Node JS version

node_modules/cassandra-driver/lib/auth/base-dse-authenticator.js

@@ -0,0 +1,76 @@
+/*
+ * Copyright DataStax, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+'use strict';
+const util = require('util');
+const { Authenticator } = require('./provider');
+
+const dseAuthenticatorName = 'com.datastax.bdp.cassandra.auth.DseAuthenticator';
+
+/**
+ * Base class for Authenticator implementations that want to make use of
+ * the authentication scheme negotiation in the DseAuthenticator
+ * @param {String} authenticatorName
+ * @extends Authenticator
+ * @constructor
+ * @ignore
+ */
+function BaseDseAuthenticator(authenticatorName) {
+  this.authenticatorName = authenticatorName;
+}
+
+util.inherits(BaseDseAuthenticator, Authenticator);
+
+/**
+ * Return a Buffer containing the required SASL mechanism.
+ * @abstract
+ * @returns {Buffer}
+ */
+BaseDseAuthenticator.prototype.getMechanism = function () {
+  throw new Error('Not implemented');
+};
+
+/**
+ * Return a byte array containing the expected successful server challenge.
+ * @abstract
+ * @returns {Buffer}
+ */
+BaseDseAuthenticator.prototype.getInitialServerChallenge = function () {
+  throw new Error('Not implemented');
+};
+
+/**
+ * @param {Function} callback
+ * @override
+ */
+BaseDseAuthenticator.prototype.initialResponse = function (callback) {
+  if (!this._isDseAuthenticator()) {
+    //fallback
+    return this.evaluateChallenge(this.getInitialServerChallenge(), callback);
+  }
+  //send the mechanism as a first auth message
+  callback(null, this.getMechanism());
+};
+
+/**
+ * Determines if the name of the authenticator matches DSE 5+
+ * @protected
+ * @ignore
+ */
+BaseDseAuthenticator.prototype._isDseAuthenticator = function () {
+  return this.authenticatorName === dseAuthenticatorName;
+};
+
+module.exports = BaseDseAuthenticator;

