pymongo.errors.OperationFailure: Authentication failed.

[davStar]

Dear Mongo community,

I encounter an issue where I work around since several days without finding a solution. I use MongoEngine module in python. I don't if the problem encountered is coming from my mongo docker config or my MongoEngine usage.

pymongo.errors.OperationFailure: Authentication failed., full error: {'ok': 0.0, 'errmsg': 'Authentication failed.', 'code': 18, 'codeName': 'AuthenticationFailed'}

Code Description:

I try to connect via my Flask service:

me.connect('my_db', username='david', password='IloveU', host='mongo', authentication_source='admin', port=27017)

My mongo docker-compose:

version: '3'
services:
    mongodb:
        container_name: mongo
        image: mongo:4.4
        restart: always
        command: [--auth]
        ports:
            - "27017:27017"
        volumes:
            - mongodata:/data/db
            - ./init-mongo.js:/docker-entrypoint-initdb.d/init-mongo.js:ro
        environment: 
            -MONGO_INITDB_ROOT_USERNAME: root
            -MONGO_INITDB_ROOT_PASSWORD: root
            -MONGO_INITDB_DATABASE: admin

My script init-mongo.js :

db.auth('root', 'root')

db = db.getSiblingDB('my_db')

db.createUser({
  user: 'david',
  pwd: 'IloveU',
  roles: [
    {
      role: 'root',
      db: 'admin',
    },
  ],
});

Output provided:

Return via PostMan when I request my API:

Output.pdf

My mongo Docker log output at the intitialization:

mongo              | {"t":{"$date":"2020-08-14T13:20:34.578+00:00"},"s":"I",  "c":"COMMAND",  "id":51803,   "ctx":"conn2","msg":"Slow query","attr":{"type":"command","ns":"my_db.$cmd","appName":"MongoDB Shell","command":{"createUser":"david","pwd":"xxx","roles":[{"role":"root","db":"admin"}],"digestPassword":true,"writeConcern":{"w":"majority","wtimeout":600000.0},"lsid":{"id":{"$uuid":"38b6f974-973c-4110-9ecc-e21ba12192a9"}},"$db":"my_db"},"numYields":0,"reslen":38,"locks":{"ParallelBatchWriterMode":{"acquireCount":{"r":4}},"ReplicationStateTransition":{"acquireCount":{"w":4}},"Global":{"acquireCount":{"w":4}},"Database":{"acquireCount":{"W":4}},"Collection":{"acquireCount":{"r":1,"w":4}},"Mutex":{"acquireCount":{"r":4}}},"flowControl":{"acquireCount":4,"timeAcquiringMicros":186},"writeConcern":{"w":"majority","wtimeout":600000,"provenance":"clientSupplied"},"storage":{},"protocol":"op_msg","durationMillis":223}}
mongo              | Successfully added user: {
mongo              |    "user" : "david",
mongo              |    "roles" : [
mongo              |        {
mongo              |            "role" : "root",
mongo              |            "db" : "admin"
mongo              |        }
mongo              |    ]
mongo              | }
mongo              | {"t":{"$date":"2020-08-14T13:20:34.606+00:00"},"s":"I",  "c":"NETWORK",  "id":22944,   "ctx":"conn2","msg":"connection ended","attr":{"remote":"127.0.0.1:40000","connectionCount":0}}

My mongo Docker log output at when I launch the request via Postman:

mongo              | {"t":{"$date":"2020-08-14T13:21:38.551+00:00"},"s":"I",  "c":"ACCESS",   "id":20251,   "ctx":"conn5","msg":"Supported SASL mechanisms requested for unknown user","attr":{"user":"david@admin"}}
mongo              | {"t":{"$date":"2020-08-14T13:21:38.559+00:00"},"s":"I",  "c":"ACCESS",   "id":20249,   "ctx":"conn5","msg":"Authentication failed","attr":{"mechanism":"SCRAM-SHA-1","principalName":"david","authenticationDatabase":"admin","client":"172.26.0.6:57894","result":"UserNotFound: Could not find user \"david\" for db \"admin\""}}

Thank you for help and support,

[wglambert]

In your compose file shown the variables are typo'd with the - connected to the variable names

environment: 
            -MONGO_INITDB_ROOT_USERNAME: root
            -MONGO_INITDB_ROOT_PASSWORD: root
            -MONGO_INITDB_DATABASE: admin

Looking at your init-mongo.js if you change db.auth('root', 'root') to be db.auth('david', 'root') then you can connect using those user credentials just fine

[davStar]

@wglambert Thank you for your help!! For the typos on docker-compose I can understand. I ve removed the - .

However for the db.auth() script if I can read the doc. , the method expect a db.auth (username , password). In my case David and root are two usernames?!?

Thank you for your clarification.

[yosifkit]

db = db.getSiblingDB('my_db')

db.createUser({
  user: 'david',
  pwd: 'IloveU',
  roles: [
    {
      role: 'root',
      db: 'admin',
    },
  ],
});

This creates the user in the my_db database and not the admin database that the root user is in. So to authenticate as david you would need to use authentication_source='my_db' (--authenticationDatabase on the mongo cli).

Quick test on database without authentication:

$ docker run -d --name mongo mongo
$ docker exec -it mongo mongo
...
> db = db.getSiblingDB('my_db')
my_db
> db.createUser({
...   user: 'david',
...   pwd: 'IloveU',
...   roles: [
...     {
...       role: 'root',
...       db: 'admin',
...     },
...   ],
... });
Successfully added user: {
    "user" : "david",
    "roles" : [
        {
            "role" : "root",
            "db" : "admin"
        }
    ]
}
> db.getUsers()
[
    {
        "_id" : "my_db.david",
        "userId" : UUID("f3636d05-0f33-4d65-8376-69d329d4c025"),
        "user" : "david",
        "db" : "my_db",
        "roles" : [
            {
                "role" : "root",
                "db" : "admin"
            }
        ],
        "mechanisms" : [
            "SCRAM-SHA-1",
            "SCRAM-SHA-256"
        ]
    }
]
> db.getSiblingDB('admin').getUsers();
[ ]

[onadebi]

I faced this same issue. After a lot of searching online and trying different ways, I was able to resolve it by appending the below to my mongo_uri:

authSource=admin

A complete URI would be something like this:

MONGO_URI= mongodb://username:userpass@localhost:27017/Test_DB?authSource=admin&retryWrites=true&w=majority