eve
eve copied to clipboard
pyeve
MongoDB auth related issue in MONGO_URI
Actual Behavior
MONGO_URI's username, password, and authSource in uri are not parsed correctly
https://github.com/pyeve/eve/blob/master/eve/io/mongo/flask_pymongo.py#L76
It uses dbname as authSource, but the authSource should be parsed from options https://pymongo.readthedocs.io/en/stable/api/pymongo/uri_parser.html#pymongo.uri_parser.parse_uri
See URI format https://www.mongodb.com/docs/manual/reference/connection-string/
Environment
- Python version: 3.10
- Eve version: 2.0
I am willing to open a PR to resolve the issue. Thanks
The same thing happens here when MONGO_DBNAME is different from what is specified in the URI via authSource=. The auth source from the URI gets overwritten by MONGO_DBNAME. Workaround is to not use MONGO_URI at all but use MONGO_HOST, MONGO_PORT & MONGO_AUTH_SOURCE with MONGO_USERNAME and MONGO_PASSWORD together with MONGO_DBNAME
Hello All,
I'm using Atlas free and it requires srv in URI. Since there is a problem with URI in Eve, how can I stop using URI? Where should I put srv without the URI?
Thanks!
I've ran into this issue today when learning Eve.
Eve changes authSource from default admin to eve. I've ran debugger and check step-by-step what is the difference between connecting with bare pymongo and connecting with Eve. There is only one difference: source set to eve. ~~I don't know how it is being set. It is not set by my code and there is no authSource="eve" in Eve sources~~ [1]. Eve changes connection parameters in a way it can no longer authenticate. There is no hint in the documentation that setting authSource in URI does not work.
URI below works without problems when using pymongo:
mongodb+srv://myName:[email protected]/?authSource=admin
But Eve changes it under the hood to:
mongodb+srv://myName:[email protected]/?authSource=eve
Edit:
[1] I found it is being set from __package__ variable value.
I've made some changes to make this comment look less offensive. Sorry guys for my bad attitude yesterday. I really appreciate this project and your hard work.
Hi,
I don’t think this is at all possible without using the URI method and in your case will require a fix in the current code.
Honestly I don’t understand why, if one is using the URI method, the code is trying to read info from the variables other than DBNAME, which is the only one that cannot be provided via the URI. I.e. if someone wants / needs to use the URI method then require them to specify all the options via the URI, apart from the DBNAME. This has always been confusing me from day one.
Otherwise just let the code only read the MONGO_* settings if they are absent in the URI and only then expand the connection info kwargs with these settings.
This will not be backwards compatible but then again so isn’t the current state of 2.x.
With kind regards, Michel
Op vr 2 sep. 2022 om 22:18 schreef rafrafek @.***>
How can I stop using URI when using Atlas free? I need srv in my URI, where should I put "srv" without URI?
— Reply to this email directly, view it on GitHub https://github.com/pyeve/eve/issues/1478#issuecomment-1235865779, or unsubscribe https://github.com/notifications/unsubscribe-auth/AF5I3ILV4E2T4YQQJU6MVWLV4JOKPANCNFSM53M5LJ3Q . You are receiving this because you commented.Message ID: @.***>
I have an idea that maybe we could inject MongoClient instance into Eve. In that way we can move responsibility of handling mongodb connection from Eve to pymongo. It would fix this issue and perhaps prevent other connection issues in the future.
It could be used in settings.py like this:
from pymongo import MongoClient
MONGO_CLIENT = MongoClient("mongodb+srv://...")
Hi all, I just merged #1482. Can you please check current master and confirm if it fixes the problem for you?
Hello Nicola,
Yes, it fixes the issue immediately. Now I can specify authSource and it is being recognized. The second amazing fact is, I don't need to specify authSource and it is set to admin. I think it is taken from DNS thanks to srv.
It looks like this old issue is resolved. Thanks!
Can somebody paste link to this solution here in discussion from 2018: https://groups.google.com/g/python-eve/c/9eJjCSy7wy0 ?
FWIW,
1.1.5 should not display this issue so maybe resorting to this version is an option for you rafrafek?
Regards, Michel
I wasted couple of hours today trying to learn Eve, I don't understand why
Eve changes authSource from default admin to eve. I had to run debugger and check step-by-step what is the difference between connecting with bare pymongo and connecting with Eve. There is only one difference: source set to eve. I don't even know how it is being set. There is no place in my code where eve could be typed. There is no authSource="eve" in Eve sources. Why Eve changes connection parameters so it cannot authenticate and there is no documentation that even setting authSource in URI does not work.
It works perfectly when using pymongo:
@.***/?retryWrites=true&w=majority&authMechanism=DEFAULT&authSource=admin
But Eve magically changes it under the hood to:
@.***/?retryWrites=true&w=majority&authMechanism=DEFAULT&authSource=eve
— Reply to this email directly, view it on GitHub https://github.com/pyeve/eve/issues/1478#issuecomment-1235871962, or unsubscribe https://github.com/notifications/unsubscribe-auth/AF5I3INFV2VOE27VE3YL43TV4JPPZANCNFSM53M5LJ3Q . You are receiving this because you commented.Message ID: @.***>
@micheloe I don't know if Eve supported srv or authSource taken from URI in the past, but I think the issue is now resolved thanks to #1482 and there is no need to downgrade to 1.1.5.