node_modules/cassandra-driver/lib/auth/dse-gssapi-auth-provider.js

@@ -0,0 +1,231 @@
+/*
+ * Copyright DataStax, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+'use strict';
+const util = require('util');
+const { AuthProvider } = require('./provider');
+const BaseDseAuthenticator = require('./base-dse-authenticator');
+const GssapiClient = require('./gssapi-client');
+const dns = require('dns');
+const utils = require('../utils');
+
+const mechanism = utils.allocBufferFromString('GSSAPI');
+const initialServerChallenge = 'GSSAPI-START';
+const emptyBuffer = utils.allocBuffer(0);
+
+/**
+ * Creates a new instance of <code>DseGssapiAuthProvider</code>.
+ * @classdesc
+ * AuthProvider that provides GSSAPI authenticator instances for clients to connect
+ * to DSE clusters secured with the DseAuthenticator.
+ * @param {Object} [gssOptions] GSSAPI authenticator options
+ * @param {String} [gssOptions.authorizationId] The optional authorization ID. Providing an authorization ID allows the
+ * currently authenticated user to act as a different user (a.k.a. proxy authentication).
+ * @param {String} [gssOptions.service] The service to use. Defaults to 'dse'.
+ * @param {Function} [gssOptions.hostNameResolver] A method to be used to resolve the name of the Cassandra node based
+ * on the IP Address.  Defaults to [lookupServiceResolver]{@link module:auth~DseGssapiAuthProvider.lookupServiceResolver}
+ * which resolves the FQDN of the provided IP to generate principals in the format of
+ * <code>dse/example.com@MYREALM.COM</code>.
+ * Alternatively, you can use [reverseDnsResolver]{@link module:auth~DseGssapiAuthProvider.reverseDnsResolver} to do a
+ * reverse DNS lookup or [useIpResolver]{@link module:auth~DseGssapiAuthProvider.useIpResolver} to simply use the IP
+ * address provided.
+ * @param {String} [gssOptions.user] DEPRECATED, it will be removed in future versions. For proxy authentication, use
+ * <code>authorizationId</code> instead.
+ * @example
+ * const client = new cassandra.Client({
+ *   contactPoints: ['h1', 'h2'],
+ *   authProvider: new cassandra.auth.DseGssapiAuthProvider()
+ * });
+ * @alias module:auth~DseGssapiAuthProvider
+ * @constructor
+ */
+function DseGssapiAuthProvider(gssOptions) {
+  //load the kerberos at construction time
+  try {
+    // eslint-disable-next-line
+    this._kerberos = require('kerberos');
+  }
+  catch (err) {
+    if (err.code === 'MODULE_NOT_FOUND') {
+      const newErr = new Error('You must install module "kerberos" to use GSSAPI auth provider: ' +
+        'https://www.npmjs.com/package/kerberos');
+      newErr.code = err.code;
+      throw newErr;
+    }
+    throw err;
+  }
+  gssOptions = gssOptions || utils.emptyObject;
+  this.authorizationId = gssOptions.authorizationId || gssOptions.user;
+  this.service = gssOptions.service;
+  this.hostNameResolver = gssOptions.hostNameResolver || DseGssapiAuthProvider.lookupServiceResolver;
+}
+
+util.inherits(DseGssapiAuthProvider, AuthProvider);
+
+/**
+ * Returns an Authenticator instance to be used by the driver when connecting to a host.
+ * @param {String} endpoint The IP address and port number in the format ip:port.
+ * @param {String} name Authenticator name.
+ * @override
+ * @returns {Authenticator}
+ */
+DseGssapiAuthProvider.prototype.newAuthenticator = function (endpoint, name) {
+  let address = endpoint;
+  if (endpoint.indexOf(':') > 0) {
+    address = endpoint.split(':')[0];
+  }
+  return new GssapiAuthenticator(
+    this._kerberos, address, name, this.authorizationId, this.service, this.hostNameResolver);
+};
+
+/**
+ * Performs a lookupService query that resolves an IPv4 or IPv6 address to a hostname.  This ultimately makes a
+ * <code>getnameinfo()</code> system call which depends on the OS to do hostname resolution.
+ * <p/>
+ * <b>Note:</b> Depends on <code>dns.lookupService</code> which was added in 0.12.  For older versions falls back on
+ * [reverseDnsResolver]{@link module:auth~DseGssapiAuthProvider.reverseDnsResolver}.
+ *
+ * @param {String} ip IP address to resolve.
