New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use MongoClient.connect() instead of authenticate() if user provides URI to avoid Db.prototype.authenticate deprecated #5304

Closed
glecoz opened this Issue May 28, 2017 · 34 comments

Comments

Projects
None yet
@glecoz

glecoz commented May 28, 2017

I'm using a connection method like :

var Mongoose = require('mongoose');
connectionUrl = mongodb://some_login:some_pwd@some_host:27017/some_db?authSource=admin
Mongoose.connect(connectionUrl); 

... as indicated in the docs, but receiving the following warning on NodeJS console :

Db.prototype.authenticate method will no longer be available 
in the next major release 3.x as MongoDB 3.6 will only allow auth 
against users in the admin db and will no longer allow multiple credentials on a socket. 
Please authenticate using MongoClient.connect with auth credentials.

Connection with database succeeded.

(I get an authentication failure if I omit ?authSource=admin)

Is this normal at this stage (do we need to wait for a next mongoose release ?),
or what should I change from now ?

Versions :

Node : 7.10.0
Mongoose : 4.10.3
MongoDB : 3.4

Thank you.

@wellcaffeinated

This comment has been minimized.

Show comment
Hide comment
@wellcaffeinated

wellcaffeinated commented May 28, 2017

+1

@monkeymon

This comment has been minimized.

Show comment
Hide comment
@monkeymon

monkeymon commented May 29, 2017

+1

@AussieFlem

This comment has been minimized.

Show comment
Hide comment
@AussieFlem

AussieFlem May 29, 2017

+1
Mac OS X 10.12.5
Node: v7.10.0
Mongoose: 4.10.3
MongoDB v3.4.4

AussieFlem commented May 29, 2017

+1
Mac OS X 10.12.5
Node: v7.10.0
Mongoose: 4.10.3
MongoDB v3.4.4

@cbratschi

This comment has been minimized.

Show comment
Hide comment
@cbratschi

cbratschi commented May 29, 2017

+1

@varunjayaraman

This comment has been minimized.

Show comment
Hide comment
@varunjayaraman

varunjayaraman May 29, 2017

Collaborator

yup looks like it only happens once you actually touch the db to do some operation (like a write):

I created a user in the admin database called gh_5304 (with the same password) and granted the user dbAdminAnyDatabase privileges and then authenticated against that user in the connection string for the gh-5304 table specifying the admin table as the authSource:

const mongoose = require('mongoose');
const co = require('co');
mongoose.Promise = global.Promise;
const GITHUB_ISSUE = `gh-5304`;


exec()
  .then(() => {
    console.log('successfully ran program');
    process.exit(0);
  })
  .catch(error => {
    console.error(`Error: ${ error }\n${ error.stack }`);
  });


function exec() {
  return co(function*() {
    const db = mongoose.connect(`mongodb://gh_5304:gh_5304@localhost:27017/${ GITHUB_ISSUE }?authSource=admin`);

    const schema = new mongoose.Schema({ name: String });

    const Model = db.model('Model', schema);

    const doc = yield Model.create({ name: 'Test' });
  });
}

Log output:

Db.prototype.authenticate method will no longer be available in the next major release 3.x
as MongoDB 3.6 will only allow auth against users in the admin db and will no longer allow
multiple credentials on a socket. Please authenticate using MongoClient.connect with auth c
redentials.
successfully ran program

I'll mark this as a "bug", although tbh I'm not sure what I would describe this as. It's definitely a warning that should be heeded...

Collaborator

varunjayaraman commented May 29, 2017

yup looks like it only happens once you actually touch the db to do some operation (like a write):

I created a user in the admin database called gh_5304 (with the same password) and granted the user dbAdminAnyDatabase privileges and then authenticated against that user in the connection string for the gh-5304 table specifying the admin table as the authSource:

const mongoose = require('mongoose');
const co = require('co');
mongoose.Promise = global.Promise;
const GITHUB_ISSUE = `gh-5304`;


exec()
  .then(() => {
    console.log('successfully ran program');
    process.exit(0);
  })
  .catch(error => {
    console.error(`Error: ${ error }\n${ error.stack }`);
  });


function exec() {
  return co(function*() {
    const db = mongoose.connect(`mongodb://gh_5304:gh_5304@localhost:27017/${ GITHUB_ISSUE }?authSource=admin`);

    const schema = new mongoose.Schema({ name: String });

    const Model = db.model('Model', schema);

    const doc = yield Model.create({ name: 'Test' });
  });
}

Log output:

