CrafterCMS: connecting to MongoDB over SSL for Profile/Social - crafter-cms

How do you configure Crafter Social and Profile to connect to MongoDB over SSL?
On command line I use:
mongo "mongodb://acme:password#mongodb-url:27017/acmesocial?ssl=true&sslCAFile=/etc/ssl/mongodb-dev-server.pem&sslPEMKeyFile=/etc/ssl/mongodb-dev-clients.pem&sslPEMKeyPassword=acme+dev+mongodb+slaves" --verbose

For both Social and Profile we support Mongodb Connection URI configuration details are here: https://docs.mongodb.com/manual/reference/connection-string/
To build a X509 url you need this param in your url ssl=true&?authMechanism=MONGODB-X509 please notice that the username should be The x.509 certificate derived username, e.g. "CN=user, OU=OrgUnit,O=myOrg
The internal MongoClient that is used in Profile/Social is build using this class: http://api.mongodb.com/java/current/com/mongodb/MongoClientURI.html that will create the internally needed MongoCredential.createMongoX509Credential(user);
Here are some URLs that might help you
http://mongodb.github.io/mongo-java-driver/3.0/driver/reference/connecting/authenticating/#x-509
https://www.ibm.com/support/knowledgecenter/SSB23S_1.1.0.13/gtpd5/tmdbssljava.html
https://github.com/mongodb/mongo-java-driver/blob/3770623f7051634daa978c265a3b03fe04fee913/docs/reference/content/driver/tutorials/authentication.md#x509
https://docs.mongodb.com/manual/tutorial/configure-x509-client-authentication/#add-x-509-certificate-subject-as-a-user

Related

auth0 custom DB connection Postgres Connection Error

We are using auth0 for user authentication & authorization, and configured custom DB with postgresDB.
Auth0 account is using node 16 as runtime engine for running custom DB scripts.
Loaded postgres template and modified with required changes.
When testing the script, it was giving error saying postgres.connection is not a function.
The same code works well for other account which have node 12 as runtime.
Any suggestions?
This is common issue when using old version of pg.
Latest pg version supported in Auth0 is 8.7.1
Ref: https://auth0-extensions.github.io/canirequire/#pg
So you can update the statement
require('pg')
to
require('pg#8.7.1')
Also please refere https://node-postgres.com/apis/client for correct way to use the Client from pg.

MongoDB Docker URI does not have hostname, domain name and tld

I am trying to connect to my local MongoDB Database that is on docker with nodejs. My component are:
.env file
MONGODB_USERNAME = 'accountUser'
MONGODB_PASSWORD = 'password'
MONGODB_HOST = 'mongodb'
MONGODB_DATABASE = 'mydb'
Code:
const uri = `mongodb+srv://${process.env.MONGODB_USERNAME}:${process.env.MONGODB_PASSWORD}#${process.env.MONGODB_HOST}/${process.env.MONGODB_DATABASE}?retryWrites=true&w=majority`;
console.log(uri);
const client = new MongoClient(uri);
Console Output
mongodb+srv://accountUser:abc123#mongodb/mydb?retryWrites=true&w=majority
Error
MongoParseError: URI does not have hostname, domain name and tld
What can I be doing wrong?
You are trying to use an SRV URI when you should be using an ordirary URI.
SRV URIs have the additional security requirements on hostnames (that it contains 3 components minimum).
Remove +srv from your URI.
1). Go to the database, click edit password and generate a new password.
2). Go to the database, click edit password and give only characters and numbers.
If the username or password includes the following characters:
: / ? # [ ] #
You should simply replace those characters.
How to connect to MongoDB Atlas from a NestJS Application:
Under Deployment select Databases
Click on your database instance
Next to the name and status of the instance click Connect
Click Connect your application
Under DRIVER select Node.js
Under VERSION select 2.2.12 or later
Copy the full URI including all of the individual nodes and use that to connect instead
As D. SM said earlier you can't use a URI with +srv in it and rolling back the driver version is the only way to get a connection string generated without +srv.

Using AWS DocumentDB with Sail.js configuration

I'm trying to use AWS DocumentDB which is MongoDB compatible but unable successfully connect to the database.
Are there are any additional parameters that I need to pass into Sails.js datastores.js configuration?
Currently, my configs are as following:
adapter: 'sails-mongo',
url: 'mongodb://*****:*****#********.cluster-dasdsasd.us-east-1.docdb.amazonaws.com:27017/?ssl_ca_certs=rds-combined-ca-bundle.pem&replicaSet=rs0',
Looking at Sails, i would suggest disable TLS in DocumentDB[1] and try connecting. I suspect that should fix the issue for you. I am wondering if it is able to find the pem file on you applications path (This part of URL - ?ssl_ca_certs=rds-combined-ca-bundle.pem)
[1] https://docs.aws.amazon.com/documentdb/latest/developerguide/security.encryption.ssl.html

Use truststore & keystore at ClientSSLSecurity method in strong-soap(JavaScript)

I am consuming a SOAP web service from NodeJs application, using strong-soap library. I am able to generate the client from WSDL where I can see all the methods of given SOAP service, I need to pass SSL certificates along with method invocation.
I have given two JKS file (Truststore.jks and Keystore.jks).
Not sure which should go where according to below code snippets?
This is code snippets given by strong-soap github page.
client.setSecurity(new soap.ClientSSLSecurity(
'/path/to/key'
, '/path/to/cert'
, {/*default request options*/}
));
I have modified this using following way -
client.setSecurity(new soap.ClientSSLSecurity(
/certs/keystore.jks'
, '/certs/truststore.jks'
, {/*default request options*/}
));
Getting “tunneling socket could not be established, statusCode=503”.
Not sure, which JKS file should be used for what?
Which one is key and which one is cert?

Authentication error when connecting to specific mongodb database

I am currently using nodejs with mongodb native driver. So my mongodb has been set with admin auth with root role, so I can log in using robomongo or command line just fine. So back to my project, I m able to connect to mongodb just fine if i set my connection string:
mongodb://admin:password#localhost:27017/
However, if I use this connection string:
mongodb://admin:password#localhost:27017/specificdb
It return as:
MongoError: Authentication failed
I am able to access the db using command and robomongo, is there anything I can do? I have added the admin user under the db, but still got the same problem.
The database you specify is the one you authenticate on. If the user is not known/has no roles for that database it cannot authenticate to it.
https://docs.mongodb.com/manual/reference/connection-string/
What you can do is either create the (or a new) user for that database or use an authentication database parameter.
this worked for me :
first solution on connection :
mongoose.connect('mongodb://....', {
// add this line
authSource:"admin",
....
})
or second solution add to the uri "?authSource=admin" :
mongodb://user:password#host/yourDB?authSource=admin
** to note that I am using mongoose and this is the documentation specefic statement and the url :
authSource - The database to use when authenticating with user and pass. In MongoDB, users are scoped to a database. If you are getting an unexpected login failure, you may need to set this option.
https://mongoosejs.com/docs/connections.html#options

Resources