+ * @param {Function} callback The callback function with <code>err</code> and <code>hostname</code> arguments.
+ */
+DseGssapiAuthProvider.lookupServiceResolver = function (ip, callback) {
+  if (!dns.lookupService) {
+    return DseGssapiAuthProvider.reverseDnsResolver(ip, callback);
+  }
+  dns.lookupService(ip, 0, function (err, hostname) {
+    if (err) {
+      return callback(err);
+    }
+    if (!hostname) {
+      //fallback to ip
+      return callback(null, ip);
+    }
+    callback(null, hostname);
+  });
+};
+
+/**
+ * Performs a reverse DNS query that resolves an IPv4 or IPv6 address to a hostname.
+ * @param {String} ip IP address to resolve.
+ * @param {Function} callback The callback function with <code>err</code> and <code>hostname</code> arguments.
+ */
+DseGssapiAuthProvider.reverseDnsResolver = function (ip, callback) {
+  dns.reverse(ip, function (err, names) {
+    if (err) {
+      return callback(err);
+    }
+    if (!names || !names.length) {
+      //fallback to ip
+      return callback(null, ip);
+    }
+    callback(null, names[0]);
+  });
+};
+
+/**
+ * Effectively a no op operation, returns the IP address provided.
+ * @param {String} ip IP address to use.
+ * @param {Function} callback The callback function with <code>err</code> and <code>hostname</code> arguments.
+ */
+DseGssapiAuthProvider.useIpResolver = function (ip, callback) {
+  callback(null, ip);
+};
+
+/**
+ * @param {Object} kerberosModule
+ * @param {String} address Host address.
+ * @param {String} authenticatorName
+ * @param {String} authorizationId
+ * @param {String} service
+ * @param {Function} hostNameResolver
+ * @extends Authenticator
+ * @private
+ */
+function GssapiAuthenticator(kerberosModule, address, authenticatorName, authorizationId, service, hostNameResolver) {
+  BaseDseAuthenticator.call(this, authenticatorName);
+  this.authorizationId = authorizationId;
+  this.address = address;
+  this.client = GssapiClient.createNew(kerberosModule, authorizationId, service);
+  this.hostNameResolver = hostNameResolver;
+}
+
+//noinspection JSCheckFunctionSignatures
+util.inherits(GssapiAuthenticator, BaseDseAuthenticator);
+
+GssapiAuthenticator.prototype.getMechanism = function () {
+  return mechanism;
+};
+
+GssapiAuthenticator.prototype.getInitialServerChallenge = function () {
+  return utils.allocBufferFromString(initialServerChallenge);
+};
+
+//noinspection JSUnusedGlobalSymbols
+/**
+ * Obtain an initial response token for initializing the SASL handshake.
+ * @param {Function} callback
+ */
+GssapiAuthenticator.prototype.initialResponse = function (callback) {
+  const self = this;
+  //initialize the GSS client
+  let host = this.address;
+  utils.series([
+    function getHostName(next) {
+      self.hostNameResolver(self.address, function (err, name) {
+        if (!err && name) {
+          host = name;
+        }
+        next();
+      });
+    },
+    function initClient(next) {
+      self.client.init(host, function (err) {
+        if (err) {
+          return next(err);
+        }
+        if (!self._isDseAuthenticator()) {
+          //fallback
+          return self.evaluateChallenge(self.getInitialServerChallenge(), next);
+        }
+        //send the mechanism as a first auth message
+        next(null, self.getMechanism());
+      });
+    }
+  ], callback);
+};
+
+/**
+ * Evaluates a challenge received from the Server. Generally, this method should callback with
+ * no error and no additional params when authentication is complete from the client perspective.
+ * @param {Buffer} challenge
+ * @param {Function} callback
+ * @override
+ */
+GssapiAuthenticator.prototype.evaluateChallenge = function (challenge, callback) {
+  if (!challenge || challenge.toString() === initialServerChallenge) {
+    challenge = emptyBuffer;
+  }
+  this.client.evaluateChallenge(challenge, callback);
+};
+
+/**
+ * @override
+ */
+GssapiAuthenticator.prototype.onAuthenticationSuccess = function (token) {
+  this.client.shutdown(function noop() { });
+};
+
+
+module.exports = DseGssapiAuthProvider;

