neo4j · MaxAake · Jan 27, 2025 · Jan 24, 2025 · Jan 24, 2025
diff --git a/packages/core/src/auth.ts b/packages/core/src/auth.ts
@@ -15,6 +15,9 @@
  * limitations under the License.
  */
 
+import { newError } from './error'
+import { stringify } from './json'
+
 /**
  * @property {function(username: string, password: string, realm: ?string)} basic the function to create a
  * basic authentication token.
@@ -74,6 +77,11 @@ const auth = {
       output.realm = realm
     }
     if (isNotEmpty(parameters)) {
+      try {
+        stringify(parameters)
+      } catch (e) {
+        throw newError('Circular references in custom auth token parameters', undefined, e)
+      }
       output.parameters = parameters
     }
     return output

diff --git a/packages/core/test/auth.test.ts b/packages/core/test/auth.test.ts
@@ -17,6 +17,12 @@
 import auth from '../src/auth'
 
 describe('auth', () => {
+  test('.custom() should crash with circular references in parameters', () => {
+    const params = { a: '', b: {} }
+    params.b = params
+    expect(() => auth.custom('test', 'pass', 'realm', 'scheme', params)).toThrow('Circular references in custom auth token parameters')
+  })
+
   test('.bearer()', () => {
     expect(auth.bearer('==Qyahiadakkda')).toEqual({ scheme: 'bearer', credentials: '==Qyahiadakkda' })
   })

diff --git a/packages/neo4j-driver-deno/lib/core/auth.ts b/packages/neo4j-driver-deno/lib/core/auth.ts