokens[keyScheme] != schemeKerberos {
 		t.Errorf("the key scheme should be 'kerberos' %v", token.tokens[keyScheme])
 	}
 
-	if token.tokens[keyTicket] != ticket {
-		t.Errorf("the key ticket was not properly set %v", token.tokens[keyTicket])
+	if token.tokens[keyPrincipal] != "" {
+		t.Errorf("the key principal was not properly set %v", token.tokens[keyPrincipal])
+	}
+
+	if token.tokens[keyCredentials] != ticket {
+		t.Errorf("the key ticket was not properly set %v", token.tokens[keyCredentials])
 	}
 }
 

diff --git a/testkit-backend/backend.go b/testkit-backend/backend.go
@@ -362,7 +362,7 @@ func (b *backend) handleRequest(req map[string]interface{}) {
 				authTokenMap["credentials"].(string),
 				realmString)
 		case "kerberos":
-			authToken = neo4j.KerberosAuth(authTokenMap["ticket"].(string))
+			authToken = neo4j.KerberosAuth(authTokenMap["credentials"].(string))
 		default:
 			authToken = neo4j.CustomAuth(
 				authTokenMap["scheme"].(string),