Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MONGODB-X509 in version 6.0 #11333

Closed
talaikis opened this issue Feb 4, 2022 · 5 comments
Closed

MONGODB-X509 in version 6.0 #11333

talaikis opened this issue Feb 4, 2022 · 5 comments
Labels
docs This issue is due to a mistake or omission in the mongoosejs.com documentation help This issue can likely be resolved in GitHub issues. No bug fixes, features, or docs necessary
Milestone
6.2.9

Comments

@talaikis
Copy link

talaikis commented Feb 4, 2022

Version 6+ stopped working for MONGODB-X509 connections:

credentials must be an object with 'username' and 'password' properties

connecting with

mongoose.connect(uri, {
      tls: true,
      tlsCAFile: ....,
      tlsCertificateKeyFile: ...,
      auth: {
        username: '...'
      },
      authMechanism: 'MONGODB-X509',
      replicaSet: '...'
    })
@Uzlopak
Copy link
Collaborator

Uzlopak commented Feb 4, 2022

When I read the sourcecode it seems, that you should not set a username anyway. So you should remove the username to get it working?!

@talaikis
Copy link
Author

talaikis commented Feb 4, 2022

Yeah, does not work with or without username, same error.

@vkarpov15 vkarpov15 added this to the 6.2.2 milestone Feb 6, 2022
@vkarpov15 vkarpov15 added docs This issue is due to a mistake or omission in the mongoosejs.com documentation help This issue can likely be resolved in GitHub issues. No bug fixes, features, or docs necessary labels Feb 6, 2022
@vkarpov15 vkarpov15 modified the milestones: 6.2.2, 6.2.4 Feb 7, 2022
@vkarpov15 vkarpov15 modified the milestones: 6.2.4, 6.2.6 Feb 24, 2022
@vkarpov15 vkarpov15 modified the milestones: 6.2.6, 6.2.9 Mar 11, 2022
@vkarpov15
Copy link
Collaborator

Looks like the MongoDB node driver team now recommends putting the username in the connection string for X509 auth. Instead of:

mongoose.connect('mongodb://localhost:27017/test', {
      tls: true,
      tlsCAFile: ....,
      tlsCertificateKeyFile: ...,
      auth: {
        username: 'myusername'
      },
      authMechanism: 'MONGODB-X509',
      replicaSet: '...'
    })

Do:

mongoose.connect('mongodb://myusername: localhost:27017/test', {
      tls: true,
      tlsCAFile: ....,
      tlsCertificateKeyFile: ...,
      authMechanism: 'MONGODB-X509',
      replicaSet: '...'
    })

Here's an example in their tests: https://github.com/mongodb/node-mongodb-native/blob/00be68fbc3b6b4b27858969dddbb9c595d5da9c6/test/integration/auth/ssl_x509_connect.test.js#L93-L105

@vkarpov15
Copy link
Collaborator

Fixed by c379073

@talaikis
Copy link
Author

credentials must be an object with 'username' and 'password' properties

That does not solve the problem, because username in X509 is a certificate string, which hardly can be encoded by URI component: Mongoose connection Ac [MongoParseError]: Username contains unescaped characters. Basically it's why it is used in the options body since the version 5.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
docs This issue is due to a mistake or omission in the mongoosejs.com documentation help This issue can likely be resolved in GitHub issues. No bug fixes, features, or docs necessary
Projects
None yet
Milestone
6.2.9
Development

No branches or pull requests
3 participants
@vkarpov15 @Uzlopak @talaikis