Db.prototype.authenticate method will no longer be available in the next major release 3.x
as MongoDB 3.6 will only allow auth against users in the admin db and will no longer allow
multiple credentials on a socket. Please authenticate using MongoClient.connect with auth c
redentials.
successfully ran program

I'll mark this as a "bug", although tbh I'm not sure what I would describe this as. It's definitely a warning that should be heeded...

@vkarpov15

This comment has been minimized.

Show comment
Hide comment
@vkarpov15

vkarpov15 May 29, 2017

Collaborator

The authSource issue is expected behavior atm, if you're connecting to some_db and your user is not defined on the some_db database, you need to specify authSource.

Re: the warning, this is something mongoose will have to carefully work around because that is the only way mongoose auth works right now. Even if you specify credentials in MongoClient.connect(), mongoose will still call authenticate() under the hood. The plan right now is to make 4.11 use MongoClient.connect() if you just provide a URI, or fall back to mongoose's internal connection logic if you use host, user, etc.

Collaborator

vkarpov15 commented May 29, 2017

The authSource issue is expected behavior atm, if you're connecting to some_db and your user is not defined on the some_db database, you need to specify authSource.

Re: the warning, this is something mongoose will have to carefully work around because that is the only way mongoose auth works right now. Even if you specify credentials in MongoClient.connect(), mongoose will still call authenticate() under the hood. The plan right now is to make 4.11 use MongoClient.connect() if you just provide a URI, or fall back to mongoose's internal connection logic if you use host, user, etc.

@vkarpov15 vkarpov15 changed the title from Warning on connection : Db.prototype.authenticate deprecated to Use MongoClient.connect() instead of authenticate() if user provides URI to avoid Db.prototype.authenticate deprecated May 29, 2017

@vkarpov15 vkarpov15 modified the milestones: 4.11, 4.10.4 May 29, 2017

@vkarpov15

This comment has been minimized.

Show comment
Hide comment
@vkarpov15

vkarpov15 May 29, 2017

Collaborator

Until 4.11, I wouldn't worry about this warning. To the best of my knowledge, MongoDB 3.6 and MongoDB driver 3.0 are unlikely to be released until much later this year and these changes will not require any end user changes.

Collaborator

vkarpov15 commented May 29, 2017

Until 4.11, I wouldn't worry about this warning. To the best of my knowledge, MongoDB 3.6 and MongoDB driver 3.0 are unlikely to be released until much later this year and these changes will not require any end user changes.

@glecoz

This comment has been minimized.

Show comment
Hide comment
@glecoz

glecoz May 29, 2017

Thanks @varunjayaraman @vkarpov15 for your detailed answers ;)

glecoz commented May 29, 2017

Thanks @varunjayaraman @vkarpov15 for your detailed answers ;)

@JonathanBristow

This comment has been minimized.

Show comment
Hide comment
@JonathanBristow

JonathanBristow May 29, 2017

Does anyone know of a way to disable/hide this message? I keep seeing it come up when I spawn a process and it's getting on my nerves! 😅

JonathanBristow commented May 29, 2017

Does anyone know of a way to disable/hide this message? I keep seeing it come up when I spawn a process and it's getting on my nerves! 😅

@pumano

This comment has been minimized.

Show comment
Hide comment
@pumano

pumano May 30, 2017

I have same issue.

pumano commented May 30, 2017

I have same issue.

@vipinshar

This comment has been minimized.

Show comment
Hide comment
@vipinshar

vipinshar May 30, 2017

I have also same issue. I don't know should i use mongoose or not.

vipinshar commented May 30, 2017

I have also same issue. I don't know should i use mongoose or not.

@GuidoNebiolo

This comment has been minimized.

