SERVER-46399 remove SCRAM-SHA-1 as a default internal auth mech

4 files changed, 9 insertions, 24 deletions

diff --git a/src/mongo/client/authenticate.cpp b/src/mongo/client/authenticate.cpp
index a1b3fd5a649..2c26e03953e 100644
--- a/src/mongo/client/authenticate.cpp
+++ b/src/mongo/client/authenticate.cpp
@@ -277,14 +277,11 @@ Future<void> authenticateInternalClient(
         });
 }
 
-BSONObj buildAuthParams(StringData dbname,
-                        StringData username,
-                        StringData passwordText,
-                        bool digestPassword) {
-    return BSON(saslCommandMechanismFieldName
-                << "SCRAM-SHA-1" << saslCommandUserDBFieldName << dbname << saslCommandUserFieldName
-                << username << saslCommandPasswordFieldName << passwordText
-                << saslCommandDigestPasswordFieldName << digestPassword);
+BSONObj buildAuthParams(StringData dbname, StringData username, StringData passwordText) {
+
+    return BSON(saslCommandMechanismFieldName << "SCRAM-SHA-256" << saslCommandUserDBFieldName
+                                              << dbname << saslCommandUserFieldName << username
+                                              << saslCommandPasswordFieldName << passwordText);
 }
 
 StringData getSaslCommandUserDBFieldName() {
diff --git a/src/mongo/client/authenticate.h b/src/mongo/client/authenticate.h
index b5b4876c573..613fcef768e 100644
--- a/src/mongo/client/authenticate.h
+++ b/src/mongo/client/authenticate.h
@@ -160,12 +160,8 @@ Future<void> authenticateInternalClient(
  *     @dbname: The database target of the auth command.
  *     @username: The std::string name of the user to authenticate.
  *     @passwordText: The std::string representing the user's password.
- *     @digestPassword: Set to true if the password is undigested.
  */
-BSONObj buildAuthParams(StringData dbname,
-                        StringData username,
-                        StringData passwordText,
-                        bool digestPassword);
+BSONObj buildAuthParams(StringData dbname, StringData username, StringData passwordText);
 
 /**
  * Run an isMaster exchange to negotiate a SASL mechanism for authentication.
diff --git a/src/mongo/client/dbclient_base.cpp b/src/mongo/client/dbclient_base.cpp
index 69bb443908b..c4b38ddb3e3 100644
--- a/src/mongo/client/dbclient_base.cpp
+++ b/src/mongo/client/dbclient_base.cpp
@@ -416,11 +416,9 @@ void DBClientBase::auth(const BSONObj& params) {
 bool DBClientBase::auth(const string& dbname,
                         const string& username,
                         const string& password_text,
-                        string& errmsg,
-                        bool digestPassword) {
+                        string& errmsg) {
     try {
-        const auto authParams =
-            auth::buildAuthParams(dbname, username, password_text, digestPassword);
+        const auto authParams = auth::buildAuthParams(dbname, username, password_text);
         auth(authParams);
         return true;
     } catch (const AssertionException& ex) {
diff --git a/src/mongo/client/dbclient_base.h b/src/mongo/client/dbclient_base.h
index d34bffd34ed..28dda9ada30 100644
--- a/src/mongo/client/dbclient_base.h
+++ b/src/mongo/client/dbclient_base.h
@@ -277,12 +277,10 @@ public:
      *        of the credential information for the user. May be "$external" if
      *        credential information is stored outside of the mongo cluster. Mandatory.
      *  'pwd': The password data.
-     *  'digestPassword': Boolean, set to true if the "pwd" is undigested (default).
      *  'serviceName': The GSSAPI service name to use. Defaults to "mongodb".
      *  'serviceHostname': The GSSAPI hostname to use. Defaults to the name of the remote host.
      *
      * Other fields in 'params' are silently ignored.
-     *
      * Returns normally on success, and throws on error. Throws a DBException with getCode() ==
      * ErrorCodes::AuthenticationFailed if authentication is rejected. All other exceptions are
      * tantamount to authentication failure, but may also indicate more serious problems.
@@ -296,16 +294,12 @@ public:
      * number of databases on a single connection. The "admin" database is special and once
      * authenticated provides access to all databases on the server.
      *
-     *  'digestPassword': If password is plain text, set this to true. otherwise assumed to be
-     *                    pre-digested.
-     *
      *   Returns true if successful.
      */
     bool auth(const std::string& dbname,
               const std::string& username,
               const std::string& pwd,
-              std::string& errmsg,
-              bool digestPassword = true);
+              std::string& errmsg);
 
     /**
      * Logs out the connection for the given database.