String connection for mongoDB using mongoose with nodeJS - node.js

Do you why i can't log in with a connetion string like this:
mongodb://root:*****#localhost:27017/Database
But, i can log in with a one like this:
mongodb://root:*****#localhost:27017/
I had an "authentication failed"
Also, i can log in like that:
mongodb://root:*****#localhost:27017/admin
I don't know where i can looking for a solution.
Thank you for your help
I've tried with a database with a name in lowercase but nothing works.

MongoDB uses admin DB for authentication and authorization purposes.
From official MongoDB document on Connection URI,
If specified, the client will attempt to authenticate the user to the
authSource. If authSource is unspecified, the client will attempt to authenticate the user to the defaultauthdb. And if the defaultauthdb is unspecified, to the admin database.
As you are providing username:password#, you are implying the usage of defaultauthdb.
mongodb://root:*****#localhost:27017/admin works because you specified admin as the defaultauthdb
mongodb://root:*****#localhost:27017/ works because defaultauthdb is unspecified. So it is referred to the admin database
mongodb://root:*****#localhost:27017/Database does not work because you are using database other than admin db to perform the auth.

Related

express-validator email normalization

I am using express-validator 6.9.2 for my Nodejs project. But when I used normalizeEmail() in my auth controller one of my test email "t.test#gmail.com" is stored in dB as "ttest#gmail.com".
When I tried to log in to my app using t.test#gmail.com and ttest#gmail.com I was able to log in successfully. But when trying to create a new user with the email ttest#gmail.com. It shows an error email already exists. How can I normalize my email and store as "t.test#gmail.com" in dB?
In the options that you pass your validator you need to set property gmail_remove_dots to false. Here is the documentation.
check('email').normalizeEmail({gmail_remove_dots:false})

How can I protect the loopback explorer by username and password?

I've just started using loopback4 and I would like to protect the /explorer from being public. The user would initially see a page where username and password must be entered. If successful, the user is redirected to /explorer where he can see all API methods (and execute them). If user is not authenticated, accessing the path /explorer would give a response of "Unauthorized". Is there a way to easily implement this?
There is issue talking about a GLOBAL default strategy is enabled for all routes including explorer in https://github.com/strongloop/loopback-next/issues/5758
The way is to specify a global metadata through the options:
this.configure(AuthenticationBindings.COMPONENT).to({
defaultMetadata: {
strategy: 'JWTStrategy'
}
})
this.component(AuthenticationComponent);
registerAuthenticationStrategy(this, JWTAuthenticationStrategy)
But in terms of enabling a single endpoint added by route.get(), it's not supported yet, see code of how explorer is registered. #loopback/authentication retrieves auth strategy name from a controller class or its members, but if the route is not defined in the controller, it can only fall back to the default options, see implementation