Show comment
Hide comment
@GuidoNebiolo

GuidoNebiolo commented May 30, 2017

+1

@omidmaldar

This comment has been minimized.

Show comment
Hide comment
@omidmaldar

omidmaldar May 31, 2017

the same issue here

omidmaldar commented May 31, 2017

the same issue here

@jeanmw

This comment has been minimized.

Show comment
Hide comment
@jeanmw

jeanmw commented May 31, 2017

+1

@rvillane

This comment has been minimized.

Show comment
Hide comment
@rvillane

rvillane May 31, 2017

+1
Mongoose: 4.10.3
MongoDB v3.4

rvillane commented May 31, 2017

+1
Mongoose: 4.10.3
MongoDB v3.4

@varunjayaraman

This comment has been minimized.

Show comment
Hide comment
@varunjayaraman

varunjayaraman May 31, 2017

Collaborator

if you want to turn off warnings from the mongodb driver until 4.11, you can try using the steps here and use the underlying client from mongoose to set the logger:

http://mongodb.github.io/node-mongodb-native/2.2/reference/management/logging/

otherwise you will be fine and the problem should be resolved in 4.11

Collaborator

varunjayaraman commented May 31, 2017

if you want to turn off warnings from the mongodb driver until 4.11, you can try using the steps here and use the underlying client from mongoose to set the logger:

http://mongodb.github.io/node-mongodb-native/2.2/reference/management/logging/

otherwise you will be fine and the problem should be resolved in 4.11

@guimafx

This comment has been minimized.

Show comment
Hide comment
@guimafx

guimafx commented Jun 1, 2017

+1

@msaiganesh

This comment has been minimized.

Show comment
Hide comment
@msaiganesh

msaiganesh Jun 2, 2017

const mongoose = require('mongoose');
var db = mongoose.connect("mongodb://saiganesh:saiganesh6997@ds161121.mlab.com:61121/tester");

var Scheme = mongoose.Schema({
title: String,
author: String,
body: String,
comments: [{ body: String, date: Date }],
date: { type: Date, default: Date.now },
hidden: Boolean,
meta: {
votes: Number,
favs: Number
}
});
module.exports = db.model('mongodb', Scheme);

var BlogPost = require("./models/mongodb.js");

//create new model
var post = new BlogPost({title: "My first post", author: "saiganesh",
body: "We want to make documentation obsolete"});

post.save(function (err) {
if (err) {
return err;
}
else {
console.log("Post saved");
}
});

error:

 node .\index.js(node:2604) DeprecationWarning: Mongoose: mpromise (mongoose's de
fault promise library) is deprecated, plug in your own promise library instead: http://mongoosejs.com/docs/promises.html
Db.prototype.authenticate method will no longer be available in the next major release 3.x as MongoDB 3.6 will only allow auth against users in the admin
 db and will no longer allow multiple credentials on a socket. Please authenticate using MongoClient.connect with auth credentials.
 
events.js:160
      throw er; // Unhandled 'error' event
      ^
MongoError: Authentication failed.
    at Function.MongoError.create (C:\Users\saiganesh\Desktop\socket.io-master\examples\chat\mongoosedb\node_modules\mongodb-core\lib\error.js:31:11)
    at C:\Users\saiganesh\Desktop\socket.io-master\examples\chat\mongoosedb\node_modules\mongodb-core\lib\connection\pool.js:497:72
    at authenticateStragglers (C:\Users\saiganesh\Desktop\socket.io-master\examples\chat\mongoosedb\node_modules\mongodb-core\lib\connection\pool.js:443:
16)
    at Connection.messageHandler (C:\Users\saiganesh\Desktop\socket.io-master\examples\chat\mongoosedb\node_modules\mongodb-core\lib\connection\pool.js:4
77:5)
    at Socket. (C:\Users\saiganesh\Desktop\socket.io-master\examples\chat\mongoosedb\node_modules\mongodb-core\lib\connection\connection.js:32
1:22)
    at emitOne (events.js:96:13)
    at Socket.emit (events.js:188:7)
    at readableAddChunk (_stream_readable.js:176:18)
    at Socket.Readable.push (_stream_readable.js:134:10)
    at TCP.onread (net.js:548:20)

