fffonion · fffonion · Aug 13, 2024 · Aug 13, 2024 · Aug 13, 2024 · Aug 13, 2024
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -49,7 +49,7 @@ jobs:
           lua_nginx_module: "v0.10.21"
           stream_lua_nginx_module: "v0.0.11"
           lua_resty_core: "v0.1.23"
-        
+
     env:
       JOBS: 3
       SH: bash
@@ -67,11 +67,12 @@ jobs:
       LUACHECK_VER: 0.21.1
       CC: gcc
       NGX_BUILD_CC: gcc
-  
+
       NGINX_CC_OPTS: ""
       LUAJIT_CC_OPTS: ""
 
     services:
+      # Redis with auth disabled
       redis:
         image: redis
         # Set health checks to wait until redis has started
@@ -82,11 +83,24 @@ jobs:
           --health-retries 5
         ports:
           - 6379:6379
+      # Redis with auth enabled
+      redis-auth:
+        image: redis/redis-stack-server
+        # Set health checks to wait until redis has started
+        options: >-
+          --health-cmd "redis-cli ping"
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        ports:
+          - 6380:6379
+        env:
+          REDIS_ARGS: "--requirepass passdefault"
 
     steps:
     - name: Checkout source code
       uses: actions/checkout@v2
-    
+
     - name: Setup cache
       uses: actions/cache@v2
       with:

diff --git a/lib/resty/acme/storage/redis.lua b/lib/resty/acme/storage/redis.lua
@@ -22,6 +22,8 @@ function _M.new(conf)
       ssl_server_name = conf.ssl_server_name,
       namespace = conf.namespace or "",
       scan_count = conf.scan_count or 10,
+      username = conf.username,
+      password = conf.password,
     },
     mt
   )
@@ -42,8 +44,18 @@ local function op(self, op, ...)
   if not ok then
     return nil, err
   end
-
-  if self.auth then
+
+  if self.username and self.password then
+    local _, err = client:auth(self.username, self.password)
+    if not ok then
+      return nil, "authentication failed " .. err
+    end
+  elseif self.password then
+    local _, err = client:auth(self.password)
+    if err then
+      return nil, "authentication failed " .. err
+    end
+  elseif self.auth then
     local _, err = client:auth(self.auth)
     if err then
       return nil, "authentication failed " .. err

diff --git a/t/storage/redis.t b/t/storage/redis.t
@@ -556,3 +556,171 @@ test14:50
 --- no_error_log
 [error]
 
+=== TEST 15: Redis auth works with username and password
+--- http_config eval: $::HttpConfig
+--- config
+    location =/t {
+        content_by_lua_block {
+            local st = test_lib.new({ username = "default", password = "passdefault", port = 6380 })
+            local err = st:set("key2", "3")
+            ngx.say(err)
+            local v, err = st:get("key2")
+            ngx.say(err)
+            ngx.say(v)
+        }
+    }
+--- request
+    GET /t
+--- response_body_like eval
+"nil
+nil
+3
+"
+--- no_error_log
+[error]
+
+=== TEST 16: Redis auth works with single auth (backwards compatibility)
+--- http_config eval: $::HttpConfig
+--- config
+    location =/t {
+        content_by_lua_block {
+            local st = test_lib.new({auth = "passdefault", port = 6380 })
+            local err = st:set("key2", "3")
+            ngx.say(err)
+            local v, err = st:get("key2")
+            ngx.say(err)
+            ngx.say(v)
+        }
+    }
+--- request
+    GET /t
+--- response_body_like eval
+"nil
+nil
+3
+"
+--- no_error_log
+[error]
+
+=== TEST 17: Redis auth works with just password
+--- http_config eval: $::HttpConfig
+--- config
+    location =/t {
+        content_by_lua_block {
+            local st = test_lib.new({ password = "passdefault", port = 6380 })
+            local err = st:set("key2", "3")
+            ngx.say(err)
+            local v, err = st:get("key2")
+            ngx.say(err)
+            ngx.say(v)
+        }
+    }
+--- request
+    GET /t
+--- response_body_like eval
+"nil
+nil
+3
+"
+--- no_error_log
+[error]
+
+=== TEST 18: Redis auth fails with just username
+--- http_config eval: $::HttpConfig
+--- config
+    location =/t {
+        content_by_lua_block {
+            local st = test_lib.new({ username = "default", port = 6380 })
+            local err = st:set("key2", "3")
+            ngx.say(err)
+            local v, err = st:get("key2")
+            ngx.say(err)
+            ngx.say(v)
+        }
+    }
+--- request
+    GET /t
+--- response_body_like eval
+"NOAUTH Authentication required"
+--- no_error_log
+[error]
+
+=== TEST 19: Redis auth fails with wrong username
+--- http_config eval: $::HttpConfig
+--- config
+    location =/t {
+        content_by_lua_block {
+            local st = test_lib.new({ username = "kong", port = 6380 })
+            local err = st:set("key2", "3")
+            ngx.say(err)
+            local v, err = st:get("key2")
+            ngx.say(err)
+            ngx.say(v)
+        }
+    }
+--- request
+    GET /t
+--- response_body_like eval
+"NOAUTH Authentication required"
+--- no_error_log
+[error]
+
+=== TEST 20: Redis auth fails with wrong password and no username with error "authentication failed WRONGPASS"
+--- http_config eval: $::HttpConfig
+--- config
+    location =/t {
+        content_by_lua_block {
+            local st = test_lib.new({ password = "wrongpass", port = 6380 })
+            local err = st:set("key2", "3")
+            ngx.say(err)
+            local v, err = st:get("key2")
+            ngx.say(err)
+            ngx.say(v)
+        }
+    }
+--- request
+    GET /t
+--- response_body_like eval
+"authentication failed WRONGPASS"
+--- no_error_log
+[error]
+
+=== TEST 21: Redis auth fails with wrong password and correct username with error "NOAUTH Authentication required"
+--- http_config eval: $::HttpConfig
+--- config
+    location =/t {
+        content_by_lua_block {
+            local st = test_lib.new({ username = "default", password = "wrongpass", port = 6380 })
+            local err = st:set("key2", "3")
+            ngx.say(err)
+            local v, err = st:get("key2")
+            ngx.say(err)
+            ngx.say(v)
+        }
+    }
+--- request
+    GET /t
+--- response_body_like eval
+"NOAUTH Authentication required"
+--- no_error_log
+[error]
+
+=== TEST 22: Redis auth fails with correct password and wrong username with error "NOAUTH Authentication required"
+--- http_config eval: $::HttpConfig
+--- config
+    location =/t {
+        content_by_lua_block {
+            local st = test_lib.new({ username = "kong", password = "passdefault", port = 6380 })
+            local err = st:set("key2", "3")
+            ngx.say(err)
+            local v, err = st:get("key2")
+            ngx.say(err)
+            ngx.say(v)
+        }
+    }
+--- request
+    GET /t
+--- response_body_like eval
+"NOAUTH Authentication required"
+--- no_error_log
+[error]