node_modules/cassandra-driver/lib/auth/dse-plain-text-auth-provider.js

@@ -0,0 +1,110 @@
+/*
+ * Copyright DataStax, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+'use strict';
+const util = require('util');
+const { AuthProvider } = require('./provider');
+const BaseDseAuthenticator = require('./base-dse-authenticator');
+const utils = require('../utils');
+
+const mechanism = utils.allocBufferFromString('PLAIN');
+const separatorBuffer = utils.allocBufferFromArray([0]);
+const initialServerChallenge = 'PLAIN-START';
+
+/**
+ * Creates a new instance of <code>DsePlainTextAuthProvider</code>.
+ * @classdesc
+ * AuthProvider that provides plain text authenticator instances for clients to connect
+ * to DSE clusters secured with the DseAuthenticator.
+ * @param {String} username The username; cannot be <code>null</code>.
+ * @param {String} password The password; cannot be <code>null</code>.
+ * @param {String} [authorizationId] The optional authorization ID. Providing an authorization ID allows the currently
+ * authenticated user to act as a different user (a.k.a. proxy authentication).
+ * @extends AuthProvider
+ * @alias module:auth~DsePlainTextAuthProvider
+ * @example
+ * const client = new cassandra.Client({
+ *   contactPoints: ['h1', 'h2'],
+ *   authProvider: new cassandra.auth.DsePlainTextAuthProvider('user', 'p@ssword1');
+ * });
+ * @constructor
+ */
+function DsePlainTextAuthProvider(username, password, authorizationId) {
+  if (typeof username !== 'string' || typeof password !== 'string') {
+    // Validate for null and undefined
+    throw new TypeError('Username and password must be a string');
+  }
+  this.username = username;
+  this.password = password;
+  this.authorizationId = authorizationId;
+}
+
+util.inherits(DsePlainTextAuthProvider, AuthProvider);
+
+/**
+ * Returns an Authenticator instance to be used by the driver when connecting to a host.
+ * @param {String} endpoint The IP address and port number in the format ip:port.
+ * @param {String} name Authenticator name.
+ * @override
+ * @returns {Authenticator}
+ */
+DsePlainTextAuthProvider.prototype.newAuthenticator = function (endpoint, name) {
+  return new PlainTextAuthenticator(name, this.username, this.password, this.authorizationId);
+};
+
+/**
+ * @param {String} authenticatorName
+ * @param {String} authenticatorId
+ * @param {String} password
+ * @param {String} authorizationId
+ * @extends BaseDseAuthenticator
+ * @constructor
+ * @private
+ */
+function PlainTextAuthenticator(authenticatorName, authenticatorId, password, authorizationId) {
+  BaseDseAuthenticator.call(this, authenticatorName);
+  this.authenticatorId = utils.allocBufferFromString(authenticatorId);
+  this.password = utils.allocBufferFromString(password);
+  this.authorizationId = utils.allocBufferFromString(authorizationId || '');
+}
+
+util.inherits(PlainTextAuthenticator, BaseDseAuthenticator);
+
+/** @override */
+PlainTextAuthenticator.prototype.getMechanism = function () {
+  return mechanism;
+};
+
+/** @override */
+PlainTextAuthenticator.prototype.getInitialServerChallenge = function () {
+  return utils.allocBufferFromString(initialServerChallenge);
+};
+
+/** @override */
+PlainTextAuthenticator.prototype.evaluateChallenge = function (challenge, callback) {
+  if (!challenge || challenge.toString() !== initialServerChallenge) {
+    return callback(new Error('Incorrect SASL challenge from server'));
+  }
+  // The SASL plain text format is authorizationId 0 username 0 password
+  callback(null, Buffer.concat([
+    this.authorizationId,
+    separatorBuffer,
+    this.authenticatorId,
+    separatorBuffer,
+    this.password
+  ]));
+};
+
+module.exports = DsePlainTextAuthProvider;

