Mongodb – Flask mongodb assertion 13 not authorized for query on flask_session.sessions

mongodbpythonSecurityUbuntu

Need help resetting mongodb back to its original state.

We have a flask app running with mongodb with authentication turned off. Running on Ubuntu with std Flask. We tried ALL sorts of combinations and now we can't get back to unauthenticated environment (Flask,mongodb). DB is now full of LOTs of data so can't just re-install mongodb. Below are details.

Looking for mongo and config settings. (sorry, this is not a pretty configuration).

FLASK References

The original App.App.config.py had: 

    self.MONGODB_SETTINGS = self.mongo_from_uri(
        'mongodb://localhost:27017/new_db')

the App.App.app.py contains flask_session

    from flask import Flask, session

Was working! We are trying to merge with a component that needs calls mongoDB directly and has mongo authentication turned on. This component collect LOTs of data into its own db documents. To turn on mongodb auth we changed /etc/mongodb.conf & sudo service restart mongodb. We trying to put a flask front end on this.

After normal setup, the Flask App stop working using mongodb with authentication set ON. So we changed MONGO settings in Flask config, per: 

    self.MONGODB_SETTINGS = self.mongo_from_uri(
        'mongodb://uid_user:uid_user_pw@localhost:27017/new_db')
    self.MONGO_USERNAME = 'uid_user'
    self.MONGO_PASSWORD = 'uid_user_pw'

The initial populate_db works. Then runserver fails with the following error:

  File "/venv/lib/python3.6/site-packages/pymongo/message.py", line 944, in unpack_response
    self.raw_response(cursor_id)
  File "/venv/lib/python3.6/site-packages/pymongo/message.py", line 924, in raw_response
    error_object)
pymongo.errors.OperationFailure: database error: not authorized for query on flask_session.sessions [in venv/lib/python3.6/site-packages/werkzeug/_internal.py:88]

The mongodb log also shows

[conn259] assertion 13 not authorized for query on flask_session.sessions ns:flask_session.sessions query:{ id: "session:eyJ1

Have been looking and find nothing to solve this.

FYI… below is App.App.users.models.py

from flask_security import UserMixin, RoleMixin

from mthm_core.models import db, FlaskDocument


class Role(FlaskDocument, RoleMixin):
    name = db.StringField(max_length=80, unique=True)
    description = db.StringField(max_length=255)


class User(FlaskDocument, UserMixin):
    email = db.StringField(max_length=255)
    username = db.StringField(max_length=255)
    password = db.StringField(max_length=255)
    active = db.BooleanField(default=True)
    confirmed_at = db.DateTimeField()
    roles = db.

New 2018.04.28 — I saw in flask-mongoengin that it stated …

To use MongoEngine as your session store simple configure the session interface:

from flask_mongoengine import MongoEngine, MongoEngineSessionInterface

app = Flask(__name__)
db = MongoEngine(app)
app.session_interface = MongoEngineSessionInterface(db)

We are not using MongoEngineSessionInterface… Using 

from flask_session import Session
Session(app)

MONGODB SETTINGS

In /etc/mongodb.conf (2.6.10) we turn off authentication by 

 # Turn on/off security.  Off is currently the default
 noauth = true
 #auth = true

Below is users on mongodb 27017

> show users
{
    "_id" : "admin.uid_admin",
    "user" : "uid_admi",
    "db" : "admin",
    "roles" : [
        {
            "role" : "userAdminAnyDatabase",
            "db" : "admin"
        }
    ]
}
{
    "_id" : "admin.uid_user",
    "user" : "uid_user",
    "db" : "admin",
    "roles" : [
        {
            "role" : "readWrite",
            "db" : "app_db"
        }
    ]
}
{
    "_id" : "admin.backuprestore",
    "user" : "backuprestore",
    "db" : "admin",
    "roles" : [
        {
            "role" : "restore",
            "db" : "admin"
        }
    ]
}

Below is result of showPrivileges

> use admin
1
> db.admin('uid_admin', 'uid_admin_pw')
1
> db.runCommand({connectionStatus: 1, showPrivileges: 1})
{
    "authInfo" : {
        "authenticatedUsers" : [
            {
                "user" : "uid_admin",
                "db" : "admin"
            }
        ]
    },
    "ok" : 1
}
> use prev_db
switched to db prev_db
> db.runCommand({connectionStatus: 1, showPrivileges: 1})
{
    "authInfo" : {
        "authenticatedUsers" : [
            {
                "user" : "uid_user",
                "db" : "admin"
            }
        ]
    },
    "ok" : 1
}

Example Snippet

Copied snippet flask_security.

