MongoDB auth related issue in MONGO_URI

Question

MongoDB auth related issue in MONGO_URI

smeng9 opened this issue 2 years ago · comments

Actual Behavior

MONGO_URI's username, password, and authSource in uri are not parsed correctly

https://github.com/pyeve/eve/blob/master/eve/io/mongo/flask_pymongo.py#L76

It uses dbname as authSource, but the authSource should be parsed from options https://pymongo.readthedocs.io/en/stable/api/pymongo/uri_parser.html#pymongo.uri_parser.parse_uri

See URI format https://www.mongodb.com/docs/manual/reference/connection-string/

Environment

Python version: 3.10
Eve version: 2.0

I am willing to open a PR to resolve the issue. Thanks

Nicola Iarocci · Answer 1 · Wed Jul 13 2022 14:11:44 GMT+0800 (China Standard Time)

hi @smeng9 I'll be happy to review your PR

micheloe · Answer 2 · Wed Aug 31 2022 23:31:51 GMT+0800 (China Standard Time)

The same thing happens here when MONGO_DBNAME is different from what is specified in the URI via authSource=. The auth source from the URI gets overwritten by MONGO_DBNAME. Workaround is to not use MONGO_URI at all but use MONGO_HOST, MONGO_PORT & MONGO_AUTH_SOURCE with MONGO_USERNAME and MONGO_PASSWORD together with MONGO_DBNAME

Rafał · Answer 3 · Sat Sep 03 2022 04:18:37 GMT+0800 (China Standard Time)

Hello All,

I'm using Atlas free and it requires srv in URI. Since there is a problem with URI in Eve, how can I stop using URI? Where should I put srv without the URI?

Thanks!

Rafał · Answer 4 · Sat Sep 03 2022 04:28:33 GMT+0800 (China Standard Time)

I've ran into this issue today when learning Eve.

Eve changes authSource from default admin to eve. I've ran debugger and check step-by-step what is the difference between connecting with bare pymongo and connecting with Eve. There is only one difference: source set to eve. ~~I don't know how it is being set. It is not set by my code and there is no authSource="eve" in Eve sources~~ [1]. Eve changes connection parameters in a way it can no longer authenticate. There is no hint in the documentation that setting authSource in URI does not work.

URI below works without problems when using pymongo:

mongodb+srv://myName:myPassword@cluster.abcd123.mongodb.net/?authSource=admin

But Eve changes it under the hood to:

mongodb+srv://myName:myPassword@cluster.abcd123.mongodb.net/?authSource=eve

Edit:
[1] I found it is being set from __package__ variable value.

I've made some changes to make this comment look less offensive. Sorry guys for my bad attitude yesterday. I really appreciate this project and your hard work.

micheloe · Answer 5 · Sat Sep 03 2022 04:35:45 GMT+0800 (China Standard Time)

Hi, I don’t think this is at all possible without using the URI method and in your case will require a fix in the current code. Honestly I don’t understand why, if one is using the URI method, the code is trying to read info from the variables other than DBNAME, which is the only one that cannot be provided via the URI. I.e. if someone wants / needs to use the URI method then require them to specify all the options via the URI, apart from the DBNAME. This has always been confusing me from day one. Otherwise just let the code only read the MONGO_* settings if they are absent in the URI and only then expand the connection info kwargs with these settings. This will not be backwards compatible but then again so isn’t the current state of 2.x. With kind regards, Michel Op vr 2 sep. 2022 om 22:18 schreef rafrafek ***@***.***>

…

How can I stop using URI when using Atlas free? I need srv in my URI, where should I put "srv" without URI? — Reply to this email directly, view it on GitHub <#1478 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AF5I3ILV4E2T4YQQJU6MVWLV4JOKPANCNFSM53M5LJ3Q> . You are receiving this because you commented.Message ID: ***@***.***>

Rafał · Answer 6 · Sat Sep 03 2022 05:24:16 GMT+0800 (China Standard Time)

I have an idea that maybe we could inject MongoClient instance into Eve. In that way we can move responsibility of handling mongodb connection from Eve to pymongo. It would fix this issue and perhaps prevent other connection issues in the future.

It could be used in settings.py like this:

from pymongo import MongoClient

MONGO_CLIENT = MongoClient("mongodb+srv://...")

Nicola Iarocci · Answer 7 · Sat Sep 03 2022 14:34:50 GMT+0800 (China Standard Time)

Hi all, I just merged #1482. Can you please check current master and confirm if it fixes the problem for you?

Rafał · Answer 8 · Sat Sep 03 2022 19:03:11 GMT+0800 (China Standard Time)

Hello Nicola,

Yes, it fixes the issue immediately. Now I can specify authSource and it is being recognized. The second amazing fact is, I don't need to specify authSource and it is set to admin. I think it is taken from DNS thanks to srv.

It looks like this old issue is resolved. Thanks!

Can somebody paste link to this solution here in discussion from 2018: https://groups.google.com/g/python-eve/c/9eJjCSy7wy0 ?

micheloe · Answer 9 · Tue Oct 11 2022 14:54:31 GMT+0800 (China Standard Time)

FWIW, 1.1.5 should not display this issue so maybe resorting to this version is an option for you rafrafek? Regards, Michel I wasted couple of hours today trying to learn Eve, I don't understand why

…

Eve changes authSource from default admin to eve. I had to run debugger and check step-by-step what is the difference between connecting with bare pymongo and connecting with Eve. There is only one difference: source set to eve. I don't even know how it is being set. There is no place in my code where eve could be typed. There is no authSource="eve" in Eve sources. Why Eve changes connection parameters so it cannot authenticate and there is no documentation that even setting authSource in URI does not work. It works perfectly when using pymongo: ***@***.***/?retryWrites=true&w=majority&authMechanism=DEFAULT&authSource=admin But Eve magically changes it under the hood to: ***@***.***/?retryWrites=true&w=majority&authMechanism=DEFAULT&authSource=eve — Reply to this email directly, view it on GitHub <#1478 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AF5I3INFV2VOE27VE3YL43TV4JPPZANCNFSM53M5LJ3Q> . You are receiving this because you commented.Message ID: ***@***.***>

Rafał · Answer 10 · Tue Oct 11 2022 16:13:32 GMT+0800 (China Standard Time)

@micheloe I don't know if Eve supported srv or authSource taken from URI in the past, but I think the issue is now resolved thanks to #1482 and there is no need to downgrade to 1.1.5.