node_modules/cassandra-driver/lib/auth/gssapi-client.js

@@ -0,0 +1,155 @@
+/*
+ * Copyright DataStax, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+'use strict';
+
+const util = require('util');
+const utils = require('../utils');
+
+/**
+ * GSSAPI Client interface.
+ * @ignore
+ */
+class GssapiClient {
+  /**
+   * @param {String} [authorizationId]
+   * @param {String} [service]
+   */
+  constructor(authorizationId, service) {
+    this.authorizationId = authorizationId;
+    this.service = service !== undefined ? service : 'dse';
+  }
+
+  /**
+   * @abstract
+   * @param {String} host Host name or ip
+   * @param {Function} callback
+   */
+  init(host, callback) {
+    throw new Error('Not implemented');
+  }
+
+  /**
+   * @param {Buffer} challenge
+   * @param {Function} callback
+   * @abstract
+   */
+  evaluateChallenge(challenge, callback) {
+    throw new Error('Not implemented');
+  }
+
+  /**
+   * @abstract
+   * @param {Function} [callback]
+   */
+  shutdown(callback) {
+    throw new Error('Not implemented');
+  }
+
+  /**
+   * Factory to get the actual implementation of GSSAPI (unix or win)
+   * @param {Object} kerberosModule Kerberos client library dependency
+   * @param {String} [authorizationId] An identity to act as (for proxy authentication).
+   * @param {String} [service] The service to use. (defaults to 'dse')
+   * @returns GssapiClient
+   */
+  static createNew(kerberosModule, authorizationId, service) {
+    return new StandardGssClient(kerberosModule, authorizationId, service);
+  }
+}
+
+/**
+ * GSSAPI Client implementation using kerberos module.
+ * @ignore
+ */
+class StandardGssClient extends GssapiClient {
+  constructor(kerberosModule, authorizationId, service) {
+    if (typeof kerberosModule.initializeClient !== 'function') {
+      throw new Error('The driver expects version 1.x of the kerberos library');
+    }
+
+    super(authorizationId, service);
+    this.kerberos = kerberosModule;
+    this.transitionIndex = 0;
+  }
+
+  init(host, callback) {
+    this.host = host;
+    let uri = this.service;
+    if (this.host) {
+      //For the principal    "dse/cassandra1.datastax.com@DATASTAX.COM"
+      //the expected uri is: "dse@cassandra1.datastax.com"
+      uri = util.format("%s@%s", this.service, this.host);
+    }
+    const options = {
+      gssFlags: this.kerberos.GSS_C_MUTUAL_FLAG //authenticate itself flag
+    };
+    this.kerberos.initializeClient(uri, options, (err, kerberosClient) => {
+      if (err) {
+        return callback(err);
+      }
+      this.kerberosClient = kerberosClient;
+      callback();
+    });
+  }
+
+  /** @override */
+  evaluateChallenge(challenge, callback) {
+    this['transition' + this.transitionIndex](challenge, (err, response) => {
+      if (err) {
+        return callback(err);
+      }
+      this.transitionIndex++;
+      callback(null, response ? utils.allocBufferFromString(response, 'base64') : utils.allocBuffer(0));
+    });
+  }
+
+  transition0(challenge, callback) {
+    this.kerberosClient.step('', callback);
+  }
+
+  transition1(challenge, callback) {
+    const charPointerChallenge = challenge.toString('base64');
+    this.kerberosClient.step(charPointerChallenge, callback);
+  }
+
+  transition2(challenge, callback) {
+    this.kerberosClient.unwrap(challenge.toString('base64'), (err, response) => {
+      if (err) {
+        return callback(err, false);
+      }
+      const cb = function (err, wrapped) {
+        if (err) {
+          return callback(err);
+        }
+        callback(null, wrapped);
+      };
+      if (this.authorizationId !== undefined) {
+        this.kerberosClient.wrap(response, { user: this.authorizationId }, cb);
+      }
+      else {
+        this.kerberosClient.wrap(response, null, cb);
+      }
+    });
+  }
+
+  shutdown(callback) {
+    this.kerberosClient = null;
+    callback();
+  }
+}
+
+module.exports = GssapiClient;

node_modules/cassandra-driver/lib/auth/index.d.ts

@@ -0,0 +1,47 @@
+/*
+ * Copyright DataStax, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+export namespace auth {
+  interface Authenticator {
+    initialResponse(callback: Function): void;
+
+    evaluateChallenge(challenge: Buffer, callback: Function): void;
+
+    onAuthenticationSuccess(token?: Buffer): void;
+  }
+
+  interface AuthProvider {
+    newAuthenticator(endpoint: string, name: string): Authenticator;
+  }
+
+  class PlainTextAuthProvider implements AuthProvider {
+    constructor(username: string, password: string);
+
+    newAuthenticator(endpoint: string, name: string): Authenticator;
+  }
+
+  class DsePlainTextAuthProvider implements AuthProvider {
+    constructor(username: string, password: string, authorizationId?: string);
+
+    newAuthenticator(endpoint: string, name: string): Authenticator;
+  }
+
+  class DseGssapiAuthProvider implements AuthProvider {
+    constructor(gssOptions?: { authorizationId?: string, service?: string, hostNameResolver?: Function });
+
+    newAuthenticator(endpoint: string, name: string): Authenticator;
+  }
+}