Error Message: MongoError: bad auth Authentication failed through URI string

I'm trying to connect to my mongoDB server via the connection string given to me by mongo:
"mongodb+srv://david:password#cluster0-re3gq.mongodb.net/test?retryWrites=true"
In my code I am calling the connection through mongoose like this (obviously putting in my password):
const mongoose = require('mongoose');
const db = 'mongodb+srv://david:<password>#cluster0-re3gq.mongodb.net/test?retryWrites=true'
mongoose
.connect(db, {
useNewUrlParser: true,
useCreateIndex: true
})
.then(() => console.log('MongoDB connected...'))
.catch(err => console.log(err));
When I run the code I am getting the following error
"MongoError: bad auth Authentication failed."
Any ideas of what that could mean?
I had the same problem, and in my case, the answer was as simple as removing the angle brackets "<"and ">" around <password>. I had been trying: my_login_id:<my_password>, when it should have been my_login_id:my_password.
I think you're confused with the mongodb account password and user password.
You should use user password, not account password.
That was the reason of my case.
It happens because your provided password in connection string is wrong and most probably you have mistaken cluster password with your login password, in simple words while connecting with Atlas Cluster we can't use our account password by which we login to the Atlas website. In both case we can reset our cluster password and solve this issue.
To Solve The Issue Follow Below Given Steps
Step 1:- Click Database Access From left Side Navigation of MongoDB Atlas page.
Step 2:- Select your username and and click on the edit button from right side.
Step 3:- Click to change password.
Step 4:- Click update user.
While changing password try to keep password only alphabetical because special characters need encoding.
that's all now you can connect.
Don't use creds in the URI, use like this instead:
mongoose.connect(mongodb+srv://clusterAnything.mongodb.net/test?retryWrites=true&w=majority, { user: process.env.MONGO_USER, pass: process.env.MONGO_PASSWORD, useNewUrlParser: true, useUnifiedTopology: true })
In my case left and right characters are there
like this:
<Password>
so changed to:
Password
Checklist to follow:
1) Make sure you're using the correct password (the DB user password and not the Mongo account).
2) When entering your password, make sure all special characters are URL encoded (for example: p#ssword should be p%40ssword).
3) If you don't remember your password of your DB user - go to Database Access (if you're using Mongo Atlas) -> select your DB user -> edit -> create a new password -> don't forget update to click on 'Update User'.
(!) Security warning: Do not write the password in plain text inside your code - Follow the suggestions given here.
Are you writing your password in the place of <password>? If your aren't, a good practice is to create a environment variable on your operating system and call it using process.env.[your variable]. Ex:
const password = process.env.YOURPASSWORDVARIABLE
const db = 'mongodb+srv://david:'+password+'#cluster0-re3gq.mongodb.net/test?retryWrites=true'
Better yet, you can also put your whole url connection string inside a env variable:
Adding to above answers, the issue seemed to revolve around a wrong Database password input for me, because of a distortion of what i read as my current password from the Atlas menu and what MongoDB Atlas really saved as my current password.
There seems to be a "bug" when using the "Copy" button when choosing a new password.
What helped me was the following:
Open Atlas in the web
Go to "Database Access"
Click "Edit" on the Database user
Choose "Password" for authentication method
Click "Edit Password"
Click "Show" in the password field
Click "Autogenerate Secure Password"
DO NOT press "Copy" button to copy, but use manual selection via mouse and copy the text via right-click of your mouse or keyboard command
Click "Update User" below
Then:
Go through the list of Database users to make sure that no other Database user has the same password you just newly generated.
Now try your Username/Password combination again using this connection string (leaving out the placeholder characters '$' and '[]':
'mongodb+srv://$[username]:$[password]#$[hostlist]/$[database]?retryWrites=true'
I noticed that when I autogenerated a new password by clicking and then clicking the "Copy" button, that the autogenerated password was reset to the old password. Therefore I assumed the new autogenerated password is correct, but in reality it was my old password, which in addition was the same as for another Database user. I could not comprehend that until I clicked "Show" on the password input field.
Not only the password
Check all the fields it could be the password the user or the database. If you misspelt any of these you will have an authentication error.
Go to the database access on the left pane under security:
And in case change the password using edit button. Let's say your password is: P#sW0rd
You can compile the URL using the information contained in the Database Users screen:
client = MongoClient("mongodb+srv://giac:P#sW0rd#cluster0.wjdtk.mongodb.net/testc?retryWrites=true&w=majority")
The other answers did not say that even if you mispell the database name you have a authentication error.
This worked for me
mongoose.connect(
`mongodb+srv://${process.env.MONGO_USER}:${process.env.MONGO_PASS}#cluster0.adv0t.mongodb.net/${process.env.MONGO_DATABASE}?retryWrites=true&w=majority`,
{
useNewUrlParser: true,
useUnifiedTopology: true,
}
);
Create a ".env" file (you need to install dotenv before this ) in the parent directory(if you choose a custom location, add the following in server.js / app.js).
require('dotenv').config({ path: '/custom/path/to/.env' }) //uses custom location
Otherwise, add this in the server.js / app.js (the one that initiates server).
require('dotenv').config() //uses default location
In the ".env" file, define the user, password and database like this
MONGO_USER=uSerName
MONGO_PASS=p#sSW0rd
MONGO_DATABASE=myDatabase
I faced a similar issue, weirdly enough it got resolved when I created a new user in database access. This time though I clicked on autogenerate password. It should not matter but in my case it solved the issue.
I forgot to update the user after generating and copying the password and was wondering why it wasn't working. I saw the update button later. I was not visible to me earlier. lol. Solved the problem.