Runs ok until try to login… problem is create_user() fails with pymongo error… not authorized on flask security. I realize the DB users are all messed up… not sure how to fix? {ie. how to go back to a virgin DB on 27017]?

Here is log:

Traceback (most recent call last):
  File "/venv/lib/python3.6/site-packages/flask/app.py", line 1997, in __call__
    return self.wsgi_app(environ, start_response)
  File "/venv/lib/python3.6/site-packages/flask/app.py", line 1985, in wsgi_app
    response = self.handle_exception(e)
  File "/venv/lib/python3.6/site-packages/flask/app.py", line 1540, in handle_exception
    reraise(exc_type, exc_value, tb)
  File "/venv/lib/python3.6/site-packages/flask/_compat.py", line 33, in reraise
    raise value
  File "/venv/lib/python3.6/site-packages/flask/app.py", line 1982, in wsgi_app
    response = self.full_dispatch_request()
  File "/venv/lib/python3.6/site-packages/flask/app.py", line 1607, in full_dispatch_request
    self.try_trigger_before_first_request_functions()
  File "/venv/lib/python3.6/site-packages/flask/app.py", line 1654, in try_trigger_before_first_request_functions
    func()
  File "/Samples/flask_login/flask_login/app_flask_security.py", line 58, in create_user
    test_role = user_datastore.find_or_create_role('test')
  File "/venv/lib/python3.6/site-packages/flask_security/datastore.py", line 211, in find_or_create_role
    return self.find_role(name) or self.create_role(**kwargs)
  File "/venv/lib/python3.6/site-packages/flask_security/datastore.py", line 325, in find_role
    return self.role_model.objects(name=role).first()
  File "/venv/lib/python3.6/site-packages/mongoengine/queryset/manager.py", line 37, in __get__
    queryset = queryset_class(owner, owner._get_collection())
  File "/venv/lib/python3.6/site-packages/mongoengine/document.py", line 197, in _get_collection
    cls.ensure_indexes()
  File "/venv/lib/python3.6/site-packages/mongoengine/document.py", line 877, in ensure_indexes
    collection.create_index(fields, background=background, **opts)
  File "/venv/lib/python3.6/site-packages/pymongo/collection.py", line 1754, in create_index
    self.__create_index(keys, kwargs, session, **cmd_options)
  File "/venv/lib/python3.6/site-packages/pymongo/collection.py", line 1656, in __create_index
    session=session)
  File "/venv/lib/python3.6/site-packages/pymongo/collection.py", line 245, in _command
    retryable_write=retryable_write)
  File "/venv/lib/python3.6/site-packages/pymongo/pool.py", line 517, in command
    collation=collation)
  File "/venv/lib/python3.6/site-packages/pymongo/network.py", line 125, in command
    parse_write_concern_error=parse_write_concern_error)
  File "/venv/lib/python3.6/site-packages/pymongo/helpers.py", line 145, in _check_command_response
    raise OperationFailure(msg % errmsg, code, response)
pymongo.errors.OperationFailure: not authorized on flask_security to execute command { createIndexes: "role", indexes: [ { key: { name: 1 }, background: false, unique: true, sparse: false, name: "name_1" } ] }

Best Answer

pymongo.errors.OperationFailure: not authorized on flask_security to execute command

As per your error log, it seems like that you have authorization issue, as pymongo blog documentation here Can you log in with the user you'd like to use mongo-connector with and show the output of db.runCommand({connectionStatus: 1, showPrivileges: 1}). Be sure not to post your actual username or password if that's sensitive information.

For your further ref here , here and here

Related Question