Mongoose: `authdb` option not working
using
var connectionString = 'mongodb://' + config.database.username + ':' + config.database.password + '@' + config.database.host + ':' + config.database.port + '/' + dbname;
var connection = mongoose.createConnection(connectionString);
everything is replaced fine. user is create via mongo shell db.addUser() and has role 'readWriteAnyDatabase'. User can connect via mongo shell and query the db. But not via mongoose.
MongoError: not authorized for query on punch.shops
>> at Object.toError (/var/www/virtual/punch/html/punch/node_modules/mongoose/node_modules/mongodb/lib/mongodb/utils.js:110:11)
>> at /var/www/virtual/punch/html/punch/node_modules/mongoose/node_modules/mongodb/lib/mongodb/cursor.js:634:54
>> at Cursor.close (/var/www/virtual/punch/html/punch/node_modules/mongoose/node_modules/mongodb/lib/mongodb/cursor.js:903:5)
>> at commandHandler (/var/www/virtual/punch/html/punch/node_modules/mongoose/node_modules/mongodb/lib/mongodb/cursor.js:634:21)
>> at /var/www/virtual/punch/html/punch/node_modules/mongoose/node_modules/mongodb/lib/mongodb/db.js:1670:9
>> at Server.Base._callHandler (/var/www/virtual/punch/html/punch/node_modules/mongoose/node_modules/mongodb/lib/mongodb/connection/base.js:382:41)
>> at /var/www/virtual/punch/html/punch/node_modules/mongoose/node_modules/mongodb/lib/mongodb/connection/server.js:472:18
>> at MongoReply.parseBody (/var/www/virtual/punch/html/punch/node_modules/mongoose/node_modules/mongodb/lib/mongodb/responses/mongo_reply.js:68:5)
>> at null.<anonymous> (/var/www/virtual/punch/html/punch/node_modules/mongoose/node_modules/mongodb/lib/mongodb/connection/server.js:430:20)
>> at EventEmitter.emit (events.js:95:17)
>> Exited with code: 8.
frty2
All 25 comments
forget to mention: mongoose 3.7.4
frty2
on 15 Oct 2013
After hours of debugging I found the solution: use the authdb option.
var opt = {
user: config.database.username,
pass: config.database.password,
auth: {
authdb: 'admin'
}
};
var connection = mongoose.createConnection(config.database.host, 'mydatabase', config.database.port, opt);
I am still having this issue. I have used the exact same thing above but with port 10001.
I have a user in admin with readWriteAnyDatabase, dbAdminAnyDatabase, userAdminAnyDatabase, and root.
In the specific/client database the user has readWrite, dbAdmin, userAdmin.
I am using MongoDB 2.6.5 and Mongoose 3.8.17.
I removed the bind_ip in mongod.conf.
Help, I don't know what to do. I have tried everything.
This is the error I am getting:
{ '0': { [MongoError: not authorized for query on mydb.locations] name: 'MongoError' } }
thevinci
on 22 Oct 2014
@thevinci how are you connecting?
vkarpov15
on 29 Oct 2014
For some reason I am able to connect to the admin database and create records with no problems.
This is how I am connecting:
var options = {
user: USER,
pass: PASS,
auth: {
authdb: 'admin'
}
};
var db = mongoose.connect('localhost', 'database', 28017, options);
Yeah when you use authdb it will authenticate with the user in the admin database. Are you sure that user has readWriteAnyDatabase permissions? Can you show me the output of use admin; show users;, minus password hashes of course?
vkarpov15
on 30 Oct 2014
in /etc/mongod.conf, I turned auth on to true.
use admin; show users;
{
"_id" : "admin.root",
"user" : "root",
"db" : "admin",
"roles" : [
{
"role" : "readWriteAnyDatabase",
"db" : "admin"
},
{
"role" : "dbAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "root",
"db" : "admin"
},
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
}
use admin; db.system.users.find() - minus the password hashes
{
"_id": "admin.root",
"user" : "root",
"db" : "admin",
"credentials" : {
"MONGODB-CR" : "HASH"
},
"roles" : [
{
"role" : "readWriteAnyDatabase",
"db" : "admin"
},
{
"role" : "dbAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "root",
"db" : "admin"
},
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
}
{
"_id" : "mydatabase.root",
"user" : "root",
"db" : "mydatabase",
"credentials" : {
"MONGODB-CR" : "HASH"
},
"roles" : [
{
"role" : "readWrite",
"db" : "mydatabase"
},
{
"role" : "dbAdmin",
"db" : "mydatabase"
},
{
"role" : "userAdmin",
"db" : "mydatabase"
}
]
}
Well this is embarrassing, looks like the authdb option doesn't work properly now. We'll fix this ASAP.
