fix: instruct models not to generate passwords for createDBUser

nirinchev · nirinchev · commit 142b56861a6e · 2025-04-30T12:23:29.000+02:00
diff --git a/src/common/atlas/generatePassword.ts b/src/common/atlas/generatePassword.ts
@@ -0,0 +1,10 @@
+import { randomBytes } from "crypto";
+import { promisify } from "util";
+
+const randomBytesAsync = promisify(randomBytes);
+
+export async function generateSecurePassword(): Promise<string> {
+    const buf = await randomBytesAsync(16);
+    const pass = buf.toString("base64url");
+    return pass;
+}
diff --git a/src/tools/atlas/create/createDBUser.ts b/src/tools/atlas/create/createDBUser.ts
@@ -3,6 +3,7 @@ import { CallToolResult } from "@modelcontextprotocol/sdk/types.js";
 import { AtlasToolBase } from "../atlasTool.js";
 import { ToolArgs, OperationType } from "../../tool.js";
 import { CloudDatabaseUser, DatabaseUserRole } from "../../../common/atlas/openapi.js";
+import { generateSecurePassword } from "../../../common/atlas/generatePassword.js";
 
 export class CreateDBUserTool extends AtlasToolBase {
     protected name = "atlas-create-db-user";
@@ -11,7 +12,16 @@ export class CreateDBUserTool extends AtlasToolBase {
     protected argsShape = {
         projectId: z.string().describe("Atlas project ID"),
         username: z.string().describe("Username for the new user"),
-        password: z.string().describe("Password for the new user"),
+        // Models will generate overly simplistic passwords like SecurePassword123 or
+        // AtlasPassword123, which are easily guessable and exploitable. We're instructing
+        // the model not to try and generate anything and instead leave the field unset.
+        password: z
+            .string()
+            .optional()
+            .nullable()
+            .describe(
+                "Password for the new user. If the user hasn't supplied an explicit password, leave it unset and under no circumstances try to generate a random one. A secure password will be generated by the MCP server if necessary."
+            ),
         roles: z
             .array(
                 z.object({
@@ -34,6 +44,11 @@ export class CreateDBUserTool extends AtlasToolBase {
         roles,
         clusters,
     }: ToolArgs<typeof this.argsShape>): Promise<CallToolResult> {
+        const shouldGeneratePassword = !password;
+        if (shouldGeneratePassword) {
+            password = await generateSecurePassword();
+        }
+
         const input = {
             groupId: projectId,
             awsIAMType: "NONE",
@@ -62,7 +77,12 @@ export class CreateDBUserTool extends AtlasToolBase {
         });
 
         return {
-            content: [{ type: "text", text: `User "${username}" created sucessfully.` }],
+            content: [
+                {
+                    type: "text",
+                    text: `User "${username}" created sucessfully${shouldGeneratePassword ? ` with password: \`${password}\`` : ""}.`,
+                },
+            ],
         };
     }
 }
diff --git a/src/tools/atlas/metadata/connectCluster.ts b/src/tools/atlas/metadata/connectCluster.ts
@@ -2,19 +2,10 @@ import { z } from "zod";
 import { CallToolResult } from "@modelcontextprotocol/sdk/types.js";
 import { AtlasToolBase } from "../atlasTool.js";
 import { ToolArgs, OperationType } from "../../tool.js";
-import { randomBytes } from "crypto";
-import { promisify } from "util";
+import { generateSecurePassword } from "../../../common/atlas/generatePassword.js";
 
 const EXPIRY_MS = 1000 * 60 * 60 * 12; // 12 hours
 
-const randomBytesAsync = promisify(randomBytes);
-
-async function generateSecurePassword(): Promise<string> {
-    const buf = await randomBytesAsync(16);
-    const pass = buf.toString("base64url");
-    return pass;
-}
-
 export class ConnectClusterTool extends AtlasToolBase {
     protected name = "atlas-connect-cluster";
     protected description = "Connect to MongoDB Atlas cluster";
diff --git a/tests/integration/helpers.ts b/tests/integration/helpers.ts
@@ -117,7 +117,7 @@ export function getResponseElements(content: unknown | { content: unknown }): {
         content = (content as { content: unknown }).content;
     }
 
-    expect(Array.isArray(content)).toBe(true);
+    expect(content).toBeArray();
 
     const response = content as { type: string; text: string }[];
     for (const item of response) {
diff --git a/tests/integration/tools/atlas/dbUsers.test.ts b/tests/integration/tools/atlas/dbUsers.test.ts
@@ -1,7 +1,7 @@
 import { CallToolResult } from "@modelcontextprotocol/sdk/types.js";
 import { Session } from "../../../../src/session.js";
 import { describeWithAtlas, withProject, randomId } from "./atlasHelpers.js";
-import { expectDefined } from "../../helpers.js";
+import { expectDefined, getResponseElements } from "../../helpers.js";
 
 describeWithAtlas("db users", (integration) => {
     const userName = "testuser-" + randomId;
@@ -34,10 +34,11 @@ describeWithAtlas("db users", (integration) => {
                 expect(createDbUser.inputSchema.properties).toHaveProperty("roles");
                 expect(createDbUser.inputSchema.properties).toHaveProperty("clusters");
             });
-            it("should create a database user", async () => {
+
+            it("should create a database user with supplied password", async () => {
                 const projectId = getProjectId();
 
-                const response = (await integration.mcpClient().callTool({
+                const response = await integration.mcpClient().callTool({
                     name: "atlas-create-db-user",
                     arguments: {
                         projectId,
@@ -50,10 +51,32 @@ describeWithAtlas("db users", (integration) => {
                             },
                         ],
                     },
-                })) as CallToolResult;
-                expect(response.content).toBeArray();
-                expect(response.content).toHaveLength(1);
-                expect(response.content[0].text).toContain("created sucessfully");
+                });
+                const elements = getResponseElements(response);
+                expect(elements).toHaveLength(1);
+                expect(elements[0].text).toContain("created sucessfully");
+            });
+
+            it("should create a database user with generated password", async () => {
+                const projectId = getProjectId();
+
+                const response = await integration.mcpClient().callTool({
+                    name: "atlas-create-db-user",
+                    arguments: {
+                        projectId,
+                        username: userName,
+                        roles: [
+                            {
+                                roleName: "readWrite",
+                                databaseName: "admin",
+                            },
+                        ],
+                    },
+                });
+                const elements = getResponseElements(response);
+                expect(elements).toHaveLength(1);
+                expect(elements[0].text).toContain("created sucessfully");
+                expect(elements[0].text).toContain("with password: `");
             });
         });
         describe("atlas-list-db-users", () => {

Original file line number	Diff line number	Diff line change
`@@ -117,7 +117,7 @@ export function getResponseElements(content: unknown \| { content: unknown }): {`
`117`	`117`	`content = (content as { content: unknown }).content;`
`118`	`118`	`}`
`119`	`119`
`120`		`- expect(Array.isArray(content)).toBe(true);`
	`120`	`+ expect(content).toBeArray();`
`121`	`121`
`122`	`122`	`const response = content as { type: string; text: string }[];`
`123`	`123`	`for (const item of response) {`