[SERVER-24550] Error out when db.createUser() is used with wrong syntax Created: 14/Jun/16  Updated: 08/Jan/24  Resolved: 10/Aug/17

Status: Closed
Project: Core Server
Component/s: Security, Shell
Affects Version/s: None
Fix Version/s: 3.5.12

Type: Improvement Priority: Minor - P4
Reporter: Ben Shteinfeld Assignee: Ben Shteinfeld
Resolution: Done Votes: 0
Labels: neweng
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Participants:

 Description   

mongod 3.2.7 64-bit on Windows 10 x64.

The `createUser()` command creates users that cannot be authenticated (`SCRAM-SHA-1 authentication failed, storedKey mismatch`)

> db.createUser({createUser:"test",pwd:"test",roles:["dbAdmin"]})
Successfully added user: { "createUser" : "test", "roles" : [ "dbAdmin" ] }
>
> db.auth("test","test")
Error: Authentication failed.
0
>

The only way to get the users to authenticate is to subsequently change their password:

> db.createUser({createUser:"test",pwd:"test",roles:["dbAdmin"]})
Successfully added user: { "createUser" : "test", "roles" : [ "dbAdmin" ] }
> db.changeUserPassword("test","test")
>
> db.auth("test","test")
1
>



 Comments   
Comment by Githook User [ 10/Aug/17 ]

Author:

{'name': 'Ben Shteinfeld', 'username': 'bshteinfeld', 'email': 'ben.shteinfeld@mongodb.com'}

Message: SERVER-24550 Error out when db.createUser() is used with wrong syntax
Branch: master
https://github.com/mongodb/mongo/commit/ce09d24a0dd072504854f88d60e7d3457a3b6b4e

Comment by Ramon Fernandez Marina [ 14/Jun/16 ]

Thanks for your report rustyx, I'm able to reproduce this behavior. It is interesting that the user record in system.users looks right, even when created with the wrong syntax.

I'm going to repurpose this ticket as an improvement request to error out when the db.createUser() wrapper is used with the wrong syntax to avoid this confusion.

Regards,
Ramón.

Comment by Rustam Abdullaev [ 14/Jun/16 ]

OK it looks like I entered a wrong command

db.createUser({createUser:"test",pwd:"test",roles:["dbAdmin"]})

Should have been:

db.createUser({user:"test",pwd:"test",roles:["dbAdmin"]})

Now it works. But the question is then - how come createUser() succeeds when "user" is not specified? (for example, if "pwd" is not specified, it fails)

Generated at Thu Feb 08 04:06:40 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.