msaiganesh commented Jun 2, 2017

const mongoose = require('mongoose');
var db = mongoose.connect("mongodb://saiganesh:saiganesh6997@ds161121.mlab.com:61121/tester");

var Scheme = mongoose.Schema({
title: String,
author: String,
body: String,
comments: [{ body: String, date: Date }],
date: { type: Date, default: Date.now },
hidden: Boolean,
meta: {
votes: Number,
favs: Number
}
});
module.exports = db.model('mongodb', Scheme);

var BlogPost = require("./models/mongodb.js");

//create new model
var post = new BlogPost({title: "My first post", author: "saiganesh",
body: "We want to make documentation obsolete"});

post.save(function (err) {
if (err) {
return err;
}
else {
console.log("Post saved");
}
});

error:

 node .\index.js(node:2604) DeprecationWarning: Mongoose: mpromise (mongoose's de
fault promise library) is deprecated, plug in your own promise library instead: http://mongoosejs.com/docs/promises.html
Db.prototype.authenticate method will no longer be available in the next major release 3.x as MongoDB 3.6 will only allow auth against users in the admin
 db and will no longer allow multiple credentials on a socket. Please authenticate using MongoClient.connect with auth credentials.
 
events.js:160
      throw er; // Unhandled 'error' event
      ^
MongoError: Authentication failed.
    at Function.MongoError.create (C:\Users\saiganesh\Desktop\socket.io-master\examples\chat\mongoosedb\node_modules\mongodb-core\lib\error.js:31:11)
    at C:\Users\saiganesh\Desktop\socket.io-master\examples\chat\mongoosedb\node_modules\mongodb-core\lib\connection\pool.js:497:72
    at authenticateStragglers (C:\Users\saiganesh\Desktop\socket.io-master\examples\chat\mongoosedb\node_modules\mongodb-core\lib\connection\pool.js:443:
16)
    at Connection.messageHandler (C:\Users\saiganesh\Desktop\socket.io-master\examples\chat\mongoosedb\node_modules\mongodb-core\lib\connection\pool.js:4
77:5)
    at Socket. (C:\Users\saiganesh\Desktop\socket.io-master\examples\chat\mongoosedb\node_modules\mongodb-core\lib\connection\connection.js:32
1:22)
    at emitOne (events.js:96:13)
    at Socket.emit (events.js:188:7)
    at readableAddChunk (_stream_readable.js:176:18)
    at Socket.Readable.push (_stream_readable.js:134:10)
    at TCP.onread (net.js:548:20)

@amand1996

This comment has been minimized.

Show comment
Hide comment
@amand1996

amand1996 Jun 2, 2017

Which MongoDB and Mongoose version shall I use to avoid this error?

amand1996 commented Jun 2, 2017

Which MongoDB and Mongoose version shall I use to avoid this error?

@sensugaz

This comment has been minimized.

Show comment
Hide comment
@sensugaz

sensugaz Jun 3, 2017

this is bug right ?

sensugaz commented Jun 3, 2017

this is bug right ?

@juniormayhe

This comment has been minimized.

Show comment
Hide comment
@juniormayhe

juniormayhe Jun 3, 2017

I am getting the same issue. MongoDB shell version v3.4.2
dependencies in package json: "mongodb": "^2.2.28", "mongoose": "^4.10.4"

juniormayhe commented Jun 3, 2017

I am getting the same issue. MongoDB shell version v3.4.2
dependencies in package json: "mongodb": "^2.2.28", "mongoose": "^4.10.4"

@sensugaz

This comment has been minimized.

Show comment
Hide comment
@sensugaz

sensugaz Jun 3, 2017

"mongoose": "~4.10.2", is work!

sensugaz commented Jun 3, 2017

"mongoose": "~4.10.2", is work!

@juniormayhe

This comment has been minimized.

