Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MongoDB user authorization - how-to #1168

mohierf opened this issue Jun 28, 2018 · 10 comments

MongoDB user authorization - how-to #1168

mohierf opened this issue Jun 28, 2018 · 10 comments


Copy link

@mohierf mohierf commented Jun 28, 2018

Expected Behavior

Configuring MONGO_* settings with user authorization should not raise an error if the database does not exist.

First step, configure mongodb

I set-up a recent mongodb instance locally and I create an administrator user:

use admin
    user: "alignak",
    pwd: "alignak",
    roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]

I configure mongo in authorization mode and restart the server:

   sudo vi /etc/mongod.conf
         authorization: enabled

   # Restart mongo
   sudo systemctl restart mongod.service

As of now, I always need to authenticate for any operation on the databases

$ mongo
   > show dbs
   > # Raises an Unauthorized error!
   > db.auth("alignak", "alignak" )
   > show dbs
   admin   0.000GB
   config  0.000GB
   local   0.000GB

Second step, configure my REST Eve backend:

My configuration file MONGO part

  "MONGO_URI": "mongodb://alignak:alignak@localhost:27017/admin",
  "MONGO_HOST": "localhost",
  "MONGO_PORT": 27017,
  "MONGO_DBNAME": "alignak",
  "MONGO_USERNAME": "alignak",
  "MONGO_PASSWORD": "alignak",

Note: it is a JSON file that is transformed to a python dict...
Also note: that I checked that the same configuration without any authorization is fully functional.

Actual Behavior

Tell us what happens instead.

MongoDB connection string: mongodb://alignak:alignak@localhost:27017/admin
Traceback (most recent call last):
  File "/usr/local/bin/alignak-backend", line 9, in <module>
    load_entry_point('alignak-backend==1.4.11', 'console_scripts', 'alignak-backend')()
  File "/usr/lib/python2.7/dist-packages/pkg_resources/", line 542, in load_entry_point
    return get_distribution(dist).load_entry_point(group, name)
  File "/usr/lib/python2.7/dist-packages/pkg_resources/", line 2569, in load_entry_point
    return ep.load()
  File "/usr/lib/python2.7/dist-packages/pkg_resources/", line 2229, in load
    return self.resolve()
  File "/usr/lib/python2.7/dist-packages/pkg_resources/", line 2235, in resolve
    module = __import__(self.module_name, fromlist=['__name__'], level=0)
  File "/usr/local/lib/python2.7/dist-packages/alignak_backend/", line 8, in <module>
    from import app, manifest
  File "/usr/local/lib/python2.7/dist-packages/alignak_backend/", line 2158, in <module>
  File "/usr/local/lib/python2.7/dist-packages/eve/", line 176, in __init__
    self.register_resource(resource, settings)
  File "/usr/local/lib/python2.7/dist-packages/eve/", line 922, in register_resource
    create_index(self, resource, name, list_of_keys, index_options)
  File "/usr/local/lib/python2.7/dist-packages/eve/io/mongo/", line 969, in create_index
    db =, px).db
  File "/usr/local/lib/python2.7/dist-packages/eve/io/mongo/", line 893, in pymongo
    self.driver[px] = PyMongo(, px)
  File "/usr/local/lib/python2.7/dist-packages/flask_pymongo/", line 97, in __init__
    self.init_app(app, config_prefix)
  File "/usr/local/lib/python2.7/dist-packages/flask_pymongo/", line 283, in init_app
  File "/usr/local/lib/python2.7/dist-packages/pymongo/", line 1274, in authenticate
  File "/usr/local/lib/python2.7/dist-packages/pymongo/", line 614, in _cache_credentials
  File "/usr/local/lib/python2.7/dist-packages/pymongo/", line 688, in authenticate
    auth.authenticate(credentials, self)
  File "/usr/local/lib/python2.7/dist-packages/pymongo/", line 542, in authenticate
    auth_func(credentials, sock_info)
  File "/usr/local/lib/python2.7/dist-packages/pymongo/", line 245, in _authenticate_scram
    res = sock_info.command(source, cmd)
  File "/usr/local/lib/python2.7/dist-packages/pymongo/", line 579, in command
  File "/usr/local/lib/python2.7/dist-packages/pymongo/", line 150, in command
  File "/usr/local/lib/python2.7/dist-packages/pymongo/", line 155, in _check_command_response
    raise OperationFailure(msg % errmsg, code, response)
pymongo.errors.OperationFailure: Authentication failed.