node_modules/cassandra-driver/lib/auth/index.js

@@ -0,0 +1,39 @@
+/*
+ * Copyright DataStax, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+'use strict';
+
+/**
+ * DSE Authentication module.
+ * <p>
+ *   Contains the classes used for connecting to a DSE cluster secured with DseAuthenticator.
+ * </p>
+ * @module auth
+ */
+
+const { Authenticator, AuthProvider } = require('./provider');
+const { PlainTextAuthProvider } = require('./plain-text-auth-provider');
+const DseGssapiAuthProvider = require('./dse-gssapi-auth-provider');
+const DsePlainTextAuthProvider = require('./dse-plain-text-auth-provider');
+const NoAuthProvider = require('./no-auth-provider');
+
+module.exports = {
+  Authenticator,
+  AuthProvider,
+  DseGssapiAuthProvider,
+  DsePlainTextAuthProvider,
+  NoAuthProvider,
+  PlainTextAuthProvider
+};

node_modules/cassandra-driver/lib/auth/no-auth-provider.js

@@ -0,0 +1,70 @@
+/*
+ * Copyright DataStax, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+'use strict';
+
+const { AuthProvider, Authenticator } = require('./provider');
+const { PlainTextAuthenticator } = require('./plain-text-auth-provider');
+const errors = require('../errors');
+
+const dseAuthenticator = 'com.datastax.bdp.cassandra.auth.DseAuthenticator';
+
+/**
+ * Internal authentication provider that is used when no provider has been set by the user.
+ * @ignore
+ */
+class NoAuthProvider extends AuthProvider {
+  newAuthenticator(endpoint, name) {
+    if (name === dseAuthenticator) {
+      // Try to use transitional mode
+      return new TransitionalModePlainTextAuthenticator();
+    }
+
+    // Use an authenticator that doesn't allow auth flow
+    return new NoAuthAuthenticator(endpoint);
+  }
+}
+
+/**
+ * An authenticator throws an error when authentication flow is started.
+ * @ignore
+ */
+class NoAuthAuthenticator extends Authenticator {
+  constructor(endpoint) {
+    super();
+    this.endpoint = endpoint;
+  }
+
+  initialResponse(callback) {
+    callback(new errors.AuthenticationError(
+      `Host ${this.endpoint} requires authentication, but no authenticator found in the options`));
+  }
+}
+
+/**
+ * Authenticator that accounts for DSE authentication configured with transitional mode: normal.
+ *
+ * In this situation, the client is allowed to connect without authentication, but DSE
+ * would still send an AUTHENTICATE response. This Authenticator handles this situation
+ * by sending back a dummy credential.
+ */
+class TransitionalModePlainTextAuthenticator extends PlainTextAuthenticator {
+  constructor() {
+    super('', '');
+  }
+}
+
+module.exports = NoAuthProvider;

