Remove deprecated API

Author: ali-ince

src/index.js

@@ -103,42 +103,23 @@ const logging = {
  *       // TRUST_ALL_CERTIFICATES is the default choice for NodeJS deployments. It only requires
  *       // new host to provide a certificate and does no verification of the provided certificate.
  *       //
- *       // TRUST_ON_FIRST_USE is available for modern NodeJS deployments, and works
- *       // similarly to how `ssl` works - the first time we connect to a new host,
- *       // we remember the certificate they use. If the certificate ever changes, we
- *       // assume it is an attempt to hijack the connection and require manual intervention.
- *       // This means that by default, connections "just work" while still giving you
- *       // good encrypted protection.
- *       //
  *       // TRUST_CUSTOM_CA_SIGNED_CERTIFICATES is the classic approach to trust verification -
  *       // whenever we establish an encrypted connection, we ensure the host is using
  *       // an encryption certificate that is in, or is signed by, a certificate listed
  *       // as trusted. In the web bundle, this list of trusted certificates is maintained
  *       // by the web browser. In NodeJS, you configure the list with the next config option.
  *       //
  *       // TRUST_SYSTEM_CA_SIGNED_CERTIFICATES means that you trust whatever certificates
- *       // are in the default certificate chain of th
- *       trust: "TRUST_ALL_CERTIFICATES" | "TRUST_ON_FIRST_USE" | "TRUST_SIGNED_CERTIFICATES" |
- *       "TRUST_CUSTOM_CA_SIGNED_CERTIFICATES" | "TRUST_SYSTEM_CA_SIGNED_CERTIFICATES",
+ *       // are in the default certificate chain of the underlying system.
+ *       trust: "TRUST_ALL_CERTIFICATES" | "TRUST_CUSTOM_CA_SIGNED_CERTIFICATES" |
+ *       "TRUST_SYSTEM_CA_SIGNED_CERTIFICATES",
  *
  *       // List of one or more paths to trusted encryption certificates. This only
  *       // works in the NodeJS bundle, and only matters if you use "TRUST_CUSTOM_CA_SIGNED_CERTIFICATES".
  *       // The certificate files should be in regular X.509 PEM format.
  *       // For instance, ['./trusted.pem']
  *       trustedCertificates: [],
  *
- *       // Path to a file where the driver saves hosts it has seen in the past, this is
- *       // very similar to the ssl tool's known_hosts file. Each time we connect to a
- *       // new host, a hash of their certificate is stored along with the domain name and
- *       // port, and this is then used to verify the host certificate does not change.
- *       // This setting has no effect unless TRUST_ON_FIRST_USE is enabled.
- *       knownHosts:"~/.neo4j/known_hosts",
- *
- *       // The max number of connections that are allowed idle in the pool at any time.
- *       // Connection will be destroyed if this threshold is exceeded.
- *       // **Deprecated:** please use `maxConnectionPoolSize` instead.
- *       connectionPoolSize: 100,
- *
  *       // The maximum total number of connections allowed to be managed by the connection pool, per host.
  *       // This includes both in-use and idle connections. No maximum connection pool size is imposed
  *       // by default.
@@ -164,12 +145,6 @@ const logging = {
  *       // Default value is 30000 which is 30 seconds.
  *       maxTransactionRetryTime: 30000, // 30 seconds
  *
- *       // Provide an alternative load balancing strategy for the routing driver to use.
- *       // Driver uses "least_connected" by default.
- *       // **Note:** We are experimenting with different strategies. This could be removed in the next minor
- *       // version.
- *       loadBalancingStrategy: "least_connected" | "round_robin",
- *
  *       // Specify socket connection timeout in milliseconds. Numeric values are expected. Negative and zero values
  *       // result in no timeout being applied. Connection establishment will be then bound by the timeout configured
  *       // on the operating system level. Default value is 5000, which is 5 seconds.

