search

nicolasff / webdis

A Redis HTTP interface with JSON output
https://webd.is
BSD 2-Clause "Simplified" License
2.82k stars 307 forks source link

Fallen at first hurdle - NOAUTH #219

Closed TIMAI2 closed 2 years ago

TIMAI2 commented 2 years ago

Ubuntu 18.04 LTS / Redis Server v5.07 Webdis installed and runs just fine, but when I try out the first curl command I get this

curl http://127.0.0.1:7379/SET/hello/world
{"SET":[false,"NOAUTH Authentication required."]}[2]+  Done

The webdis.conf is set correctly for redis_auth with the password I have in redis.conf:

redis_auth: "mypassword",

I can access the redis cli just fine with the password.

If I remove the password in redis and webdis, then the curl commands work (My password is 30 characters long and ends with an equals sign (=) )

What am I missing ?

TIMAI2 commented 2 years ago

Solved The problem was the equals sign in the redis password. Seems webdis unable to pass an equals sign as a part of a valid redis password.

TIMAI2 commented 2 years ago

Actually, not solved, must have still had an authenticating session open after resetting the redis password Will keep testing.... A simple 6 character password again seems to work. If this is working, and i am not somehow caught up in a old session again, how long can the redis password be for it to work with webdis?

nicolasff commented 2 years ago

Hi Tim,

I can't reproduce this issue.

I added a password to my Redis instance, it's 60 characters long and ends with =:

$ grep ^requirepass redis.conf
requirepass e75cb77b9f977c801c4ecfa173331ee3e2670087a8107ffd2f5be5e7939=

Without giving Webdis the password, it fails as expected:

$ grep redis.auth webdis.json
    "redis_auth":   null,
$ ./webdis webdis.json
$ curl http://127.0.0.1:7379/PING
{"PING":[false,"NOAUTH Authentication required."]}

So I set the password, and now it authenticates before sending commands:

$ grep redis.auth webdis.json
    "redis_auth":   "e75cb77b9f977c801c4ecfa173331ee3e2670087a8107ffd2f5be5e7939=",
$ ./webdis webdis.json
$ curl http://127.0.0.1:7379/PING
{"PING":[true,"PONG"]}

If the password is incorrect and Redis rejects the AUTH command when Webdis sets up its connection pool, you should see an error being logged:

[40947] 14 Mar 08:11:53 E Authentication failed: WRONGPASS invalid username-password pair or user is disabled.

Do you see anything like this in the logs? Also, do you use the "old" instance-wide authentication system with requirepass, or the "new" Redis 6+ ACL system?

TIMAI2 commented 2 years ago

I am running Redis 5.07, therefore using the requirepass password.

I threw my 30 character password back at redis and webdis, and they now appear to be playing nicely. Not sure what the original problem was but for the time being all is OK.

Thank you very much for your advice, time and support

nicolasff commented 2 years ago

I'm glad to hear that things work well now!

Whenever you decide to upgrade to Redis 6 and start using its new ACL system, note that the same config key redis_auth is used in webdis.json, except that in that case it takes an array of username and password – both strings – rather than a single secret value. You can find an example in this section of the Webdis README. Note also that you need Webdis 0.1.13 and above, although this version is getting a bit old now (released over a year ago).

Are we good to close this issue then?