Skip to content

Commit

Permalink
fix: Respect the authsource kwarg for MongoDB connections (openedx#35239
Browse files Browse the repository at this point in the history
)

* fix: Respect the authsource kwarg for MongoDB connections

The changes for upgrading to PyMongo 4.4 introduced an authentication
bug in Mongo connections. The `authSource` parameter was being
hard-coded to use the database being connected to. In Mongo the `admin`
db is typically the source of authentication, so unless the user was
explicitly created in the target db then any attempts to connect would
result in authentication failures.

This restores the behavior of allowing for the lowercased `authsource`
kwarg to be used for the `authSource` connection parameter, while
otherwise respecting the operator's configuration parameters.

* fix: Respect the authsource kwarg for MongoDB connections

The changes for upgrading to PyMongo 4.4 introduced an authentication
bug in Mongo connections. The `authSource` parameter was being
hard-coded to use the database being connected to. In Mongo the `admin`
db is typically the source of authentication, so unless the user was
explicitly created in the target db then any attempts to connect would
result in authentication failures.

This restores the behavior of allowing for the lowercased `authsource`
kwarg to be used for the `authSource` connection parameter, while
otherwise respecting the operator's configuration parameters.
  • Loading branch information
blarghmatey authored and rediris committed Aug 27, 2024
1 parent 1addc86 commit b37cd10
Showing 1 changed file with 6 additions and 3 deletions.
9 changes: 6 additions & 3 deletions xmodule/mongo_utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,11 @@ def connect_to_mongodb(
handles AutoReconnect errors by retrying read operations, since these exceptions
typically indicate a temporary step-down condition for MongoDB.
"""
# If the MongoDB server uses a separate authentication database that should be specified here
auth_source = kwargs.get('authsource', '') or None
# If the MongoDB server uses a separate authentication database that should be specified here.
# Convert the lowercased authsource parameter to the camel-cased authSource expected by MongoClient.
auth_source = db
if auth_source_key := {'authSource', 'authsource'}.intersection(set(kwargs.keys())):
auth_source = kwargs.pop(auth_source_key.pop()) or db

# sanitize a kwarg which may be present and is no longer expected
# AED 2020-03-02 TODO: Remove this when 'auth_source' will no longer exist in kwargs
Expand Down Expand Up @@ -63,7 +66,7 @@ def connect_to_mongodb(
}

if user is not None and password is not None and not db.startswith('test_'):
connection_params.update({'username': user, 'password': password, 'authSource': db})
connection_params.update({'username': user, 'password': password, 'authSource': auth_source})

mongo_conn = pymongo.MongoClient(**connection_params)

Expand Down

0 comments on commit b37cd10

Please sign in to comment.