mirrors/dragonflydb-dragonfly
1
0
Fork 0
mirror of https://github.com/dragonflydb/dragonfly.git synced 2024-12-14 11:58:02 +00:00
Code Activity

fix: allow non hashed passwords when loading users from acl file (#2982)

Browse source 
* allow non hashed passwords when loading from acl file
This commit is contained in:
Kostas Kyrimis 2024-05-01 09:57:59 +03:00 committed by GitHub
parent ab269553ac
commit 39c7cfdf72
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 15 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
src/server/acl/helpers.cc
View file

@ -116,12 +116,11 @@ std::optional<std::string> MaybeParsePassword(std::string_view command, bool has
return std::string(command);
}
char symbol = hashed ? '#' : '>';
if (command[0] != symbol) {
return {};
if (command[0] == '>' || (hashed && command[0] == '#')) {
return std::string(command.substr(1));
}
return std::string(command.substr(1));
return {};
}
std::optional<bool> MaybeParseStatus(std::string_view command) {
@ -231,7 +230,9 @@ std::variant<User::UpdateRequest, ErrorReply> ParseAclSetUser(T args,
return ErrorReply("Only one password is allowed");
}
req.password = std::move(pass);
if (hashed && absl::StartsWith(facade::ToSV(arg), "#")) {
req.is_hashed = hashed;
}
continue;
}

1
src/server/acl/helpers.h
View file

@ -23,6 +23,7 @@ std::string AclCommandToString(const std::vector<uint64_t>& acl_category);
std::string PrettyPrintSha(std::string_view pass, bool all = false);
// When hashed is true, we allow passwords that start with both # and >
std::optional<std::string> MaybeParsePassword(std::string_view command, bool hashed = false);
std::optional<bool> MaybeParseStatus(std::string_view command);

9
tests/dragonfly/acl_family_test.py
View file

@ -323,12 +323,19 @@ async def test_bad_acl_file(df_local_factory, tmp_dir):
@pytest.mark.asyncio
@dfly_args({"port": 1111})
async def test_good_acl_file(df_local_factory, tmp_dir):
acl = create_temp_file("", tmp_dir)
acl = create_temp_file("USER MrFoo ON >mypass", tmp_dir)
df = df_local_factory.create(aclfile=acl)
df.start()
client = df.client()
await client.execute_command("ACL LOAD")
result = await client.execute_command("ACL LIST")
assert 2 == len(result)
assert "user MrFoo on ea71c25a7a60224 +@NONE" in result
assert "user default on nopass +@ALL +ALL ~*" in result
await client.execute_command("ACL DELUSER MrFoo")
await client.execute_command("ACL SETUSER roy ON >mypass +@STRING +HSET")
await client.execute_command("ACL SETUSER shahar >mypass +@SET")
await client.execute_command("ACL SETUSER vlad +@STRING ~foo ~bar*")