Show comment
Hide comment
@juniormayhe

juniormayhe Jun 3, 2017

Ok now I have removed node_module folders and changed package.json to use fixed older version "mongoose":"4.10.2". After npm install, the warning message is gone:

├─┬ mongodb@2.2.28 │ └── mongodb-core@2.1.12 └─┬ mongoose@4.10.2 └─┬ mongodb@2.2.26 └── mongodb-core@2.1.10
I am afraid this is not a good approach. There should be compatibility between latest mongoose and mongo softwares

juniormayhe commented Jun 3, 2017

Ok now I have removed node_module folders and changed package.json to use fixed older version "mongoose":"4.10.2". After npm install, the warning message is gone:

├─┬ mongodb@2.2.28 │ └── mongodb-core@2.1.12 └─┬ mongoose@4.10.2 └─┬ mongodb@2.2.26 └── mongodb-core@2.1.10
I am afraid this is not a good approach. There should be compatibility between latest mongoose and mongo softwares

@sensugaz

This comment has been minimized.

Show comment
Hide comment
@sensugaz

sensugaz Jun 4, 2017

Yes, I'm waiting for bug fixes maybe a next version

sensugaz commented Jun 4, 2017

Yes, I'm waiting for bug fixes maybe a next version

@varunjayaraman

This comment has been minimized.

Show comment
Hide comment
@varunjayaraman

varunjayaraman Jun 4, 2017

Collaborator

please do not just comment +1 we have clearly responded to this by stating that it is not a breaking bug, marking the issue as a confirmed-bug, and that you should be fine until mongoose 4.11. It is simply a warning message and I even posted a way to that you could use the mongodb logger to hide the message if you want to mute it. I don't mean to be an ass about it, but the +1 messages simply flood our inboxes, which is particularly annoying when reading the thread would show that the issue has been addressed

Collaborator

varunjayaraman commented Jun 4, 2017

please do not just comment +1 we have clearly responded to this by stating that it is not a breaking bug, marking the issue as a confirmed-bug, and that you should be fine until mongoose 4.11. It is simply a warning message and I even posted a way to that you could use the mongodb logger to hide the message if you want to mute it. I don't mean to be an ass about it, but the +1 messages simply flood our inboxes, which is particularly annoying when reading the thread would show that the issue has been addressed

@varunjayaraman

This comment has been minimized.

Show comment
Hide comment
@varunjayaraman

varunjayaraman Jun 4, 2017

Collaborator

as for your issue @msaiganesh that seams to be a separate issue related to your db authentication. Can you please open up a separate issue?

Collaborator

varunjayaraman commented Jun 4, 2017

as for your issue @msaiganesh that seams to be a separate issue related to your db authentication. Can you please open up a separate issue?

@Robinnnnn

This comment has been minimized.

Show comment
Hide comment
@Robinnnnn

Robinnnnn Jun 6, 2017

+2 (for me and my coworker)

Robinnnnn commented Jun 6, 2017

+2 (for me and my coworker)

@ggwc82

This comment has been minimized.

Show comment
Hide comment
@ggwc82

ggwc82 Jun 7, 2017

"mongoose": "^4.10.4"

I'm getting this error also - I take it it's just a warning message as opposed to a bug, and doesn't prevent me from continuing?

ggwc82 commented Jun 7, 2017

"mongoose": "^4.10.4"

I'm getting this error also - I take it it's just a warning message as opposed to a bug, and doesn't prevent me from continuing?

@denskiz

This comment has been minimized.

Show comment
Hide comment
@denskiz

denskiz Jun 7, 2017

Db.prototype.authenticate method will no longer be available in the next major release 3.x as MongoDB 3.6 will only allow auth against users in the admin db and will no longer allow multiple credentials on a socket. Please authenticate using MongoClient.connect with auth credentials.

I'm trying to connect to mlab database with mongoose. I have tried installing older versions of mongoose.

I keep getting this error when I run npm start on my MEAN app. I can't start the app. Can anyone help?

denskiz commented Jun 7, 2017

Db.prototype.authenticate method will no longer be available in the next major release 3.x as MongoDB 3.6 will only allow auth against users in the admin db and will no longer allow multiple credentials on a socket. Please authenticate using MongoClient.connect with auth credentials.

