From b87815c1f800690c90bbc6c50bbe62878841d0b9 Mon Sep 17 00:00:00 2001
From: antirez <antirez@gmail.com>
Date: Thu, 17 Jan 2019 18:30:23 +0100
Subject: ACL: AUTH + no default user password raises an error.

This way the behavior is very similar to the past one.
This is useful in order to remember the user she probably failed to
configure a password correctly.
---
 src/server.c        | 17 +++++++++++++----
 tests/unit/auth.tcl |  4 ++--
 2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/src/server.c b/src/server.c
index 541d41075..37757b211 100644
--- a/src/server.c
+++ b/src/server.c
@@ -2901,6 +2901,15 @@ void authCommand(client *c) {
      * will just use "default" as username. */
     robj *username, *password;
     if (c->argc == 2) {
+        /* Mimic the old behavior of giving an error for the two commands
+         * from if no password is configured. */
+        if (DefaultUser->flags & USER_FLAG_NOPASS) {
+            addReplyError(c,"AUTH <password> called without any password "
+                            "configured for the default user. Are you sure "
+                            "your configuration is correct?");
+            return;
+        }
+
         username = createStringObject("default",7);
         password = c->argv[1];
     } else {
@@ -2909,11 +2918,11 @@ void authCommand(client *c) {
     }
 
     if (ACLCheckUserCredentials(username,password) == C_OK) {
-      c->authenticated = 1;
-      c->user = ACLGetUserByName(username->ptr,sdslen(username->ptr));
-      addReply(c,shared.ok);
+        c->authenticated = 1;
+        c->user = ACLGetUserByName(username->ptr,sdslen(username->ptr));
+        addReply(c,shared.ok);
     } else {
-      addReplyError(c,"-WRONGPASS invalid username-password pair");
+        addReplyError(c,"-WRONGPASS invalid username-password pair");
     }
 
     /* Free the "default" string object we created for the two
diff --git a/tests/unit/auth.tcl b/tests/unit/auth.tcl
index 633cda95c..9080d4bf7 100644
--- a/tests/unit/auth.tcl
+++ b/tests/unit/auth.tcl
@@ -2,14 +2,14 @@ start_server {tags {"auth"}} {
     test {AUTH fails if there is no password configured server side} {
         catch {r auth foo} err
         set _ $err
-    } {ERR*no password*}
+    } {ERR*any password*}
 }
 
 start_server {tags {"auth"} overrides {requirepass foobar}} {
     test {AUTH fails when a wrong password is given} {
         catch {r auth wrong!} err
         set _ $err
-    } {ERR*invalid password}
+    } {WRONGPASS*}
 
     test {Arbitrary command gives an error when AUTH is required} {
         catch {r set foo bar} err
-- 
cgit v1.2.1