Skip to content

Commit

Permalink
feat(redis) add support for username/password auth (#121)
Browse files Browse the repository at this point in the history
  • Loading branch information
gruceo authored Aug 13, 2024
1 parent 415be3f commit 186ab23
Show file tree
Hide file tree
Showing 3 changed files with 199 additions and 5 deletions.
20 changes: 17 additions & 3 deletions .github/workflows/tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ jobs:
lua_nginx_module: "v0.10.21"
stream_lua_nginx_module: "v0.0.11"
lua_resty_core: "v0.1.23"

env:
JOBS: 3
SH: bash
Expand All @@ -67,11 +67,12 @@ jobs:
LUACHECK_VER: 0.21.1
CC: gcc
NGX_BUILD_CC: gcc

NGINX_CC_OPTS: ""
LUAJIT_CC_OPTS: ""

services:
# Redis with auth disabled
redis:
image: redis
# Set health checks to wait until redis has started
Expand All @@ -82,11 +83,24 @@ jobs:
--health-retries 5
ports:
- 6379:6379
# Redis with auth enabled
redis-auth:
image: redis/redis-stack-server
# Set health checks to wait until redis has started
options: >-
--health-cmd "redis-cli ping"
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
- 6380:6379
env:
REDIS_ARGS: "--requirepass passdefault"

steps:
- name: Checkout source code
uses: actions/checkout@v2

- name: Setup cache
uses: actions/cache@v2
with:
Expand Down
16 changes: 14 additions & 2 deletions lib/resty/acme/storage/redis.lua
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ function _M.new(conf)
ssl_server_name = conf.ssl_server_name,
namespace = conf.namespace or "",
scan_count = conf.scan_count or 10,
username = conf.username,
password = conf.password,
},
mt
)
Expand All @@ -42,8 +44,18 @@ local function op(self, op, ...)
if not ok then
return nil, err
end

if self.auth then

if self.username and self.password then
local _, err = client:auth(self.username, self.password)
if err then
return nil, "authentication failed " .. err
end
elseif self.password then
local _, err = client:auth(self.password)
if err then
return nil, "authentication failed " .. err
end
elseif self.auth then
local _, err = client:auth(self.auth)
if err then
return nil, "authentication failed " .. err
Expand Down
168 changes: 168 additions & 0 deletions t/storage/redis.t
Original file line number Diff line number Diff line change
Expand Up @@ -556,3 +556,171 @@ test14:50
--- no_error_log
[error]

=== TEST 15: Redis auth works with username and password
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local st = test_lib.new({ username = "default", password = "passdefault", port = 6380 })
local err = st:set("key2", "3")
ngx.say(err)
local v, err = st:get("key2")
ngx.say(err)
ngx.say(v)
}
}
--- request
GET /t
--- response_body_like eval
"nil
nil
3
"
--- no_error_log
[error]

=== TEST 16: Redis auth works with single auth (backwards compatibility)
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local st = test_lib.new({auth = "passdefault", port = 6380 })
local err = st:set("key2", "3")
ngx.say(err)
local v, err = st:get("key2")
ngx.say(err)
ngx.say(v)
}
}
--- request
GET /t
--- response_body_like eval
"nil
nil
3
"
--- no_error_log
[error]

=== TEST 17: Redis auth works with just password
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local st = test_lib.new({ password = "passdefault", port = 6380 })
local err = st:set("key2", "3")
ngx.say(err)
local v, err = st:get("key2")
ngx.say(err)
ngx.say(v)
}
}
--- request
GET /t
--- response_body_like eval
"nil
nil
3
"
--- no_error_log
[error]

=== TEST 18: Redis auth fails with just username with error "NOAUTH Authentication required"
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local st = test_lib.new({ username = "default", port = 6380 })
local err = st:set("key2", "3")
ngx.say(err)
local v, err = st:get("key2")
ngx.say(err)
ngx.say(v)
}
}
--- request
GET /t
--- response_body_like eval
"NOAUTH Authentication required"
--- no_error_log
[error]

=== TEST 19: Redis auth fails with wrong username
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local st = test_lib.new({ username = "kong", port = 6380 })
local err = st:set("key2", "3")
ngx.say(err)
local v, err = st:get("key2")
ngx.say(err)
ngx.say(v)
}
}
--- request
GET /t
--- response_body_like eval
"NOAUTH Authentication required"
--- no_error_log
[error]

=== TEST 20: Redis auth fails with wrong password and no username with error "authentication failed WRONGPASS"
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local st = test_lib.new({ password = "wrongpass", port = 6380 })
local err = st:set("key2", "3")
ngx.say(err)
local v, err = st:get("key2")
ngx.say(err)
ngx.say(v)
}
}
--- request
GET /t
--- response_body_like eval
"authentication failed WRONGPASS"
--- no_error_log
[error]

=== TEST 21: Redis auth fails with wrong password and correct username with error "authentication failed WRONGPASS"
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local st = test_lib.new({ username = "default", password = "wrongpass", port = 6380 })
local err = st:set("key2", "3")
ngx.say(err)
local v, err = st:get("key2")
ngx.say(err)
ngx.say(v)
}
}
--- request
GET /t
--- response_body_like eval
"authentication failed WRONGPASS"
--- no_error_log
[error]

=== TEST 22: Redis auth fails with correct password and wrong username with error "authentication failed WRONGPASS"
--- http_config eval: $::HttpConfig
--- config
location =/t {
content_by_lua_block {
local st = test_lib.new({ username = "kong", password = "passdefault", port = 6380 })
local err = st:set("key2", "3")
ngx.say(err)
local v, err = st:get("key2")
ngx.say(err)
ngx.say(v)
}
}
--- request
GET /t
--- response_body_like eval
"authentication failed WRONGPASS"
--- no_error_log
[error]

0 comments on commit 186ab23

Please sign in to comment.