Problem with authentication system

Question

Problem with authentication system

syrm opened this issue 12 years ago · comments

Still not ok.
mongodb://admin:adminpassword@localhost:27017/admin?auto_reconnect : OK
mongodb://admin:adminpassword@localhost:27017/otherdatabase?auto_reconnect : auth fails
mongodb://otherdatabase:otherdatabasepassword@localhost:27017/otherdatabase?auto_reconnect : need to login

contra · Answer 1 · Tue Oct 16 2012 22:24:03 GMT+0800 (China Standard Time)

AFAIK this is an issue with mongo core - my pull req has been accepted but hasn't been pushed into master.

Adam Kumpf · Answer 2 · Mon Oct 29 2012 01:17:27 GMT+0800 (China Standard Time)

+1 Smog looks fantastic, but auth seems pretty important for any dataset you actually care about.

I've been trying different ways to authenticate with the database, but no luck (besides directly accessing admin as shown above).

Also a quick suggestions in the meantime: hide the password info in the URL in logs (seeing the password in plaintext gives me the willies).

Could be simple as this

// assume url is something like this
var url = "http://test:1234@localhost:27017/test";

// remove the username and password from the URL and show as placeholders.
var safeurl = url.replace(/(\:\/\/)(.*?)(\@)/, "://user:****@");

console.log(safeurl);
// result is: "http://user:****@localhost:27017/test"

Keep us posted if you have any other thoughts or workarounds! :)

contra · Answer 3 · Mon Oct 29 2012 11:10:33 GMT+0800 (China Standard Time)

@akumpf - That log is for debugging and shouldn't really be there - feel free to remove it and pull req

contra · Answer 4 · Mon Oct 29 2012 11:11:53 GMT+0800 (China Standard Time)

Can you guys check if this issue occurs with https://github.com/kissjs/node-mongoskin ?

Adam Kumpf · Answer 5 · Mon Oct 29 2012 11:17:27 GMT+0800 (China Standard Time)

I think this pull request should take care of the logging issue. (of course you could just kill it instead).

#18

Adam Kumpf · Answer 6 · Mon Oct 29 2012 14:24:45 GMT+0800 (China Standard Time)

Ok. I think I've tracked the login problems down to admin.coffee.

The problem occurs because the script goes forward trying to perform admin operations (like getting the server status and build info) when using a non-admin user.

Returning null for failed data (or some other placeholder?) seems like a simple solution for now. In other words, try to get the admin info as currently built, but don't throw an error upstream on fail.

Additionally curious is that logging in as admin and trying to open a database outside of admin seems to not work and throw an error as well. Looking into this, for a mongo db with authentication, you must authenticate against the "admin" db before you an access other databases and perform admin operations. Adding a couple lines takes care of that, too :)

It's working great for me (trying admin auth, as well as per-database auth), so I'll create a pull request shortly.

Cheers,
Adam

Deleted user · Answer 7 · Fri Jan 04 2013 07:36:50 GMT+0800 (China Standard Time)

This looks great but is virtually useless w/out authentication working.

Fabrizio Moscon · Answer 8 · Thu Mar 21 2013 18:52:36 GMT+0800 (China Standard Time)

Any updates on this?
I wish to connect to a remote DB hosted by MongoLAB/Nodejitsu, I can connect via shell but not with smog... does anybody have a workaround?

contra · Answer 9 · Fri Mar 22 2013 02:26:02 GMT+0800 (China Standard Time)

Not doing any more work on this version - will be doing a full rewrite and this will be fixed in that. Will accept PRs to fix it in the meantime though

Brandon Copley · Answer 10 · Thu Apr 04 2013 03:30:52 GMT+0800 (China Standard Time)

are there any mongo clients like active admin that we can use now?

contra · Answer 11 · Thu Apr 04 2013 06:41:45 GMT+0800 (China Standard Time)

@BrandonCopley - There are a few PHP based ones but I've never used them