Fix for issue #132. Now AUTH raises an error if no server password is configured.

2 files changed, 17 insertions, 3 deletions

diff --git a/src/redis.c b/src/redis.c
index 658d24867..83aa3a824 100644
--- a/src/redis.c
+++ b/src/redis.c
@@ -1249,7 +1249,9 @@ int prepareForShutdown() {
 /*================================== Commands =============================== */
 
 void authCommand(redisClient *c) {
-    if (!server.requirepass || !strcmp(c->argv[1]->ptr, server.requirepass)) {
+    if (!server.requirepass) {
+        addReplyError(c,"Client sent AUTH, but no password is set");
+    } else if (!strcmp(c->argv[1]->ptr, server.requirepass)) {
       c->authenticated = 1;
       addReply(c,shared.ok);
     } else {
diff --git a/tests/unit/auth.tcl b/tests/unit/auth.tcl
index 8ccda95df..bd4b8dca0 100644
--- a/tests/unit/auth.tcl
+++ b/tests/unit/auth.tcl
@@ -1,15 +1,27 @@
+start_server {tags {"auth"}} {
+    test {AUTH fails if there is no password configured server side} {
+        catch {r auth foo} err
+        set _ $err
+    } {ERR*no password*}
+}
+
 start_server {tags {"auth"} overrides {requirepass foobar}} {
     test {AUTH fails when a wrong password is given} {
         catch {r auth wrong!} err
-        format $err
+        set _ $err
     } {ERR*invalid password}
     
     test {Arbitrary command gives an error when AUTH is required} {
         catch {r set foo bar} err
-        format $err
+        set _ $err
     } {ERR*operation not permitted}
 
     test {AUTH succeeds when the right password is given} {
         r auth foobar
     } {OK}
+
+    test {Once AUTH succeeded we can actually send commands to the server} {
+        r set foo 100
+        r incr foo
+    } {101}
 }