Database Access => edit user => generate/copy password => update it!
It worked for me.
remember to make sure you have updated it.
Just remove the angle brackets from both sides of your password.
Wrong Answer :
const db = 'mongodb+srv://username:<password>#cluster0-re3gq.mongodb.net/test?retryWrites=true'
Correct Answer :
const db = 'mongodb+srv://username:password#cluster0-re3gq.mongodb.net/test?retryWrites=true'
Finally, it worked for me to used that connection string with a lower grade that NodeJs versions(2.2.12 or later) cluster url. And After that make sure you have to whitelist your current IP Address from Atlas MongoDB. It should display like 0.0.0.0/0 (includes your current IP address) in Network Access section in Atlas MongoDB.
Connect to cluster NodeJs version 2.2.12 or later
And the main issue was where I am storing that connection string url in a constant that part. So initially,I was storing that connection string value in single/double quote but every time I was getting Authentication failure error as it was unable to parse that "Password" value from Atlas mongoDB . So I used backtick (``)instead of single/double quote to store that connection string.
Sample code where I am connecting mongoDB Atlas through a NodeJs application.
const DB_USER = 'your username in atlas mongodb';
const PASSWORD = encodeURIComponent('your password in atlas mongodb');
const url = `mongodb://${DB_USER}:${PASSWORD}#cluster0-shard-00-00.3ytbz.mongodb.net:27017,cluster0-shard-00-01.3ytbz.mongodb.net:27017,cluster0-shard-00-02.3ytbz.mongodb.net:27017/sample-db?ssl=true&replicaSet=atlas-z26ao5-shard-0&authSource=admin&retryWrites=true&w=majority`;
mongoose.connect(url,
{
useNewUrlParser: true,
useUnifiedTopology: true,
useCreateIndex: true,
useFindAndModify: true
})
.then(() => {
console.log('Connected to database !!');
})
.catch((err)=>{
console.log('Connection failed !!'+ err.message);
});
I just had this problem knowing that I was using the correct username, password and DBname.
I tried to change the password for the db user to double check, but it still didn't work.
I then instead created a new user, gave the user admin role, set the password etc, and then used that new user and password (same dbname) for the connection and it worked.
I don't know exactly what the issue was, but hoping it can help some of you save some time :)
After spending almost an hour messing with the URI, changing permissions and configurations and whatnot, I found out I was getting this error message because of a VPN connection I had active. After shutting down the VPN I was able to connect.
So if nothing else works for you, there might be something in your system preventing a connection to be successfully established and mongodb is just responding with bad auth
I had this same challenge but I discovered that making my IP address set to my current IP prevented me from accessing the services. Making the database accessible from anywhere was appropriate to access the database either using mongo shell or mongo compass.
The same problem i faced with mongoDB password authentication failed.
"Error: bad auth Authentication failed."
As per Pawan's suggestion given above i replaced my login password in MONGO_URI link with database password and it works. be sure to check that one also.
If you not generated the generate new one or if created earlier then replace with new one.
In my case, my password was wrong, to diagnostic the error, I have been follow the next steps:
I have to try connection by command line:
Whit this command: mongo "mongodb+srv://cluster0-j8ods.mongodb.net/test" --username :
The response was again: 2020-04-26T11:48:27.641-0500 E QUERY [js] Error: bad auth Authentication failed. :
then I'm change the password for my user, in my case, root user. and thats it, I'm authorized
mongodb+srv://jehat123:<password>#jehatarmancdeniz-x2yf7.mongodb.net/question-answer?retryWrites=true&w=majority
Delete all of password part
Use like this:
mongodb+srv://jehat123:yourpass#jehatarmancdeniz-x2yf7.mongodb.net/question-answer?retryWrites=true&w=majority
You can also get rid of this error by creating a new database user by going to Database Access from the left side and then go to Add New Database User from right right.
Now create a new username and password, click OK. Now replace this new username and password into the MongoUri.
In My case the above error got resolved by setting password variable directly.
DATABASE = "test"
#PASSWORD = os.environ.get("YOUR_PASSWORD") #This line was causing an error in code
PASSWORD = "YOUR_PASSWORD" # I added directly password variable
client = connect(
DATABASE,
host=f"mongodb+srv://mano:{PASSWORD}#cluster0.e2arj.mongodb.net/?retryWrites=true&w=majority",
alias="default",
)
Changing password worked for me
nB: Not the atlas password
mongodb+srv://david:password#cluster0-re3gq.mongodb.net/test?retryWrites=true
Replace 'password' with the password you registered for the username specified.
Replace 'test' after net with the name of the db you created in collections.
For me it turned out to be, that I had to tab out of the password field on the MongoDB Atlas page. Before clicking "Update User"
Just go to the "MongoDB Users tab" where you will find the user list. Click on edit where you can reset the password. Sometimes resetting the password can resolve the issue.
if you having this issue and learning mongo by official mongo trainings use m001-mongodb-basics as password for your db. And the correct db name is Sandbox (if you followed all steps)
This happened to me recently, I found out if you have updated your Mongo Db Password recently, your older databases will still be using the old password.
You can get around this by adding a new user to your Mongo db account or just use the old password.
Go to Database on the left hand side
click on browse collection
click on Add My Own Data
provide database name and collection name
Again click on database
click on connect ,connect your application
Select node.js
copy the connection string and keep it in your server.js
9)click on database access , edit password, autogenerate password
Copy the password with mouse , click update user
replace in the url string with this password and you are done
First, check your password(regenerate)
if not solved.
please check your MongoDB connect URL
this piece of code is unique,
mongodb+srv://reduxJobBox:<password>#cluster0.b08r8ak.mongodb.net/?retryWrites=true&w=majority

