4

I am using node/express node_modules = "mongodb": "2.0.33", "mongoose": "3.8.15",

mongo shell version: 3.0, and mongo 3.0

I'm able to connect to my mongoDB just fine, but if I pass in any authentication parameters, it will fail: 

connection error: { [MongoError: auth failed] name: 'MongoError', ok: 0, errmsg: 'auth failed', code: 18 }

The following shows up in the logs when this happens: 

2015-06-13T15:10:09.863-0400 I ACCESS [conn8] authenticate db: mydatabase { authenticate: 1, user: "user", nonce: "xxx", key: "xxx" } 2015-06-13T15:10:09.863-0400 I ACCESS [conn8] Failed to authenticate user@mydatabase with mechanism MONGODB-CR: AuthenticationFailed UserNotFound Could not find user user@mydatabase

I've done quite a few patterns to try to get this to work.

Here's what happens when I do the show users command in the mongo shell while on the appropriate database: 

{
    "_id" : "mydatabase.user",
    "user" : "user",
    "db" : "mydatabase",
    "roles" : [
        {
            "role" : "readWrite",
            "db" : "mydatabase"
        }
    ]
}

Here's my attempt to connect to this particular database while passing in the correct parameters: 

mongoose.connect('mongodb://user:password@host:port/mydatabase');

For good measure I also tried passing in an options hash instead of passing the params via uri: 

mongoose.connect('mongodb://host:port/mydatabase',{user: 'user',pass: 'password'});

Strangely enough, this works when done from the shell: 

mongo mydatabase -u user -p password

so clearly, the credentials are right, and it's lining them up to the correct database, but something about the connection with Mongoose is not working...

Here is the shell command I passed in when creating that user: 

db.createUser({ 
  user: "user",
  pwd: "password",
  roles: [
    { role: "readWrite", db: "mydatabase" }
  ]
});

I got a success message with this, and I confirmed by calling the show users command when using the mydatabase set

I'm at a real loss here.... Here's some of the prior research I have done that hasn't yet given me success:

Cannot authenticate into mongo, "auth fails"

This answer suggests that it wouldn't be working because authentication happens at a database level, so I'm missing some sort of config option for my mongo instance, however the docs now say that such level authentication is disabled by default, and the docs the answer links to are since deprecated.

MongoDB & Mongoose accessing one database while authenticating against another (NodeJS, Mongoose)

uses older version of Mongo that still have addUser On top of that, I don't see why that would work given it suggests I add a parameter to the 'auth' options that isn't listed in the documentation:
http://mongodb.github.io/node-mongodb-native/api-generated/db.html#authenticate

http://mongoosejs.com/docs/connections.html

Basically what I'm trying now, but isn't working.

authenticate user with mongoose + express.js

I've tried a number of answers that involved doing something of this sort, that gave me the same error. Also, I'd rather avoid these type of solutions that require +80 lines of code to authenticate for now. I just want to get basic authentication down first.

Vivek
  • 1,465
  • 14
  • 29
Tony
  • 395
  • 3
  • 10
  • 1
    Did you look at the node/mongo logs on the server? What do they say? – arielf Jun 13 '15 at 19:07
  • 2015-06-13T15:10:09.863-0400 I ACCESS [conn8] authenticate db: mydatabase { authenticate: 1, user: "user", nonce: "xxx", key: "xxx" } 2015-06-13T15:10:09.863-0400 I ACCESS [conn8] Failed to authenticate user@mydatabase with mechanism MONGODB-CR: AuthenticationFailed UserNotFound Could not find user user@mydatabase – Tony Jun 13 '15 at 19:11
  • To reiterate, typing 'use mydatabase' and 'show users' in the shell will show my user is there... – Tony Jun 13 '15 at 19:13
  • So to sum up: 'user' (from a shell) succeeds and 'user@mydatabase' (from mongo API) fails with 'UserNotFound' ? Perhaps therein lies the problem? – arielf Jul 17 '15 at 04:49
  • I have the same problem, this is explanation https://jira.mongodb.org/browse/SERVER-17459 – Sergiy Kozachenko Aug 22 '15 at 12:42
  • Seems like here is solution: downgrade auth schema and recreate users - http://stackoverflow.com/questions/29006887/mongodb-cr-authentication-failed/31476552#31476552 – Sergiy Kozachenko Aug 22 '15 at 12:54
  • Auth may not have been enabled on my mongo instance at the time, I believe this may have been the issue. I'll recreate my setup again and see if that was it- failing that, I will take a look at the other suggestions. \ **edit** In particular, it was a Digital Ocean MEAN stack, so given the same image I should be able to reproduce it and try the suggestions. Thank you. – Tony Aug 27 '15 at 17:57

2 Answers2

3

You mentioned that you are using MongoDB 3.0. In MongoDB 3.0, it now supports multiple authentication mechanisms.

  1. MongoDB Challenge and Response (SCRAM-SHA-1) - default in 3.0
  2. MongoDB Challenge and Response (MONGODB-CR) - previous default (< 3.0)

If you started with a new 3.0 database with new users created, they would have been created using SCRAM-SHA-1.

So you will need a driver capable of that authentication:

http://docs.mongodb.org/manual/release-notes/3.0-scram/#considerations-scram-sha-1-drivers

If you had a database upgraded from 2.x with existing user data, they would still be using MONGODB-CR, and the user authentication database would have to be upgraded:

http://docs.mongodb.org/manual/release-notes/3.0-scram/#upgrade-mongodb-cr-to-scram

Specific to your particular environment Mongoose compatibility for that version doesn't appear to support 3.0 due to the MongoDB Node.js driver that is in use (see the compatibility page on the Mongoose site--sorry, can't post more than 2 links currently).

I would suggest you update Mongoose.

Lee Parayno
  • 396
  • 3
  • 7
0

Mongo v3.0+:

The db field (outside of the role object) matters here. That is not settable bby passing it into the createUser command afaict.

The way to set it is to type 'use ' before issuing the creatUser command.

Unless you do it that way, the db object inside role may have he correct and intended value, but the auth will still not work.

Rondo
  • 3,458
  • 28
  • 26