1 files changed, 126 insertions, 0 deletions
diff --git a/examples/redis-unstable/tests/unit/auth.tcl b/examples/redis-unstable/tests/unit/auth.tcl
new file mode 100644
index 0000000..89fc4e0
--- /dev/null
+++ b/examples/redis-unstable/tests/unit/auth.tcl
@@ -0,0 +1,126 @@
+#
+# Copyright (c) 2009-Present, Redis Ltd.
+# All rights reserved.
+#
+# Copyright (c) 2024-present, Valkey contributors.
+# All rights reserved.
+#
+# Licensed under your choice of (a) the Redis Source Available License 2.0
+# (RSALv2); or (b) the Server Side Public License v1 (SSPLv1); or (c) the
+# GNU Affero General Public License v3 (AGPLv3).
+#
+# Portions of this file are available under BSD3 terms; see REDISCONTRIBUTIONS for more information.
+#
+start_server {tags {"auth external:skip"}} {
+    test {AUTH fails if there is no password configured server side} {
+        catch {r auth foo} err
+        set _ $err
+    } {ERR *any password*}
+    test {Arity check for auth command} {
+        catch {r auth a b c} err
+        set _ $err
+    } {*syntax error*}
+}
+start_server {tags {"auth external:skip"} overrides {requirepass foobar}} {
+    test {AUTH fails when a wrong password is given} {
+        catch {r auth wrong!} err
+        set _ $err
+    } {WRONGPASS*}
+    test {Arbitrary command gives an error when AUTH is required} {
+        catch {r set foo bar} err
+        set _ $err
+    } {NOAUTH*}
+    test {AUTH succeeds when the right password is given} {
+        r auth foobar
+    } {OK}
+    test {Once AUTH succeeded we can actually send commands to the server} {
+        r set foo 100
+        r incr foo
+    } {101}
+    test {For unauthenticated clients multibulk and bulk length are limited} {
+        set rr [redis [srv "host"] [srv "port"] 0 $::tls]
+        $rr write "*100\r\n"
+        $rr flush
+        catch {[$rr read]} e
+        assert_match {*unauthenticated multibulk length*} $e
+        $rr close
+        set rr [redis [srv "host"] [srv "port"] 0 $::tls]
+        $rr write "*1\r\n\$100000000\r\n"
+        $rr flush
+        catch {[$rr read]} e
+        assert_match {*unauthenticated bulk length*} $e
+        $rr close
+    }
+    test {For unauthenticated clients output buffer is limited} {
+        set rr [redis [srv "host"] [srv "port"] 1 $::tls]
+        $rr SET x 5
+        catch {[$rr read]} e
+        assert_match {*NOAUTH Authentication required*} $e
+        # Fill the output buffer in a loop without reading it and make
+        # sure the client disconnected.
+        # Considering the socket eat some of the replies, we are testing
+        # that such client can't consume more than few MB's.
+        catch {
+            for {set j 0} {$j < 1000000} {incr j} {
+                    $rr SET x 5
+            }
+        } e
+        assert_match {I/O error reading reply} $e
+    }
+}
+start_server {tags {"auth_binary_password external:skip"}} {
+    test {AUTH fails when binary password is wrong} {
+        r config set requirepass "abc\x00def"
+        catch {r auth abc} err
+        set _ $err
+    } {WRONGPASS*}
+    test {AUTH succeeds when binary password is correct} {
+        r config set requirepass "abc\x00def"
+        r auth "abc\x00def"
+    } {OK}
+    start_server {tags {"masterauth"}} {
+        set master [srv -1 client]
+        set master_host [srv -1 host]
+        set master_port [srv -1 port]
+        set slave [srv 0 client]
+        foreach rdbchannel {yes no} {
+            test "MASTERAUTH test with binary password rdbchannel=$rdbchannel" {
+                $slave slaveof no one
+                $master config set requirepass "abc\x00def"
+                $master config set repl-rdb-channel $rdbchannel
+                # Configure the replica with masterauth
+                set loglines [count_log_lines 0]
+                $slave config set masterauth "abc"
+                $slave config set repl-rdb-channel $rdbchannel
+                $slave slaveof $master_host $master_port
+                # Verify replica is not able to sync with master
+                wait_for_log_messages 0 {"*Unable to AUTH to MASTER*"} $loglines 1000 10
+                assert_equal {down} [s 0 master_link_status]
+                # Test replica with the correct masterauth
+                $slave config set masterauth "abc\x00def"
+                wait_for_condition 50 100 {
+                    [s 0 master_link_status] eq {up}
+                } else {
+                    fail "Can't turn the instance into a replica"
+                }
+            }
+        }
+    }
+}

diff --git a/examples/redis-unstable/tests/unit/auth.tcl b/examples/redis-unstable/tests/unit/auth.tcl new file mode 100644 index 0000000..89fc4e0 --- /dev/null +++ b/examples/redis-unstable/tests/unit/auth.tcl
@@ -0,0 +1,126 @@
	1	#
	2	# Copyright (c) 2009-Present, Redis Ltd.