Mongodb Atlas: Error: Username contains an illegal unexpected character

I have created an online account account with MongoDB Atlas. And now I am trying to connect to it. Form the Atlas admin panel, I can retrieve the connection string for my node app.I click at connect and it brings me a modal form where I select "Connect you Application". I select it and then copy the whole connection string proposed.
After that, I apply the connection in my application and I replace on the password placeholder, my real password.(something like:)
await mongoose.connect("mongo://_myusername_:_password__")#cluster0-shard--00-00-neswb.mongodb.net:27017...
But I get the below error:
I cannot understand what is the illegal character here. This is a connection string generated by Mongodb Atlas.
Any help would be greatly appreciated. I have been on this issues from quite some time now.
Thank you!
I solved my problem by added the {useNewUrlParser: true} to my collection payload

Authentication always failing when connecting to MongoDB

I am using node/express
node_modules =
"mongodb": "2.0.33",
"mongoose": "3.8.15",
mongo shell version: 3.0, and mongo 3.0
I'm able to connect to my mongoDB just fine, but if I pass in any authentication parameters, it will fail:
connection error: { [MongoError: auth failed] name: 'MongoError', ok: 0, errmsg: 'auth failed', code: 18 }
The following shows up in the logs when this happens:
2015-06-13T15:10:09.863-0400 I ACCESS [conn8] authenticate db: mydatabase { authenticate: 1, user: "user", nonce: "xxx", key: "xxx" } 2015-06-13T15:10:09.863-0400 I ACCESS [conn8] Failed to authenticate user#mydatabase with mechanism MONGODB-CR: AuthenticationFailed UserNotFound Could not find user user#mydatabase
I've done quite a few patterns to try to get this to work.
Here's what happens when I do the show users command in the mongo shell while on the appropriate database:
{
"_id" : "mydatabase.user",
"user" : "user",
"db" : "mydatabase",
"roles" : [
{
"role" : "readWrite",
"db" : "mydatabase"
}
]
}
Here's my attempt to connect to this particular database while passing in the correct parameters:
mongoose.connect('mongodb://user:password#host:port/mydatabase');
For good measure I also tried passing in an options hash instead of passing the params via uri:
mongoose.connect('mongodb://host:port/mydatabase',{user: 'user',pass: 'password'});
Strangely enough, this works when done from the shell:
mongo mydatabase -u user -p password
so clearly, the credentials are right, and it's lining them up to the correct database, but something about the connection with Mongoose is not working...
Here is the shell command I passed in when creating that user:
db.createUser({
user: "user",
pwd: "password",
roles: [
{ role: "readWrite", db: "mydatabase" }
]
});
I got a success message with this, and I confirmed by calling the show users command when using the mydatabase set
I'm at a real loss here.... Here's some of the prior research I have done that hasn't yet given me success:
Cannot authenticate into mongo, "auth fails"
This answer suggests that it wouldn't be working because authentication happens at a database level, so I'm missing some sort of config option for my mongo instance, however the docs now say that such level authentication is disabled by default, and the docs the answer links to are since deprecated.
MongoDB & Mongoose accessing one database while authenticating against another (NodeJS, Mongoose)
uses older version of Mongo that still have addUser
On top of that, I don't see why that would work given it suggests I add a parameter to the 'auth' options that isn't listed in the documentation:
http://mongodb.github.io/node-mongodb-native/api-generated/db.html#authenticate
http://mongoosejs.com/docs/connections.html
Basically what I'm trying now, but isn't working.
authenticate user with mongoose + express.js
I've tried a number of answers that involved doing something of this sort, that gave me the same error. Also, I'd rather avoid these type of solutions that require +80 lines of code to authenticate for now. I just want to get basic authentication down first.
You mentioned that you are using MongoDB 3.0. In MongoDB 3.0, it now supports multiple authentication mechanisms.
MongoDB Challenge and Response (SCRAM-SHA-1) - default in 3.0
MongoDB Challenge and Response (MONGODB-CR) - previous default (< 3.0)
If you started with a new 3.0 database with new users created, they would have been created using SCRAM-SHA-1.
So you will need a driver capable of that authentication:
http://docs.mongodb.org/manual/release-notes/3.0-scram/#considerations-scram-sha-1-drivers
If you had a database upgraded from 2.x with existing user data, they would still be using MONGODB-CR, and the user authentication database would have to be upgraded:
http://docs.mongodb.org/manual/release-notes/3.0-scram/#upgrade-mongodb-cr-to-scram
Specific to your particular environment Mongoose compatibility for that version doesn't appear to support 3.0 due to the MongoDB Node.js driver that is in use (see the compatibility page on the Mongoose site--sorry, can't post more than 2 links currently).
I would suggest you update Mongoose.
Mongo v3.0+:
The db field (outside of the role object) matters here. That is not settable bby passing it into the createUser command afaict.
The way to set it is to type 'use ' before issuing the creatUser command.
Unless you do it that way, the db object inside role may have he correct and intended value, but the auth will still not work.

Resources