Mongoose: Use MongoClient.connect() instead of authenticate() if user provides URI to avoid Db.prototype.authenticate deprecated

Created on 28 May 2017  ¬∑  34Comments  ¬∑  Source: Automattic/mongoose

I'm using a connection method like :

var Mongoose = require('mongoose');
connectionUrl = mongodb://some_login:some_pwd@some_host:27017/some_db?authSource=admin
Mongoose.connect(connectionUrl); 

... as indicated in the docs, but receiving the following warning on NodeJS console :

Db.prototype.authenticate method will no longer be available 
in the next major release 3.x as MongoDB 3.6 will only allow auth 
against users in the admin db and will no longer allow multiple credentials on a socket. 
Please authenticate using MongoClient.connect with auth credentials.

Connection with database succeeded.

(I get an authentication failure if I omit ?authSource=admin)

Is this normal at this stage (do we need to wait for a next mongoose release ?),
or what should I change from now ?

Versions :

Node : 7.10.0
Mongoose : 4.10.3
MongoDB : 3.4

Thank you.

confirmed-bug underlying library issue

Most helpful comment

please do not just comment +1 we have clearly responded to this by stating that it is not a breaking bug, marking the issue as a confirmed-bug, and that you should be fine until mongoose 4.11. It is simply a warning message and I even posted a way to that you could use the mongodb logger to hide the message if you want to mute it. I don't mean to be an ass about it, but the +1 messages simply flood our inboxes, which is particularly annoying when reading the thread would show that the issue has been addressed

All 34 comments

+1

+1

+1
Mac OS X 10.12.5
Node: v7.10.0
Mongoose: 4.10.3
MongoDB v3.4.4

+1

yup looks like it only happens once you actually touch the db to do some operation (like a write):

I created a user in the admin database called gh_5304 (with the same password) and granted the user dbAdminAnyDatabase privileges and then authenticated against that user in the connection string for the gh-5304 table specifying the admin table as the authSource:

const mongoose = require('mongoose');
const co = require('co');
mongoose.Promise = global.Promise;
const GITHUB_ISSUE = `gh-5304`;


exec()
  .then(() => {
    console.log('successfully ran program');
    process.exit(0);
  })
  .catch(error => {
    console.error(`Error: ${ error }\n${ error.stack }`);
  });


function exec() {
  return co(function*() {
    const db = mongoose.connect(`mongodb://gh_5304:gh_5304@localhost:27017/${ GITHUB_ISSUE }?authSource=admin`);

    const schema = new mongoose.Schema({ name: String });

    const Model = db.model('Model', schema);

    const doc = yield Model.create({ name: 'Test' });
  });
}

Log output:

Db.prototype.authenticate method will no longer be available in the next major release 3.x
as MongoDB 3.6 will only allow auth against users in the admin db and will no longer allow
multiple credentials on a socket. Please authenticate using MongoClient.connect with auth c
redentials.
successfully ran program

I'll mark this as a "bug", although tbh I'm not sure what I would describe this as. It's definitely a warning that should be heeded...

The authSource issue is expected behavior atm, if you're connecting to some_db and your user is not defined on the some_db database, you need to specify authSource.

Re: the warning, this is something mongoose will have to carefully work around because that is the only way mongoose auth works right now. Even if you specify credentials in MongoClient.connect(), mongoose will still call authenticate() under the hood. The plan right now is to make 4.11 use MongoClient.connect() if you just provide a URI, or fall back to mongoose's internal connection logic if you use host, user, etc.

Until 4.11, I wouldn't worry about this warning. To the best of my knowledge, MongoDB 3.6 and MongoDB driver 3.0 are unlikely to be released until much later this year and these changes will not require any end user changes.

Thanks @varunjayaraman @vkarpov15 for your detailed answers ;)

Does anyone know of a way to disable/hide this message? I keep seeing it come up when I spawn a process and it's getting on my nerves! ūüėÖ

I have same issue.

I have also same issue. I don't know should i use mongoose or not.

+1

the same issue here

+1

+1
Mongoose: 4.10.3
MongoDB v3.4

if you want to turn off warnings from the mongodb driver until 4.11, you can try using the steps here and use the underlying client from mongoose to set the logger:

http://mongodb.github.io/node-mongodb-native/2.2/reference/management/logging/

otherwise you will be fine and the problem should be resolved in 4.11

+1

const mongoose = require('mongoose');
var db = mongoose.connect("mongodb://saiganesh:[email protected]:61121/tester");

var Scheme = mongoose.Schema({
title: String,
author: String,
body: String,
comments: [{ body: String, date: Date }],
date: { type: Date, default: Date.now },
hidden: Boolean,
meta: {
votes: Number,
favs: Number
}
});
module.exports = db.model('mongodb', Scheme);

var BlogPost = require("./models/mongodb.js");

