ACL: AUTH + no default user password raises an error.

This way the behavior is very similar to the past one. This is useful in order to remember the user she probably failed to configure a password correctly.
2019-01-17 18:30:23 +01:00 · 2019-01-17 18:30:23 +01:00 · d26ecf2415
commit d26ecf2415
parent d8dc50be2f
2 changed files with 15 additions and 6 deletions
--- a/src/server.c
+++ b/src/server.c
@ -2901,6 +2901,15 @@ void authCommand(client *c) {
     * will just use "default" as username. */
    robj *username, *password;
    if (c->argc == 2) {
+        /* Mimic the old behavior of giving an error for the two commands
+         * from if no password is configured. */
+        if (DefaultUser->flags & USER_FLAG_NOPASS) {
+            addReplyError(c,"AUTH <password> called without any password "
+                            "configured for the default user. Are you sure "
+                            "your configuration is correct?");
+            return;
+        }
+
        username = createStringObject("default",7);
        password = c->argv[1];
    } else {
--- a/tests/unit/auth.tcl
+++ b/tests/unit/auth.tcl
@ -2,14 +2,14 @@ start_server {tags {"auth"}} {
    test {AUTH fails if there is no password configured server side} {
        catch {r auth foo} err
        set _ $err
-    } {ERR*no password*}
+    } {ERR*any password*}
 }

 start_server {tags {"auth"} overrides {requirepass foobar}} {
    test {AUTH fails when a wrong password is given} {
        catch {r auth wrong!} err
        set _ $err
-    } {ERR*invalid password}
+    } {WRONGPASS*}

    test {Arbitrary command gives an error when AUTH is required} {
        catch {r set foo bar} err