MongoDB password with "@" in it

Question

I'm trying to connect to a MongoDB database with a username and password using Mongoose in Node.js. All the docs say that the connection string should look like

  mongodb://username:password@host:port/db

However, the password contains the '@' character in it. How can I make a connection string out of this that mongoose will understand? Can I escape the '@' in the password or is there another method of connecting I have to use?

Nope - doesn't work. Enoding them a %40 doesn't work either. — iZ., Sep 20 '11 at 14:31
I would recommend to change the password to one that does not include @ character. — Sylvain Defresne, Sep 20 '11 at 14:39
@SylvainDefresne There will be no '@' character in the password. Its the format of structuring the URL for connecting MongoDB using Mongoose Connection object.. Please go through this link : http://mongoosejs.com/docs/connections.html — Amol M Kulkarni, Jan 24 '13 at 11:22
@AmolMKulkarni: I know this is the format the mongoose use to specify connection. But the OP wanted to know how he could use a password that contained an '@'? This a password like "p@ssw0rd" (which is a lame password). The url would be "monbgodb://username:p@ssw0rd@host:port/db" which is mis-interpreted by mongoose (ie. it splits at the first @ instead of the last). — Sylvain Defresne, Jan 24 '13 at 12:13
@SylvainDefresne: Thanks for update from your end. Its correct The url would be "monbgodb://username:p@ssw0rd@host:port/db" — Amol M Kulkarni, Jan 24 '13 at 12:43
Got misunderstood by one wrong answer here, which is already downvoted — Amol M Kulkarni, Jan 24 '13 at 13:05
The character `@` in your password need to be encoded in the URL. The encoded `@` character is `%40`. However, the `%` character need to be encoded too. So, if your password is, lets say, `p@ss`, the final encoded password should be `p%2540ss` — Michael Pacheco, Feb 05 '19 at 00:22
@SylvainDefresne how can you change the password in Mongo `Atlas`? — Timo, Sep 01 '22 at 18:46
@SylvainDefresne It is in "add new database user" in "atlas cloud". — Timo, Sep 01 '22 at 18:55

score 192 · Answer 1 · edited Jan 14 '21 at 08:10

192

Use this syntax:

// use %40 for @
mongoClient.connect("mongodb://username:p%40ssword@host:port/dbname?authSource=admin", { 
        useNewUrlParser: true
    }, function(err, db) {

    }
);

edited Jan 14 '21 at 08:10

Lahiru Chandima

22,324
22
103
179

answered Apr 28 '14 at 15:08

Andrey Hohutkin

2,703
1
16
17

15

This answer should get more love, it's really just converting to the @ symbol to %40 that does the trick. – jonezy Jun 29 '15 at 19:40
4

I missed the `{uri_decode_auth: true}` at first glance, but it worked once I noticed that. Thanks. – Mark Rendle Jul 23 '15 at 17:08
1

For noobies, `{uri_decode_auth: true}` should be passed as a separate object if you're in NodeJS and using mongoDB's native driver. – Koushik Shom Choudhury Aug 02 '18 at 15:01
5

the options [uri_decode_auth] is not supported as of driver version 3.1 – toadead Mar 15 '19 at 17:05
It gives the options [uri_decode_auth] is not supported, using mongoose latest – Mohit Sehgal Aug 17 '19 at 17:21
uri_decode_auth option is removed but this solution works without it – Andrey Hohutkin Sep 03 '19 at 19:16
How is it a solution if password can be anything and should not be stored as clear text in code. This answer does not explain how to generally fix the issue - manually search for `@` sign? That code smells – rightaway717 Dec 16 '20 at 07:32
Yes it should work. This is from mongoDB official documentation ```mongodb://myDBReader:D1fficultP%40ssw0rd@mongodb0.example.com:27017/?authSource=admin``` – Muteshi Mar 29 '21 at 10:22
if anyone is wondering escapes are supported in .env – IBXCODECAT Mar 19 '23 at 01:51

score 83 · Answer 2 · edited Feb 23 '18 at 07:27

83

If your password has special characters:

const dbUrl = `mongodb://adminUsername:${encodeURIComponent('adminPassword')}@localhost:27017/mydb`;

edited Feb 23 '18 at 07:27

Jalasem

27,261
3
21
29

answered Jan 19 '18 at 14:09

vanduc1102

5,769
1
46
43

9

This is the answer that should get more love as it fixes the complete problem, not just the very specific use case of the OP. – spikyjt Mar 04 '20 at 11:16
1