//create new model
var post = new BlogPost({title: "My first post", author: "saiganesh",
body: "We want to make documentation obsolete"});

post.save(function (err) {
if (err) {
return err;
}
else {
console.log("Post saved");
}
});

error:

 node .index.js(node:2604) DeprecationWarning: Mongoose: mpromise (mongoose's de
fault promise library) is deprecated, plug in your own promise library instead: http://mongoosejs.com/docs/promises.html
Db.prototype.authenticate method will no longer be available in the next major release 3.x as MongoDB 3.6 will only allow auth against users in the admin
 db and will no longer allow multiple credentials on a socket. Please authenticate using MongoClient.connect with auth credentials.
 
events.js:160
      throw er; // Unhandled 'error' event
      ^
MongoError: Authentication failed.
    at Function.MongoError.create (C:UserssaiganeshDesktopsocket.io-masterexampleschatmongoosedbnode_modulesmongodb-coreliberror.js:31:11)
    at C:UserssaiganeshDesktopsocket.io-masterexampleschatmongoosedbnode_modulesmongodb-corelibconnectionpool.js:497:72
    at authenticateStragglers (C:UserssaiganeshDesktopsocket.io-masterexampleschatmongoosedbnode_modulesmongodb-corelibconnectionpool.js:443:
16)
    at Connection.messageHandler (C:UserssaiganeshDesktopsocket.io-masterexampleschatmongoosedbnode_modulesmongodb-corelibconnectionpool.js:4
77:5)
    at Socket. (C:UserssaiganeshDesktopsocket.io-masterexampleschatmongoosedbnode_modulesmongodb-corelibconnectionconnection.js:32
1:22)
    at emitOne (events.js:96:13)
    at Socket.emit (events.js:188:7)
    at readableAddChunk (_stream_readable.js:176:18)
    at Socket.Readable.push (_stream_readable.js:134:10)
    at TCP.onread (net.js:548:20)

Which MongoDB and Mongoose version shall I use to avoid this error?

this is bug right ?

I am getting the same issue. MongoDB shell version v3.4.2
dependencies in package json: "mongodb": "^2.2.28", "mongoose": "^4.10.4"

"mongoose": "~4.10.2", is work!

Ok now I have removed node_module folders and changed package.json to use fixed older version "mongoose":"4.10.2". After npm install, the warning message is gone:

‚Ēú‚ĒÄ‚Ē¨ [email protected] ‚Ēā ‚ĒĒ‚ĒÄ‚ĒÄ [email protected] ‚ĒĒ‚ĒÄ‚Ē¨ mong[email protected] ‚ĒĒ‚ĒÄ‚Ē¨ [email protected] ‚ĒĒ‚ĒÄ‚ĒÄ [email protected]
I am afraid this is not a good approach. There should be compatibility between latest mongoose and mongo softwares

Yes, I'm waiting for bug fixes maybe a next version

please do not just comment +1 we have clearly responded to this by stating that it is not a breaking bug, marking the issue as a confirmed-bug, and that you should be fine until mongoose 4.11. It is simply a warning message and I even posted a way to that you could use the mongodb logger to hide the message if you want to mute it. I don't mean to be an ass about it, but the +1 messages simply flood our inboxes, which is particularly annoying when reading the thread would show that the issue has been addressed

as for your issue @msaiganesh that seams to be a separate issue related to your db authentication. Can you please open up a separate issue?

+2 (for me and my coworker)

"mongoose": "^4.10.4"

I'm getting this error also - I take it it's just a warning message as opposed to a bug, and doesn't prevent me from continuing?

Db.prototype.authenticate method will no longer be available in the next major release 3.x as MongoDB 3.6 will only allow auth against users in the admin db and will no longer allow multiple credentials on a socket. Please authenticate using MongoClient.connect with auth credentials.

I'm trying to connect to mlab database with mongoose. I have tried installing older versions of mongoose.

I keep getting this error when I run npm start on my MEAN app. I can't start the app. Can anyone help?

Please read the issue in full before sending asking an already answered question and inadvertently sending an email to everyone who has subscribed to updates on this issue.

I wonder how you solved it @JonathanBristow

Iv read these comments in this page but I still cant fix this problem!! could you check my code?

this is my connection code:

mongoose.Promise = require('bluebird');
mongoose.connect("mongodb://:@cluster0-shard-00-00-xlnqd.mongodb.net:27017,cluster0-shard-00-01-xlnqd.mongodb.net:27017,cluster0-shard-00-02-xlnqd.mongodb.net:27017/?ssl=true&replicaSet=Cluster0-shard-0&authSource=admin", function(err){
if(err){
console.log(err);
} else {
console.log('connected to the database successfuly.');
}
});

and I got this warning:
"Db.prototype.authenticate method will no longer be available in the next
major release 3.x as MongoDB 3.6 will only allow auth against users in the
admin db and will no longer allow multiple credentials on a socket. Please
authenticate using MongoClient.connect with auth credentials."

@thinkdiff ... it's a warning, not an error. A warning generally indicates something that's not going to break the code. In English: there's nothing structurally wrong, don't worry about it.

I'm locking this issue temporarily to prevent continued spam. There will be an option that will shut off this warning in 4.11, which will be released this week barring any unforeseen delays. There is no way to bypass this warning in 4.10.x. Thank you for your patience.

Was this page helpful?
0 / 5 - 0 ratings