	3	# All rights reserved.
	4	#
	5	# Copyright (c) 2024-present, Valkey contributors.
	6	# All rights reserved.
	7	#
	8	# Licensed under your choice of (a) the Redis Source Available License 2.0
	9	# (RSALv2); or (b) the Server Side Public License v1 (SSPLv1); or (c) the
	10	# GNU Affero General Public License v3 (AGPLv3).
	11	#
	12	# Portions of this file are available under BSD3 terms; see REDISCONTRIBUTIONS for more information.
	13	#
	14
	15	start_server {tags {"auth external:skip"}} {
	16	test {AUTH fails if there is no password configured server side} {
	17	catch {r auth foo} err
	18	set _ $err
	19	} {ERR any password}
	20
	21	test {Arity check for auth command} {
	22	catch {r auth a b c} err
	23	set _ $err
	24	} {syntax error}
	25	}
	26
	27	start_server {tags {"auth external:skip"} overrides {requirepass foobar}} {
	28	test {AUTH fails when a wrong password is given} {
	29	catch {r auth wrong!} err
	30	set _ $err
	31	} {WRONGPASS*}
	32
	33	test {Arbitrary command gives an error when AUTH is required} {
	34	catch {r set foo bar} err
	35	set _ $err
	36	} {NOAUTH*}
	37
	38	test {AUTH succeeds when the right password is given} {
	39	r auth foobar
	40	} {OK}
	41
	42	test {Once AUTH succeeded we can actually send commands to the server} {
	43	r set foo 100
	44	r incr foo
	45	} {101}
	46
	47	test {For unauthenticated clients multibulk and bulk length are limited} {
	48	set rr [redis [srv "host"] [srv "port"] 0 $::tls]
	49	$rr write "*100\r\n"
	50	$rr flush
	51	catch {[$rr read]} e
	52	assert_match {unauthenticated multibulk length} $e
	53	$rr close
	54
	55	set rr [redis [srv "host"] [srv "port"] 0 $::tls]
	56	$rr write "*1\r\n\$100000000\r\n"
	57	$rr flush
	58	catch {[$rr read]} e
	59	assert_match {unauthenticated bulk length} $e
	60	$rr close
	61	}
	62
	63	test {For unauthenticated clients output buffer is limited} {
	64	set rr [redis [srv "host"] [srv "port"] 1 $::tls]
	65	$rr SET x 5
	66	catch {[$rr read]} e
	67	assert_match {NOAUTH Authentication required} $e
	68
	69	# Fill the output buffer in a loop without reading it and make
	70	# sure the client disconnected.
	71	# Considering the socket eat some of the replies, we are testing
	72	# that such client can't consume more than few MB's.
	73	catch {
	74	for {set j 0} {$j < 1000000} {incr j} {
	75	$rr SET x 5
	76	}
	77	} e
	78	assert_match {I/O error reading reply} $e
	79	}
	80	}
	81
	82	start_server {tags {"auth_binary_password external:skip"}} {
	83	test {AUTH fails when binary password is wrong} {
	84	r config set requirepass "abc\x00def"
	85	catch {r auth abc} err
	86	set _ $err
	87	} {WRONGPASS*}
	88
	89	test {AUTH succeeds when binary password is correct} {
	90	r config set requirepass "abc\x00def"
	91	r auth "abc\x00def"
	92	} {OK}
	93
	94	start_server {tags {"masterauth"}} {
	95	set master [srv -1 client]
	96	set master_host [srv -1 host]
	97	set master_port [srv -1 port]
	98	set slave [srv 0 client]
	99
	100	foreach rdbchannel {yes no} {
	101	test "MASTERAUTH test with binary password rdbchannel=$rdbchannel" {
	102	$slave slaveof no one
	103	$master config set requirepass "abc\x00def"
	104	$master config set repl-rdb-channel $rdbchannel
	105
	106	# Configure the replica with masterauth
	107	set loglines [count_log_lines 0]
	108	$slave config set masterauth "abc"
	109	$slave config set repl-rdb-channel $rdbchannel
	110	$slave slaveof $master_host $master_port
	111
	112	# Verify replica is not able to sync with master
	113	wait_for_log_messages 0 {"Unable to AUTH to MASTER"} $loglines 1000 10
	114	assert_equal {down} [s 0 master_link_status]
	115
	116	# Test replica with the correct masterauth
	117	$slave config set masterauth "abc\x00def"
	118	wait_for_condition 50 100 {
	119	[s 0 master_link_status] eq {up}
	120	} else {
	121	fail "Can't turn the instance into a replica"
	122	}
	123	}
	124	}
	125	}
	126	}