This is working great, just for info if someone missed it, you still need to pass {useNewUrlParser: true} as the second argument when connecting using mongoose.connect() – Harnam Singh May 05 '21 at 07:59
1

This should really be the accepted answer as this takes care of the root cause -- special characters within the pass/username require encoding as the mongo connection string uses the URI spec. RFC2396 – prasanthv Jul 14 '21 at 15:00

JohnnyHK · Answer 3 · 2018-07-12T03:39:48.303

31

Use the options parameter of the mongoose.connect call to specify the password instead of including it in the URL string:

mongoose.connect('mongodb://localhost/test',
                 {user: 'username', pass: 'p@ssword'},
                 callback);

edited Jul 12 '18 at 03:39

answered Jan 24 '13 at 13:32

JohnnyHK

305,182
66
621
471

1

I like this approach because typing one more line doesn't hurt. – S. Patel Sep 05 '18 at 20:13

Viet Tran · Answer 4 · 2016-08-25T05:05:00.520

7

Try this one, my friends:

    mongoose.connect("mongodb://localhost:27017/test?authSource=admin",
                     {user: 'viettd', pass: 'abc@123'});

test is my db name
admin is my the db for authenticating
viettd is my username
abc@123 is my password

edited Aug 25 '16 at 05:05

answered Aug 25 '16 at 04:59

Viet Tran

1,173
11
16

score 6 · Answer 5 · edited Nov 14 '18 at 02:50

6

I have also faced the same issue. I have solved by adding encoded password into connection string. And it works just well.

(1) Encode your password from https://www.url-encode-decode.com
(2) Replace your password with encoded one.
(3) It should work well.

For example:
Actual Password: ABCDEX$KrrpvDzRTy`@drf.';3X
Encoded Password: ABCDEX%24KrrpvDzRTy%60%40drf.%27%3B3X

mongodb://user1:ABCDEX%24KprpvDzRTy%60%40drf.%27%3B3X@dstest.com:1234,ds1234-test.com:19889/mongo-dev?replicaSet=rs-ds123546978&ssl=true',

edited Nov 14 '18 at 02:50

Nyambaa

38,988
9
29
35

answered Mar 21 '18 at 11:16

prisan

1,251
12
9

1

not the best advice, to recommend sending the password to an untrusted source... – Guy Dec 23 '19 at 09:08
1

As @guyarad said, you shouldn't expose your database password, and is not suitable if you change passwords regularly. And the reason for this comment is that, you don't need other softwares / sites to do that, `encodeURIComponent()` is the built-in function that can do the job. – 27px Nov 01 '20 at 15:28

score 5 · Answer 6 · answered Sep 27 '16 at 18:06

5

use pwd instead pass, that worked for me for version3.2

mongoose.connect('mongodb://localhost/test',
                 {user: 'username', pwd: 'p@ssword'},
                 callback);

answered Sep 27 '16 at 18:06

AKASH

416
1
7
19

toadead · Answer 7 · 2019-03-15T20:55:02.167

If you use Mongodb native Node.js driver, this is what works for me as of 3.1 driver version. Assume your url doesn't contain auth info.

MongoClient = require('mongodb').MongoClient;
let options = {
    useNewUrlParser: true,
    auth: {
        user: 'your_usr',
        password: 'your_pwd'
    }
};
MongoClient.connect(url, options, callback);

Or if you wanna include auth info in your url, do this:

let url = "mongodb://username:" + encodeURIComponent("p@ssword") + "@localhost:27017/database"

score 3 · Answer 8 · answered Jul 08 '18 at 04:10

None of the solutions mentioned above worked for me. I researched it further and found out that I had to include the useNewUrlParser parameter.

mongoose.connect(db, {
    useNewUrlParser : true
    },
    err => {
    if (err){
        console.error('Error: ' + err)
    }
    else{
        console.log('Connected to MongoDb')
    }
})

From what I understand, you need a specific version of MongoDB in order to use this. For more details, check Avoid “current URL string parser is deprecated” warning by setting useNewUrlParser to true

It is to get rid of the warning but clearly the version also affect the required parameter.

