NodeRed crashes when subscribe Channel with no Permission Uncaught Exception

[PJ-Schulz]

Hello,

we have a Redis Server with User permissions set. This is our acl list:

1) "user admin on #2d2cfc734e02c9a98fcce756a036d45d02df61b998170eb8a14649fb89188cad ~* &* +@all"
2) "user nodered on #9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 resetchannels &controller-messages* -@all +subscribe +info (resetchannels &controller-messages-bar -@all)"

The user nodered in redis has permission to subscribe to the controller-messages* channel. However, we have explicitly restricted his ability to subscribe to the controller-messages-bar channel.

Now we want to test it in Node-Red with this library and the Node redis-in. We had configured three redis-in Nodes:

• controller-messages-foo
• controller-messages-moin
• controller-messages-bar

What We expected from our test is that an error is displayed in the NodeRed web interface, either on the node itself or in the debug window. After we deployed the flow, NodeRed crashes immediately with this exception:

28 Jul 07:54:04 - [red] Uncaught Exception:
28 Jul 07:54:04 - [error] ReplyError: NOPERM this user has no permissions to access one of the channels used as arguments
    at parseError (/usr/src/node-red/node_modules/redis-parser/lib/parser.js:179:12)
    at parseType (/usr/src/node-red/node_modules/redis-parser/lib/parser.js:302:14)

The problem is now, that after the deployment, the flows.json file was written and on every restart of NodeRed it uses this flows.json and crashes immediately, too. There is no chance to open it in the webinterface to make any chances. The only chance is to change it in the flows.json, but because of the fact, that we are using Node-Red in Kubernetes this is not so easy.

Getting back to the problem at hand, I think it's a bug that NodeRed is crashing with the Uncaught Exception. Instead of displaying an error in the web interface.