src/internal/channel-config.js

@@ -24,8 +24,8 @@ const DEFAULT_CONNECTION_TIMEOUT_MILLIS = 5000; // 5 seconds by default
 
 const ALLOWED_VALUES_ENCRYPTED = [null, undefined, true, false, ENCRYPTION_ON, ENCRYPTION_OFF];
 
-const ALLOWED_VALUES_TRUST = [null, undefined, 'TRUST_ALL_CERTIFICATES', 'TRUST_ON_FIRST_USE',
-  'TRUST_SIGNED_CERTIFICATES', 'TRUST_CUSTOM_CA_SIGNED_CERTIFICATES', 'TRUST_SYSTEM_CA_SIGNED_CERTIFICATES'];
+const ALLOWED_VALUES_TRUST = [null, undefined, 'TRUST_ALL_CERTIFICATES',
+  'TRUST_CUSTOM_CA_SIGNED_CERTIFICATES', 'TRUST_SYSTEM_CA_SIGNED_CERTIFICATES'];
 
 export default class ChannelConfig {
 

src/internal/node/node-channel.js

@@ -106,14 +106,6 @@ function storeFingerprint( serverId, knownHostsPath, fingerprint, cb ) {
 }
 
 const TrustStrategy = {
-  /**
-   * @deprecated Since version 1.0. Will be deleted in a future version. {@link #TRUST_CUSTOM_CA_SIGNED_CERTIFICATES}.
-   */
-  TRUST_SIGNED_CERTIFICATES: function( config, onSuccess, onFailure ) {
-    console.warn('`TRUST_SIGNED_CERTIFICATES` has been deprecated as option and will be removed in a future version of ' +
-      "the driver. Please use `TRUST_CUSTOM_CA_SIGNED_CERTIFICATES` instead.");
-    return TrustStrategy.TRUST_CUSTOM_CA_SIGNED_CERTIFICATES(config, onSuccess, onFailure);
-  },
   TRUST_CUSTOM_CA_SIGNED_CERTIFICATES : function( config, onSuccess, onFailure ) {
     if( !config.trustedCertificates || config.trustedCertificates.length === 0 ) {
       onFailure(newError("You are using TRUST_CUSTOM_CA_SIGNED_CERTIFICATES as the method " +
@@ -159,62 +151,6 @@ const TrustStrategy = {
     socket.on('error', onFailure);
     return configureSocket(socket);
   },
-  /**
-   * @deprecated in 1.1 in favour of {@link #TRUST_ALL_CERTIFICATES}. Will be deleted in a future version.
-   */
-  TRUST_ON_FIRST_USE : function( config, onSuccess, onFailure ) {
-    console.warn('`TRUST_ON_FIRST_USE` has been deprecated as option and will be removed in a future version of ' +
-          "the driver. Please use `TRUST_ALL_CERTIFICATES` instead.");
-
-    const tlsOpts = newTlsOptions(config.url.host);
-    const socket = tls.connect(config.url.port, config.url.host, tlsOpts, function () {
-      const serverCert = socket.getPeerCertificate(/*raw=*/true);
-
-      if( !serverCert.raw ) {
-        // If `raw` is not available, we're on an old version of NodeJS, and
-        // the raw cert cannot be accessed (or, at least I couldn't find a way to)
-        // therefore, we can't generate a SHA512 fingerprint, meaning we can't
-        // do TOFU, and the safe approach is to fail.
-        onFailure(newError("You are using a version of NodeJS that does not " +
-          "support trust-on-first use encryption. You can either upgrade NodeJS to " +
-          "a newer version, use `trust:TRUST_CUSTOM_CA_SIGNED_CERTIFICATES` in your driver " +
-          "config instead, or disable encryption using `encrypted:\"" + ENCRYPTION_OFF+ "\"`."));
-        return;
-      }
-
-      const serverFingerprint = crypto.createHash('sha512').update(serverCert.raw).digest('hex');
-      const knownHostsPath = config.knownHostsPath || path.join(userHome(), ".neo4j", "known_hosts");
-      const serverId = config.url.hostAndPort;
-
-      loadFingerprint(serverId, knownHostsPath, (knownFingerprint) => {
-        if( knownFingerprint === serverFingerprint ) {
-          onSuccess();
-        } else if( knownFingerprint == null ) {
-          storeFingerprint( serverId, knownHostsPath, serverFingerprint, (err) => {
-            if (err) {
-              return onFailure(err);
-            }
-            return onSuccess();
-          });
-        } else {
-          onFailure(newError("Database encryption certificate has changed, and no longer " +
-            "matches the certificate stored for " + serverId + " in `" + knownHostsPath +
-            "`. As a security precaution, this driver will not automatically trust the new " +
-            "certificate, because doing so would allow an attacker to pretend to be the Neo4j " +
-            "instance we want to connect to. The certificate provided by the server looks like: " +
-            serverCert + ". If you trust that this certificate is valid, simply remove the line " +
-            "starting with " + serverId + " in `" + knownHostsPath + "`, and the driver will " +
-            "update the file with the new certificate. You can configure which file the driver " +
-            "should use to store this information by setting `knownHosts` to another path in " +
-            "your driver configuration - and you can disable encryption there as well using " +
-            "`encrypted:\"" + ENCRYPTION_OFF + "\"`."))
-        }
-      });
-    });
-    socket.on('error', onFailure);
-    return configureSocket(socket);
-  },
-
   TRUST_ALL_CERTIFICATES: function (config, onSuccess, onFailure) {
     const tlsOpts = newTlsOptions(config.url.host);
     const socket = tls.connect(config.url.port, config.url.host, tlsOpts, function () {

