MongoDB authentication failure

[tashrifbillah]

[tb571@rc-predict-dev subject-id-gen]$ node_modules/yarn/bin/yarn seed
yarn run v1.22.10
$ node scripts/seedDb.js
Trace: MongoError: Authentication failed.
    at MessageStream.messageHandler (/home/tb571/subject-id-gen/node_modules/mongodb/lib/cmap/connection.js:268:20)
    at MessageStream.emit (node:events:394:28)
    at processIncomingData (/home/tb571/subject-id-gen/node_modules/mongodb/lib/cmap/message_stream.js:144:12)
    at MessageStream._write (/home/tb571/subject-id-gen/node_modules/mongodb/lib/cmap/message_stream.js:42:5)
    at writeOrBuffer (node:internal/streams/writable:389:12)
    at _write (node:internal/streams/writable:330:10)
    at MessageStream.Writable.write (node:internal/streams/writable:334:10)
    at Socket.ondata (node:internal/streams/readable:747:22)
    at Socket.emit (node:events:394:28)
    at addChunk (node:internal/streams/readable:312:12) {
  ok: 0,
  code: 18,
  codeName: 'AuthenticationFailed'
}
    at seed (/home/tb571/subject-id-gen/scripts/seedDb.js:50:13)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
error Command failed with exit code 1.

Although the following are correct in .env.local:

# MongoDB database name
MONGODB_DB=idgen

# MongoDB URI with credentials
MONGODB_URI=mongodb://tb571:*****@localhost:27017/idgen?authSource=admin

[blms]

Two possibilities:

1. I think I caused a collision while we were working on the VM at the same time. I ran quit.sh for DPdash as sudo without thinking and it shut down your MongoDB process. I immediately realized the mistake and restarted the process manually with systemctl, but I'm not sure if this may have messed up your configuration. I'm now working on https://github.com/PREDICT-DPACC/dpdash/issues/23 to prevent this from happening in the future.
2. The username and password supplied to the connection URI must be the same as the ones entered here:

> use subjectidgen
> db.createUser({
    user: "<username>",
    pwd: "<password>",
    roles: [
      { role: "readWrite", db: "subjectidgen" },
    ]
  })

Also, I recommend making these different from your Partners username and password. It's just the database access user, used by the app to query the database, so it can be anything. I would recommend a secure random password and a descriptive username, like subjectidgen-access-user.

Before running yarn seed, you should try logging into the mongo shell using your connection URI. If it fails, keep troubleshooting until the connection URI works here, then move on to editing .env.local and running yarn seed.

mongo "mongodb://tb571:*****@localhost:27017/idgen?authSource=admin"

[tashrifbillah]

I don't think there was a collision. Anyway, this fails:

**[tb571@rc-predict-dev subject-id-gen]$ mongo "mongodb://tb571:*****@localhost:27017/idgen?authSource=admin"     MongoDB shell version v4.4.6
connecting to: mongodb://localhost:27017/idgen?authSource=admin&compressors=disabled&gssapiServiceName=mongodb
Error: Authentication failed. :
connect@src/mongo/shell/mongo.js:374:17
@(connect):2:6
exception: connect failed
exiting with code 1
[tb571@rc-predict-dev subject-id-gen]$

But the following succeeds:

[tb571@rc-predict-dev subject-id-gen]$ mongo
> use idgen
switched to db idgen
> db.auth("tb571","*****")
1
>

What are we missing? :)

[blms]

Another idea: try without ?authSource=admin. This param might be only necessary in more secure configurations (e.g. production server), and I can't recall if it required an additional step to enable.

[tashrifbillah]

Thanks Ben. I seem to have been successful. I shall test different functionalities of this website moving forward.

http://rc-predict-dev.partners.org:8070/ (within VPN)

[tashrifbillah]

Functionalities are looking good. I think I should set this line with port number so verification email, site access granting etc. links are generated with port number in it:

http://rc-predict-dev.partners.org:8070/

Currently, all the links are generated against the BASE_URL noted above. I understand I may not need the port number if I use a proxy server configured against a custom URI like http://rc-predict-dev.partners.org/idgen/. Thoughts?

[blms]

Great! Yes, the port number should be included in BASE_URL.

I'm not sure a URI that ends in something like /idgen/ will work because it might break relative URLs in the app. All relative URLs in the app would need to have the prefix appended to them. I would probably put this into an environment variable like URL_PREFIX and then change all relative URLs in code from just url to ${process.env.URL_PREFIX}url.

[tashrifbillah]

I would probably put this into an environment variable like URL_PREFIX and then change all relative URLs in code

I think that would be required because we have only one production VM. I envision both DPdash and subject-id-gen running at that VM under different URIs, https://predict.bwh.harvard.edu/dpdash/ and https://predict.bwh.harvard.edu/idgen/ respectively.

By the way, I remember you did some Nginx config update. Can DPdash serve against non-root URL now e.g. https://predict.bwh.harvard.edu/dpdash/?

[blms]

I think that would be required

OK, I'll make that change here.

By the way, I remember you did some Nginx config update. Can DPdash serve against non-root URL now e.g. https://predict.bwh.harvard.edu/dpdash/?

My Nginx changes would not enable that, but it should be possible by using an Express sub-app. We would just need to create a second app that points all requests to /dpdash to a sub-app, then hook up the existing router to the sub-app. So it will require some code changes as well. We can work on this when the existing PR is completed.

[blms]

@tashrifbillah I've made the change here. Please pull the latest subject-id-gen from this repo and do the following to enable subpage routing:

rm -f next.config.js
cp next.config.js.sample next.config.js

Edit next.config.js to uncomment the line

basePath: '/idgen',

and change it to whatever the subpage is that you want to use.

Then edit .env to change BASE_URL and add NEXT_PUBLIC_BASE_PATH with the appropriate subpage:

# The root URL from which your site is accessed. Used in the formation of links.
BASE_URL=http://rc-predict-dev.partners.org/idgen

## If you wish to serve your app from a subpage rather than the root URL, you must
## define this environment variable as well as appending it to the above.
NEXT_PUBLIC_BASE_PATH=/idgen

You will need to restart the app for it to take effect.

[tashrifbillah]

Thank you for the heavy lifting, Ben. I shall get back here after being done with DPdash.

[tashrifbillah]

I think I should set this line with port number so verification email, site access granting etc. links are generated with port number in it

I confirm that this works with commit https://github.com/PREDICT-DPACC/subject-id-gen/commit/e86806feb56dc073ca5cc85c5b1bdcc1bd9b8203

[tashrifbillah]

Documented in https://github.com/AMP-SCZ/subject-id-gen#server-configuration