mongodb-js · baileympearson · Sep 5, 2024 · Aug 16, 2024 · Aug 27, 2024 · Aug 27, 2024
diff --git a/README.md b/README.md
@@ -182,6 +182,7 @@ Processes a single kerberos client-side step using the supplied server challenge
 | challenge | <code>string</code> | The response returned after calling `unwrap` |
 | [options] | <code>object</code> | Optional settings |
 | [options.user] | <code>string</code> | The user to authorize |
+| [options.protect] | <code>boolean</code> | Indicates if the wrap should request message confidentiality |
 | [callback] | <code>function</code> |  |
 
 Perform the client side kerberos wrap step.

diff --git a/lib/kerberos.js b/lib/kerberos.js
@@ -52,6 +52,7 @@ KerberosClient.prototype.step = defineOperation(KerberosClient.prototype.step, [
  * @param {string} challenge The response returned after calling `unwrap`
  * @param {object} [options] Optional settings
  * @param {string} [options.user] The user to authorize
+ * @param {string} [options.protect] Indicates if the wrap should request message confidentiality
  * @param {function} [callback]
  * @return {Promise} returns Promise if no callback passed
  */

diff --git a/src/kerberos.cc b/src/kerberos.cc
@@ -37,6 +37,13 @@ std::string ToStringWithNonStringAsEmpty(Napi::Value value) {
     return value.As<String>();
 }
 
+int BooleanToIntWithNonIntAsFalse(Napi::Value value) {
+    if (!value.IsBoolean()) {
+        return 0;
+    }
+    return value.As<Boolean>().Value() ? 1 : 0;
+}
+
 Function KerberosClient::Init(Napi::Env env) {
     return
         DefineClass(env,

diff --git a/src/kerberos.h b/src/kerberos.h
@@ -72,6 +72,8 @@ void TestMethod(const Napi::CallbackInfo& info);
 
 std::string ToStringWithNonStringAsEmpty(Napi::Value value);
 
+int BooleanToIntWithNonIntAsFalse(Napi::Value value);
+
 }
 
 #endif  // KERBEROS_NATIVE_EXTENSION_H
diff --git a/src/unix/kerberos_unix.cc b/src/unix/kerberos_unix.cc
@@ -74,8 +74,7 @@ void KerberosClient::WrapData(const CallbackInfo& info) {
     Object options = info[1].ToObject();
     Function callback = info[2].As<Function>();
     std::string user = ToStringWithNonStringAsEmpty(options["user"]);
-
-    int protect = 0; // NOTE: this should be an option
+    int protect = BooleanToIntWithNonIntAsFalse(options["protect"]);
 
     KerberosWorker::Run(callback, "kerberos:ClientWrap", [=](KerberosWorker::SetOnFinishedHandler onFinished) {
         gss_result result = authenticate_gss_client_wrap(

diff --git a/src/win32/kerberos_win32.cc b/src/win32/kerberos_win32.cc
@@ -92,7 +92,7 @@ void KerberosClient::WrapData(const CallbackInfo& info) {
     Object options = info[1].ToObject();
     Function callback = info[2].As<Function>();
     std::string user = ToStringWithNonStringAsEmpty(options["user"]);
-    int protect = 0; // NOTE: this should be an option
+    int protect = BooleanToIntWithNonIntAsFalse(options["protect"]);
 
     if (isStringTooLong(user)) {
         throw Error::New(info.Env(), "User name is too long");