src/internal/pool-config.js

@@ -32,22 +32,8 @@ export default class PoolConfig {
   }
 
   static fromDriverConfig(config) {
-    const maxIdleSizeConfigured = isConfigured(config.connectionPoolSize);
     const maxSizeConfigured = isConfigured(config.maxConnectionPoolSize);
-
-    let maxSize;
-
-    if (maxSizeConfigured) {
-      // correct size setting is set - use it's value
-      maxSize = config.maxConnectionPoolSize;
-    } else if (maxIdleSizeConfigured) {
-      // deprecated size setting is set - use it's value
-      console.warn('WARNING: neo4j-driver setting "connectionPoolSize" is deprecated, please use "maxConnectionPoolSize" instead');
-      maxSize = config.connectionPoolSize;
-    } else {
-      maxSize = DEFAULT_MAX_SIZE;
-    }
-
+    const maxSize = maxSizeConfigured ? config.maxConnectionPoolSize : DEFAULT_MAX_SIZE;
     const acquisitionTimeoutConfigured = isConfigured(config.connectionAcquisitionTimeout);
     const acquisitionTimeout = acquisitionTimeoutConfigured ? config.connectionAcquisitionTimeout : DEFAULT_ACQUISITION_TIMEOUT;
 

src/internal/round-robin-load-balancing-strategy.js

@@ -21,7 +21,6 @@ import {Driver} from './driver';
 import {newError, SESSION_EXPIRED} from './error';
 import {LoadBalancer} from './internal/connection-providers';
 import LeastConnectedLoadBalancingStrategy, {LEAST_CONNECTED_STRATEGY_NAME} from './internal/least-connected-load-balancing-strategy';
-import RoundRobinLoadBalancingStrategy, {ROUND_ROBIN_STRATEGY_NAME} from './internal/round-robin-load-balancing-strategy';
 import ConnectionErrorHandler from './internal/connection-error-handler';
 import ConfiguredHostNameResolver from './internal/resolver/configured-host-name-resolver';
 import {HostNameResolver} from './internal/node';
@@ -75,14 +74,7 @@ class RoutingDriver extends Driver {
    * @private
    */
   static _createLoadBalancingStrategy(config, connectionPool) {
-    const configuredValue = config.loadBalancingStrategy;
-    if (!configuredValue || configuredValue === LEAST_CONNECTED_STRATEGY_NAME) {
-      return new LeastConnectedLoadBalancingStrategy(connectionPool);
-    } else if (configuredValue === ROUND_ROBIN_STRATEGY_NAME) {
-      return new RoundRobinLoadBalancingStrategy();
-    } else {
-      throw newError('Unknown load balancing strategy: ' + configuredValue);
-    }
+    return new LeastConnectedLoadBalancingStrategy(connectionPool);
   }
 }
 
