ACL: AUTH + no default user password raises an error.

This way the behavior is very similar to the past one. This is useful in order to remember the user she probably failed to configure a password correctly.
2025-03-17 16:10:50 +00:00 · 2019-01-17 18:30:23 +01:00 · 2019-01-17 18:30:23 +01:00 · b87815c1f8
commit b87815c1f8
parent 636424c0ce
2 changed files with 15 additions and 6 deletions
--- a/src/server.c
+++ b/src/server.c
@ -2901,6 +2901,15 @@ void authCommand(client *c) {
     * will just use "default" as username. */
    robj *username, *password;
    if (c->argc == 2) {
+        /* Mimic the old behavior of giving an error for the two commands
+         * from if no password is configured. */
+        if (DefaultUser->flags & USER_FLAG_NOPASS) {
+            addReplyError(c,"AUTH <password> called without any password "
+                            "configured for the default user. Are you sure "
+                            "your configuration is correct?");
+            return;
+        }
+
        username = createStringObject("default",7);
        password = c->argv[1];
    } else {
@ -2909,11 +2918,11 @@ void authCommand(client *c) {
    }

    if (ACLCheckUserCredentials(username,password) == C_OK) {
-      c->authenticated = 1;
-      c->user = ACLGetUserByName(username->ptr,sdslen(username->ptr));
-      addReply(c,shared.ok);
+        c->authenticated = 1;
+        c->user = ACLGetUserByName(username->ptr,sdslen(username->ptr));
+        addReply(c,shared.ok);
    } else {
-      addReplyError(c,"-WRONGPASS invalid username-password pair");
+        addReplyError(c,"-WRONGPASS invalid username-password pair");
    }

    /* Free the "default" string object we created for the two
--- a/tests/unit/auth.tcl
+++ b/tests/unit/auth.tcl
@ -2,14 +2,14 @@ start_server {tags {"auth"}} {
    test {AUTH fails if there is no password configured server side} {
        catch {r auth foo} err
        set _ $err
-    } {ERR*no password*}
+    } {ERR*any password*}
 }

 start_server {tags {"auth"} overrides {requirepass foobar}} {
    test {AUTH fails when a wrong password is given} {
        catch {r auth wrong!} err
        set _ $err
-    } {ERR*invalid password}
+    } {WRONGPASS*}

    test {Arbitrary command gives an error when AUTH is required} {
        catch {r set foo bar} err