From 89f41cfbd2560b41592dadf6e1b59f80c33ec207 Mon Sep 17 00:00:00 2001
From: Shane Harvey <shane.harvey@mongodb.com>
Date: Thu, 4 Nov 2021 14:12:12 -0700
Subject: [PATCH] PYTHON-2999 Remove unused and internal only CRAM-MD5 auth
 mechanism (#777)

---
 pymongo/auth.py   | 26 --------------------------
 pymongo/common.py |  5 +----
 2 files changed, 1 insertion(+), 30 deletions(-)

diff --git a/pymongo/auth.py b/pymongo/auth.py
index b94698086..17f3a32fe 100644
--- a/pymongo/auth.py
+++ b/pymongo/auth.py
@@ -421,31 +421,6 @@ def _authenticate_plain(credentials, sock_info):
     sock_info.command(source, cmd)
 
 
-def _authenticate_cram_md5(credentials, sock_info):
-    """Authenticate using CRAM-MD5 (RFC 2195)
-    """
-    source = credentials.source
-    username = credentials.username
-    password = credentials.password
-    # The password used as the mac key is the
-    # same as what we use for MONGODB-CR
-    passwd = _password_digest(username, password)
-    cmd = SON([('saslStart', 1),
-               ('mechanism', 'CRAM-MD5'),
-               ('payload', Binary(b'')),
-               ('autoAuthorize', 1)])
-    response = sock_info.command(source, cmd)
-    # MD5 as implicit default digest for digestmod is deprecated
-    # in python 3.4
-    mac = hmac.HMAC(key=passwd.encode('utf-8'), digestmod=hashlib.md5)
-    mac.update(response['payload'])
-    challenge = username.encode('utf-8') + b' ' + mac.hexdigest().encode('utf-8')
-    cmd = SON([('saslContinue', 1),
-               ('conversationId', response['conversationId']),
-               ('payload', Binary(challenge))])
-    sock_info.command(source, cmd)
-
-
 def _authenticate_x509(credentials, sock_info):
     """Authenticate using MONGODB-X509.
     """
@@ -497,7 +472,6 @@ def _authenticate_default(credentials, sock_info):
 
 
 _AUTH_MAP = {
-    'CRAM-MD5': _authenticate_cram_md5,
     'GSSAPI': _authenticate_gssapi,
     'MONGODB-CR': _authenticate_mongo_cr,
     'MONGODB-X509': _authenticate_x509,
diff --git a/pymongo/common.py b/pymongo/common.py
index 7f2bda2d0..3d68ba1c7 100644
--- a/pymongo/common.py
+++ b/pymongo/common.py
@@ -372,10 +372,7 @@ def validate_read_preference_mode(dummy, value):
 def validate_auth_mechanism(option, value):
     """Validate the authMechanism URI option.
     """
-    # CRAM-MD5 is for server testing only. Undocumented,
-    # unsupported, may be removed at any time. You have
-    # been warned.
-    if value not in MECHANISMS and value != 'CRAM-MD5':
+    if value not in MECHANISMS:
         raise ValueError("%s must be in %s" % (option, tuple(MECHANISMS)))
     return value