I haven't tested all special characters but it definitely works with '@#$'.

Hope this helps.

score 1 · Answer 9 · answered Jan 12 '17 at 08:38

1

sometimes you need to connect to the DB using other tools that accept string only as connection string. so just change the @ sign with %40

answered Jan 12 '17 at 08:38

dang

1,549
1
20
25

for example (dont worry dummy user and pass) change this: mongodb://kipkip:Nolalola22@@ds031223.mlab.com:3d223/mishlo to: mongodb://kipkip:Nolalola22%40@ds031223.mlab.com:3d223/mishlo – dang Jan 12 '17 at 08:39

score 1 · Answer 10 · edited Apr 10 '22 at 13:18

Also, if your password contains a percentage, %, Because the percent ("%") character serves as the indicator for percent-encoded octets, it must be percent-encoded as "%25" for that octet to be used as data within a URI

for example, if your password is John%Doe, the new transformed password will be John%25Doe or If password is Paul%20Wait, New Password will be Paul%2520Wait

mongoClient.connect("mongodb://username:John%25Doe@host:port/dbname", function(err, db) {
// password is John%Doe
    }`enter code here`
);

score 0 · Answer 11 · answered Sep 25 '18 at 19:58

This solution requires an extra dependency, but it was what finally worked for me.

Add mongodb-uri to your project and the following lines to your code:

const mongoose = require('mongoose')
const mongodbUri = require('mongodb-uri')
let mongooseUri = mongodbUri.formatMongoose(config.mongo.uri)
mongoose.connect(mongooseUri, config.mongo.options)

I found this suggestion in mongoose's GitHub issue #6044.

score 0 · Answer 12 · edited Jun 11 '20 at 20:43

0

Use this,

mongoose.connect(process.env.MONGO_URI, { useNewUrlParser: true}).then(()=>console.log("DB connected"));

edited Jun 11 '20 at 20:43

David Buck

3,752
35
31
35

answered Jun 11 '20 at 20:01

vrashank rao

1

score 0 · Answer 13 · edited Oct 07 '21 at 13:28

0

If the username or password includes the at sign @, colon :, slash /, or the percent sign % character, use percent encoding.

Mongo Docs: https://docs.mongodb.com/manual/reference/connection-string/

edited Oct 07 '21 at 13:28

Community

1
1

answered Aug 09 '20 at 20:31

Matt M

592
1
5
27

score 0 · Answer 14 · answered Aug 17 '20 at 12:38

I was attempting this in python and I had a similar error. This worked for me.

import pymongo

client = pymongo.MongoClient("mongodb://username:12%40password@ip:27017/sample_db") 
db = client.sample_db
# print the number of documents in a collection
print(db.collection.count())

12%40password represents your password and assumes it has a special character (e.g. @ - represented by %40) - username is your mongodb username , ip - your ip address and sample_db the database under mongodb that you wish to connect to.

this works only for pymongo python. Not in nodeJs. – Andrew May 05 '23 at 15:05 — Andrew, May 05 '23 at 15:05

score 0 · Answer 15 · answered Sep 15 '20 at 02:18

0

This one worked for me

This one is a MongoDB 2020 Update If You're using a separate env file then just add your

mongoose.connect('url',
{
    useNewUrlParser: true, 
    useUnifiedTopology: true 
});

answered Sep 15 '20 at 02:18

crazyCoder

75
1
13

score 0 · Answer 16 · edited Jun 07 '21 at 01:11

Apparently I faced something similar, but I was not able to find any way around it other than avoiding special characters in password. I tried other special characters (^ % &) none of them works with the password in URL string. But the MongoDB doc says only

: / ? # [ ] @

these characters need to be percent-encoded.

I tried encoding most of them in my password combinations, but none of them are working.

MongoDB password with "@" in it

16 Answers16

Linked

Related