search

bbangert / beaker

WSGI middleware for sessions and caching
https://beaker.readthedocs.org/
Other
517 stars 147 forks source link

Redis ext cannot handle passwords with special URL characters. #210

Open twiggy opened 3 years ago

twiggy commented 3 years ago

If your password for Redis AUTH has # or : in it, it will need to be url encoded. however, redis-py will not automatically decode the url with the current version.

Redis URLs with passwords are in the form of redis(s)://user:pass@server:port/db

If say you had redis://:my#Pass@127.0.0.1:6379/1 this forms an invalid URL

The solution would be to do something like redis://:my%35Pass@127.0.0.1:6379/1

redis-py supports this, however, versions 3.5.3 and below, from_url must be passed decode_components=True ... it defaults to False for now.

It looks like version 4.x will get rid of this and always decode the url, so we could end up with some compatibility issues if we try and pass it.

I was going to put forth a PR, but SyncDict was passing arguments in unnamed so could cause some issues there down the road. from_url probably won't change as far as URL being the first param.

The workaround is to construct your own StrictRedis ( really just Redis now ) and pass it. Already doing that do deal with SSL when the cert can't be verified, but an issue.

Looks a little something like this...I'm using pyramid and pyramid_beaker. How you get at your settings will be up to you.

    if settings['beaker.session.type'] == 'ext:redis' and settings['beaker.session.url'] == 'custom': 
        from redis import StrictRedis
        db = StrictRedis(host='127.0.0.1', port=6379, password = 'my#pass', db = 1)
        db.ping()
        db.set('_startup','_test')

        settings['beaker.session.url'] = db

       session_factory = session_factory_from_settings(settings)
       config.set_session_factory(session_factory)

Obviously another workaround is to not have a password with symbols :smile:

ljluestc commented 1 year ago

You can apply a workaround by manually constructing your StrictRedis instance and passing it to the Beaker session configuration in your Pyramid application. This allows you to handle the URL encoding and any other custom configurations for your Redis connection.

Here's a recap of the workaround you provided:

if settings['beaker.session.type'] == 'ext:redis' and settings['beaker.session.url'] == 'custom': 
    from redis import StrictRedis

    # Manually construct the StrictRedis instance with the proper URL encoding
    db = StrictRedis(host='127.0.0.1', port=6379, password='my%23pass', db=1)

    # Perform a test ping to check the connection
    db.ping()
    db.set('_startup', '_test')

    # Set the beaker.session.url to the custom Redis connection
    settings['beaker.session.url'] = db

# Set the session factory with the updated settings
session_factory = session_factory_from_settings(settings)
config.set_session_factory(session_factory)

Additionally, as you pointed out, another workaround is to avoid using passwords with special symbols in your Redis URL. This way, you can ensure that you won't encounter any URL encoding issues.

l