node_modules/cassandra-driver/lib/auth/plain-text-auth-provider.js

@@ -0,0 +1,81 @@
+/*
+ * Copyright DataStax, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+'use strict';
+const util = require('util');
+
+const provider = require('./provider.js');
+const utils = require('../utils');
+const AuthProvider = provider.AuthProvider;
+const Authenticator = provider.Authenticator;
+/**
+ * Creates a new instance of the Authenticator provider
+ * @classdesc Provides plain text [Authenticator]{@link module:auth~Authenticator} instances to be used when
+ * connecting to a host.
+ * @extends module:auth~AuthProvider
+ * @example
+ * var authProvider = new cassandra.auth.PlainTextAuthProvider('my_user', 'p@ssword1!');
+ * //Set the auth provider in the clientOptions when creating the Client instance
+ * const client = new Client({ contactPoints: contactPoints, authProvider: authProvider });
+ * @param {String} username User name in plain text
+ * @param {String} password Password in plain text
+ * @alias module:auth~PlainTextAuthProvider
+ * @constructor
+ */
+function PlainTextAuthProvider(username, password) {
+  this.username = username;
+  this.password = password;
+}
+
+util.inherits(PlainTextAuthProvider, AuthProvider);
+
+/**
+ * Returns a new [Authenticator]{@link module:auth~Authenticator} instance to be used for plain text authentication.
+ * @override
+ * @returns {Authenticator}
+ */
+PlainTextAuthProvider.prototype.newAuthenticator = function () {
+  return new PlainTextAuthenticator(this.username, this.password);
+};
+
+/**
+ * @ignore
+ */
+function PlainTextAuthenticator(username, password) {
+  this.username = username;
+  this.password = password;
+}
+
+util.inherits(PlainTextAuthenticator, Authenticator);
+
+PlainTextAuthenticator.prototype.initialResponse = function (callback) {
+  const initialToken = Buffer.concat([
+    utils.allocBufferFromArray([0]),
+    utils.allocBufferFromString(this.username, 'utf8'),
+    utils.allocBufferFromArray([0]),
+    utils.allocBufferFromString(this.password, 'utf8')
+  ]);
+  callback(null, initialToken);
+};
+
+PlainTextAuthenticator.prototype.evaluateChallenge = function (challenge, callback) {
+  //noop
+  callback();
+};
+
+module.exports = {
+  PlainTextAuthenticator,
+  PlainTextAuthProvider,
+};

node_modules/cassandra-driver/lib/auth/provider.js

@@ -0,0 +1,79 @@
+/*
+ * Copyright DataStax, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+'use strict';
+/**
+ * @classdesc Provides [Authenticator]{@link module:auth~Authenticator} instances to be used when connecting to a host.
+ * @constructor
+ * @abstract
+ * @alias module:auth~AuthProvider
+ */
+function AuthProvider() {
+
+}
+
+/**
+ * Returns an [Authenticator]{@link module:auth~Authenticator} instance to be used when connecting to a host.
+ * @param {String} endpoint The ip address and port number in the format ip:port
+ * @param {String} name Authenticator name
+ * @abstract
+ * @returns {Authenticator}
+ */
+AuthProvider.prototype.newAuthenticator = function (endpoint, name) {
+  throw new Error('This is an abstract class, you must implement newAuthenticator method or ' +
+    'use another auth provider that inherits from this class');
+};
+
+/**
+ * @class
+ * @classdesc Handles SASL authentication with Cassandra servers.
+ * Each time a new connection is created and the server requires authentication,
+ * a new instance of this class will be created by the corresponding.
+ * @constructor
+ * @alias module:auth~Authenticator
+ */
+function Authenticator() {
+
+}
+
+/**
+ * Obtain an initial response token for initializing the SASL handshake.
+ * @param {Function} callback
+ */
+Authenticator.prototype.initialResponse = function (callback) {
+  callback(new Error('Not implemented'));
+};
+
+/**
+ * Evaluates a challenge received from the Server. Generally, this method should callback with
+ * no error and no additional params when authentication is complete from the client perspective.
+ * @param {Buffer} challenge
+ * @param {Function} callback
+ */
+Authenticator.prototype.evaluateChallenge = function (challenge, callback) {
+  callback(new Error('Not implemented'));
+};
+
+/**
+ * Called when authentication is successful with the last information
+ * optionally sent by the server.
+ * @param {Buffer} [token]
+ */
+Authenticator.prototype.onAuthenticationSuccess = function (token) {
+
+};
+
+exports.AuthProvider = AuthProvider;
+exports.Authenticator = Authenticator;