blob: c7c2def779b11f49ffd43b5578ba7c2493bafaae (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
|
set testmodule [file normalize tests/modules/auth.so]
start_server {tags {"modules"}} {
r module load $testmodule
test {Modules can create a user that can be authenticated} {
# Make sure we start authenticated with default user
r auth default ""
assert_equal [r acl whoami] "default"
r auth.createmoduleuser
set id [r auth.authmoduleuser]
assert_equal [r client id] $id
# Verify returned id is the same as our current id and
# we are authenticated with the specified user
assert_equal [r acl whoami] "global"
}
test {De-authenticating clients is tracked and kills clients} {
assert_equal [r auth.changecount] 0
r auth.createmoduleuser
# Catch the I/O exception that was thrown when Redis
# disconnected with us.
catch { [r ping] } e
assert_match {*I/O*} $e
# Check that a user change was registered
assert_equal [r auth.changecount] 1
}
test {Modules can't authenticate with ACLs users that dont exist} {
catch { [r auth.authrealuser auth-module-test-fake] } e
assert_match {*Invalid user*} $e
}
test {Modules can authenticate with ACL users} {
assert_equal [r acl whoami] "default"
# Create user to auth into
r acl setuser auth-module-test on allkeys allcommands
set id [r auth.authrealuser auth-module-test]
# Verify returned id is the same as our current id and
# we are authenticated with the specified user
assert_equal [r client id] $id
assert_equal [r acl whoami] "auth-module-test"
}
test {Client callback is called on user switch} {
assert_equal [r auth.changecount] 0
# Auth again and validate change count
r auth.authrealuser auth-module-test
assert_equal [r auth.changecount] 1
# Re-auth with the default user
r auth default ""
assert_equal [r auth.changecount] 1
assert_equal [r acl whoami] "default"
# Re-auth with the default user again, to
# verify the callback isn't fired again
r auth default ""
assert_equal [r auth.changecount] 0
assert_equal [r acl whoami] "default"
}
test {modules can redact arguments} {
r config set slowlog-log-slower-than 0
r slowlog reset
r auth.redact 1 2 3 4
r auth.redact 1 2 3
r config set slowlog-log-slower-than -1
set slowlog_resp [r slowlog get]
# There will be 3 records, slowlog reset and the
# two auth redact calls.
assert_equal 3 [llength $slowlog_resp]
assert_equal {slowlog reset} [lindex [lindex $slowlog_resp 2] 3]
assert_equal {auth.redact 1 (redacted) 3 (redacted)} [lindex [lindex $slowlog_resp 1] 3]
assert_equal {auth.redact (redacted) 2 (redacted)} [lindex [lindex $slowlog_resp 0] 3]
}
test "Unload the module - testacl" {
assert_equal {OK} [r module unload testacl]
}
}
|