@@ -102,9 +94,6 @@ function createHostNameResolver(config) {
  * @returns {object} the given config.
  */
 function validateConfig(config) {
-  if (config.trust === 'TRUST_ON_FIRST_USE') {
-    throw newError('The chosen trust mode is not compatible with a routing driver');
-  }
   const resolver = config.resolver;
   if (resolver && typeof resolver !== 'function') {
     throw new TypeError(`Configured resolver should be a function. Got: ${resolver}`);

src/routing-driver.js

@@ -216,17 +216,6 @@ describe('driver', () => {
     routingDriver.close();
   });
 
-  it('should fail when TRUST_ON_FIRST_USE is used with routing', () => {
-    const createRoutingDriverWithTOFU = () => {
-      driver = neo4j.driver('bolt+routing://localhost', sharedNeo4j.username, {
-        encrypted: "ENCRYPTION_ON",
-          trust: 'TRUST_ON_FIRST_USE'
-      });
-    };
-
-    expect(createRoutingDriverWithTOFU).toThrow();
-  });
-
   it('should fail when bolt:// scheme used with routing params', () => {
     expect(() => neo4j.driver('bolt://localhost:7687/?policy=my_policy')).toThrow();
   });

test/driver.test.js

@@ -137,21 +137,6 @@ describe('examples', () => {
     };
   });
 
-  it('config load balancing example', done => {
-    // tag::config-load-balancing-strategy[]
-    const driver = neo4j.driver(uri, neo4j.auth.basic(user, password),
-      {
-        loadBalancingStrategy: "least_connected"
-      }
-    );
-    // end::config-load-balancing-strategy[]
-
-    driver.onCompleted = () => {
-      driver.close();
-      done();
-    };
-  });
-
   it('config max retry time example', done => {
     // tag::config-max-retry-time[]
     const maxRetryTimeMs = 15 * 1000; // 15 seconds

test/examples.test.js

@@ -126,7 +126,7 @@ describe('WebSocketChannel', () => {
     };
 
     const url = urlUtil.parseDatabaseUrl('bolt://localhost:8989');
-    const driverConfig = {encrypted: true, trust: 'TRUST_ON_FIRST_USE'};
+    const driverConfig = {encrypted: true, trust: 'TRUST_ALL_CERTIFICATES'};
     const channelConfig = new ChannelConfig(url, driverConfig, SERVICE_UNAVAILABLE);
 
     const channel = new WebSocketChannel(channelConfig, protocolSupplier);

test/internal/browser/browser-channel.test.js

@@ -147,8 +147,6 @@ describe('ChannelConfig', () => {
     expect(new ChannelConfig(null, {trust: null}, '').trust).toBeNull();
     expect(new ChannelConfig(null, {trust: undefined}, '').trust).toBeUndefined();
     expect(new ChannelConfig(null, {trust: 'TRUST_ALL_CERTIFICATES'}, '').trust).toEqual('TRUST_ALL_CERTIFICATES');
-    expect(new ChannelConfig(null, {trust: 'TRUST_ON_FIRST_USE'}, '').trust).toEqual('TRUST_ON_FIRST_USE');
-    expect(new ChannelConfig(null, {trust: 'TRUST_SIGNED_CERTIFICATES'}, '').trust).toEqual('TRUST_SIGNED_CERTIFICATES');
     expect(new ChannelConfig(null, {trust: 'TRUST_CUSTOM_CA_SIGNED_CERTIFICATES'}, '').trust).toEqual('TRUST_CUSTOM_CA_SIGNED_CERTIFICATES');
     expect(new ChannelConfig(null, {trust: 'TRUST_SYSTEM_CA_SIGNED_CERTIFICATES'}, '').trust).toEqual('TRUST_SYSTEM_CA_SIGNED_CERTIFICATES');