I'm trying to connect to mlab database with mongoose. I have tried installing older versions of mongoose.

I keep getting this error when I run npm start on my MEAN app. I can't start the app. Can anyone help?

@JonathanBristow

This comment has been minimized.

Show comment
Hide comment
@JonathanBristow

JonathanBristow Jun 8, 2017

Please read the issue in full before sending asking an already answered question and inadvertently sending an email to everyone who has subscribed to updates on this issue.

JonathanBristow commented Jun 8, 2017

Please read the issue in full before sending asking an already answered question and inadvertently sending an email to everyone who has subscribed to updates on this issue.

@wangkangmao

This comment has been minimized.

Show comment
Hide comment
@wangkangmao

wangkangmao Jun 13, 2017

I wonder how you solved it @JonathanBristow

wangkangmao commented Jun 13, 2017

I wonder how you solved it @JonathanBristow

@Thinkdiff

This comment has been minimized.

Show comment
Hide comment
@Thinkdiff

Thinkdiff Jun 17, 2017

Iv read these comments in this page but I still cant fix this problem!! could you check my code?

this is my connection code:

mongoose.Promise = require('bluebird');
mongoose.connect("mongodb://:@cluster0-shard-00-00-xlnqd.mongodb.net:27017,cluster0-shard-00-01-xlnqd.mongodb.net:27017,cluster0-shard-00-02-xlnqd.mongodb.net:27017/?ssl=true&replicaSet=Cluster0-shard-0&authSource=admin", function(err){
if(err){
console.log(err);
} else {
console.log('connected to the database successfuly.');
}
});

and I got this warning:
"Db.prototype.authenticate method will no longer be available in the next
major release 3.x as MongoDB 3.6 will only allow auth against users in the
admin db and will no longer allow multiple credentials on a socket. Please
authenticate using MongoClient.connect with auth credentials."

Thinkdiff commented Jun 17, 2017

Iv read these comments in this page but I still cant fix this problem!! could you check my code?

this is my connection code:

mongoose.Promise = require('bluebird');
mongoose.connect("mongodb://:@cluster0-shard-00-00-xlnqd.mongodb.net:27017,cluster0-shard-00-01-xlnqd.mongodb.net:27017,cluster0-shard-00-02-xlnqd.mongodb.net:27017/?ssl=true&replicaSet=Cluster0-shard-0&authSource=admin", function(err){
if(err){
console.log(err);
} else {
console.log('connected to the database successfuly.');
}
});

and I got this warning:
"Db.prototype.authenticate method will no longer be available in the next
major release 3.x as MongoDB 3.6 will only allow auth against users in the
admin db and will no longer allow multiple credentials on a socket. Please
authenticate using MongoClient.connect with auth credentials."

@vikaspotluri123

This comment has been minimized.

Show comment
Hide comment
@vikaspotluri123

vikaspotluri123 Jun 18, 2017

@Thinkdiff ... it's a warning, not an error. A warning generally indicates something that's not going to break the code. In English: there's nothing structurally wrong, don't worry about it.

vikaspotluri123 commented Jun 18, 2017

@Thinkdiff ... it's a warning, not an error. A warning generally indicates something that's not going to break the code. In English: there's nothing structurally wrong, don't worry about it.

@Automattic Automattic locked and limited conversation to collaborators Jun 20, 2017

@vkarpov15

This comment has been minimized.

Show comment
Hide comment
@vkarpov15

vkarpov15 Jun 20, 2017

Collaborator

I'm locking this issue temporarily to prevent continued spam. There will be an option that will shut off this warning in 4.11, which will be released this week barring any unforeseen delays. There is no way to bypass this warning in 4.10.x. Thank you for your patience.

Collaborator

vkarpov15 commented Jun 20, 2017

I'm locking this issue temporarily to prevent continued spam. There will be an option that will shut off this warning in 4.11, which will be released this week barring any unforeseen delays. There is no way to bypass this warning in 4.10.x. Thank you for your patience.

@vkarpov15 vkarpov15 closed this Jun 25, 2017

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.