search

doctrine / mongodb-odm

The Official PHP MongoDB ORM/ODM
https://www.doctrine-project.org/projects/doctrine-mongodb-odm/en/latest/
MIT License
1.09k stars 502 forks source link

Not authorized to execute collMod during schema creation #2402

Closed nikophil closed 2 years ago

nikophil commented 2 years ago

Hello,

BC Break Report

Q A
BC Break yes
Version 2.3.0

Summary

Since we've upgraded to doctrine/mongo-odm 2.3.0 the authSource will always be admin even if another one is provided in the dsn with the authSource param. This leads to "authentication failed" errors.

How to reproduce

try to connect to a database which authentication database has another name than admin

thanks for your work :+1:

malarzm commented 2 years ago

@nikophil are you sure this is because of ODM and not some other library/driver update? Asking because authSource is not used anywhere in the ODM: https://github.com/doctrine/mongodb-odm/search?q=authSource

nikophil commented 2 years ago

Hi @malarzm I'm a sure: I looked for the culprit by dichotomy and found doctrine/mongo-odm:2.3.0:

$ composer info doctrine/mongodb-odm
# results in 2.2.3

$ bin/console doctrine:mongodb:schema:update 
Updated indexes for all classes

$ composer u doctrine/mongodb-odm:2.3.0 
Loading composer repositories with package information
Updating dependencies                                 
Lock file operations: 0 installs, 1 update, 0 removals
  - Upgrading doctrine/mongodb-odm (2.2.3 => 2.3.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 0 installs, 1 update, 0 removals
  - Downloading doctrine/mongodb-odm (2.3.0)
  - Upgrading doctrine/mongodb-odm (2.2.3 => 2.3.0): Extracting archive
Generating autoload files
composer/package-versions-deprecated: Generating version class...
composer/package-versions-deprecated: ...done generating version class

Executing script cache:clear [OK]

$ bin/console doctrine:mongodb:schema:update 
Updated indexes for all classes
not authorized on db to execute command { collMod: "some-collection", validator: [], validationAction: "error", validationLevel: "strict", $db: "db", lsid: { id: UUID("xxxxxxxxxxx") }, $clusterTime: { clusterTime: Timestamp(1640850344, 139), signature: { hash: BinData(0, xxxxxxxx), keyId: xxxxxxxx } } }

maybe, I'm mistaking and the root cause is not authSource parameter, but the error only occurs on a database with authentication database has a name different than admin.

BTW here some extra info: php: 8.0.12 mongo-ext: 1.10.0 mongodb/mongodb: 1.9.0 symfony/ : 5.4. doctrine/mongodb-odm-bundle: 4.3.1

malarzm commented 2 years ago

not authorized on db to execute command { collMod: "some-collection", validator: [], validationAction: "error", validationLevel: "strict", $db: "db", lsid: { id: UUID("xxxxxxxxxxx") }, $clusterTime: { clusterTime: Timestamp(1640850344, 139), signature: { hash: BinData(0, xxxxxxxx), keyId: xxxxxxxx } } }

This query comes from new feature in ODM 2.3 (https://github.com/doctrine/mongodb-odm/pull/2238). Most probably the user you're authenticating with is not authorized to run collMod commands

nikophil commented 2 years ago

thanks for this, I'll ask for a change of the authorization o my user, I'll let you know.

sorry for the misunderstanding about authsource