It looks like Eve do not consider the authorization parameters I provided to create the database!

I tried almost every parameters combination, with or whitout MONGO_URI. The only solution I found to start correctly is to remove mongo authorization and then restore once my database is created .with a user that is authorized to use this db ...

Perharps I did something not correctly ... but what I expect is that Eve manages the DB creation by itself 😉


  • Python version: 2.7, 3.5
  • Eve version: 0.7.9
Copy link

@nicolaiarocci nicolaiarocci commented Jul 15, 2018

What happens if you use a db other than admin in your MONGO_URI? Or no db at all?

Copy link

@lemccarthy lemccarthy commented Jul 24, 2018

I'm experiencing the same issue. I have Eve connected to a mongodb replica set, and that was working up until I enabled auth. Now when I altered my URI to include username and password, I get that exact same error. I have tried the exact URI that I give to eve directly on Mongo and it works properly:

I have tried just about every workaround, including using APP.config to set the parameters directly.

Just for kicks, I also tried creating a MongoClient object with the same URI, and it was able to succesfully connect to Mongo, so I think the problem is with eve.


After much struggle, and making use of several options not mentioned directly in the documents, I managed to get it to work, using the following options:

MONGO_HOST = "pod-1.mongo,pod-2.mongo,pod-3.mongo"
MONGO_DBNAME = "my-db"

And making absolutely sure that MONGO_URI was never defined anywhere in the application.

Part of the problem was that the application error was always the same "Authentication Failed", but when I would look at the response.json() from the request I had made, it would have a more informative failure message.

Copy link

@joanitad joanitad commented Jul 31, 2018

I am having the same issue. Trying to use the mongo_srv protocol with eve. I can manually connect to pymongo in my Eve app but I get the same "Authentication Failed' error.
This is a link to a post I just made in google groups:!topic/python-eve/9eJjCSy7wy0
pyMongo version: 3.6

Does that mean I can't currently use the mongo+srv protocol with Eve?

Copy link

@nicolaiarocci nicolaiarocci commented Aug 7, 2018

v0.7.10 pinned the PyMongo dependency, see #1172. Can you guys please let me know if this is still a problem with Eve 0.7.10+?

Copy link

@xibriz xibriz commented Aug 15, 2018

I was experiencing the same problems and added MONGO_AUTH_SOURCE = "admin" and MONGO_REPLICA_SET = "rsname" as @lemccarthy suggested. It works like a charm.

I am running Eve 0.8.

Copy link

@nicolaiarocci nicolaiarocci commented Aug 27, 2018

Thanks, everyone, for looking into it. It would be nice if the docs were updated somehow to account for this scenario. Anyone up for the task?

@nicolaiarocci nicolaiarocci added this to the 0.8.1 milestone Aug 27, 2018
Copy link

@nicolaiarocci nicolaiarocci commented Aug 28, 2018

Actually, the configuration page does list MONGO_AUTH_SOURCE already.

@xibriz was adding MONGO_REPLICA_SET necessary in order for auth to work? Also, are you using MONGO_URI at all?

Copy link

@xibriz xibriz commented Aug 29, 2018

@nicolaiarocci Testet now, MONGO_REPLICA_SET is NOT necessary.

I don't use the MONGO_URI. My settings are:


I only read the Quickstart docs so it would be nice if it was reflected there since it has an example with MONGO_USERNAME and MONGO_PASSWORD:

Copy link

@lidanger lidanger commented Apr 30, 2019

I think MONGO_AUTH_SOURCE = "admin" is actually not the right config. MONGO_AUTH_SOURCE should be the name of the database on which the user can be authenticated.While the description in the document section "Database Interlude" may cause misunderstanding.


Copy link

@nicolaiarocci nicolaiarocci commented Apr 30, 2019

@lidanger Yes, I think you are correct. Feel free to submit a PR I will be happy to review it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
6 participants