vkarpov15
on 3 Nov 2014
Actually, looks like authdb option should work. Can you try connecting using the mongodb URI syntax, that is:
mongoose.connect('mongodb://[USER]:[PASS]@localhost:28017?authSource=admin');
Also, can you double check that you're connecting to the right port and using the right password for the admin.root user?
vkarpov15
on 6 Nov 2014
No response for a while, reopen if this is still an issue.
vkarpov15
on 6 Mar 2015
still an issue. Can connect thru mongo 3.0 shell, but not thru mongoose
johnkors
on 21 Mar 2015
What do your connection options look like @johnkors ?
vkarpov15
on 21 Mar 2015
Not sure what happened, but I rolled back to 3.8.25 and everything worked fine. Not sure how I got an unstable nightly from npm. Now using ^3.8.25
johnkors
on 23 Mar 2015
This is an issue for me using mongoose 4.01 or 4.0.6 I can not connect to Mongo when using authorization. Looking at the mongo logs it appears that the connection is never authenticated
I see authorization for many connections in the mongo log:
[conn30] authenticate db: xxxx { authenticate: 1, user: "xxx", nonce: "xxx", key: "xxx" }
But I never see this authentication message like I do for other connection numbers and it is the failure connection:
[conn44] assertion 13 not authorized for query - connection 44 is never authenticated according to the logs
Turning off auth in mongo config make this problem goes away.
BadLambdaJamma
on 10 Jul 2015
@BadLambdaJamma what do your connection options look like and what auth options are you configuring mongod with?
vkarpov15
on 11 Jul 2015
my apologies, I had a malformed connection string that was still connecting but without auth.
BadLambdaJamma
on 11 Jul 2015
@johnkors - are you still having this problem? We seem to have encountered it too...
srlowe
on 14 Aug 2015
I would assume you have a malformed connection string. To test, connect to a mongo instance that does not require authorization. (and hence you wont pass a username and password and hence your string will be simple and hard to malform). I discovered our problem by single stepping sources.
BadLambdaJamma
on 14 Aug 2015
i got the same prblem with version 4.4.1
here is the connection -
var connection = mongoose.createconnection('mongodb://siteUserAdmin:password@localhost:37017/TestDB?authSource=admin');
and i get the following error:
not authorized for query on TestDB.system.indexes
i can successfully connect through the shell:
mongo --port 37017 -u siteUserAdmin -p password --authenticationDatabase admin
here is the user:
use admin
switched to db admin
show users
{
"_id" : "admin.siteUserAdmin",
"user" : "siteUserAdmin",
"db" : "admin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
}
mongo version is 2.6.9
ddimitrov90
on 4 Feb 2016
Step into sources for the connection string parsing. You will see the issue right away.
BadLambdaJamma
on 4 Feb 2016
@BadLambdaJamma can you please clarify that?
vkarpov15
on 4 Feb 2016
i don't see what is wrong with the uri
i successfully authenticate here
_this.db.authenticate(_this.user, _this.pass, _this.options.auth, function(err) { lib\connection:516
no error and i get a connection and then when i call
var model = connection.model(collectionName, applicationsSchema);
model.ensureIndexes(
i receive the "not authorized for query" error
ddimitrov90
on 5 Feb 2016
@ddimitrov90 does the user that you're logged in with have permission to create indexes? That would explain the issue you're seeing.
vkarpov15
on 5 Feb 2016
@vkarpov15 you were right, the "userAdminAnyDatabase" is basically for managing users, i've created another user with the correct role for read/write access to the database and everything is working as expected
thanks
ddimitrov90
on 6 Feb 2016
Just put ?authSource=admin at the end of the connection url
wayofthefuture
on 13 Dec 2016
Related issues
tarun1793
路
3Comments
p3x-robot
路
3Comments
Soviut
路
3Comments
lukasz-zak
路
3Comments
jeneser
路
3Comments
Most helpful comment
After hours of debugging I found the solution: use the authdb option.