From 0dc1417c1abdba9052dc19c805bf5e96af8e2731 Mon Sep 17 00:00:00 2001
From: Aapo Talvensaari <aapo.talvensaari@gmail.com>
Date: Mon, 11 Aug 2025 10:14:10 +0000
Subject: [PATCH 1/2] fix(redis-cluster): correctly pass username and password

### Summary

Fixed a bug in redis-cluster connector where username and password
authentication did not work properly (the authentication without
username did work properly).

The username and password authentication requires Kong fork of the
redis-cluster library: https://github.com/Kong/resty-redis-cluster,
and does not work with the: https://github.com/steve0511/resty-redis-cluster.
---
 Changes.md                          |  5 +++++
 lib/resty/session/redis/cluster.lua | 12 ++++++++----
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/Changes.md b/Changes.md
index bae78dd4..27c026d2 100644
--- a/Changes.md
+++ b/Changes.md
@@ -2,6 +2,11 @@
 
 All notable changes to `lua-resty-session` will be documented in this file.
 
+## [4.1.4] - 2025-08-11
+### Fixed
+- fix(redis-cluster): correctly pass username and password
+
+
 ## [4.1.3] - 2025-07-29
 ### Fixed
 - fix(utils): disable the SP800-132 compliance checks (on FIPS mode, but doesn't violate FIPS)
diff --git a/lib/resty/session/redis/cluster.lua b/lib/resty/session/redis/cluster.lua
index adc0daac..4a909a8a 100644
--- a/lib/resty/session/redis/cluster.lua
+++ b/lib/resty/session/redis/cluster.lua
@@ -207,12 +207,12 @@ function storage.new(configuration)
   local ssl_verify              = configuration and configuration.ssl_verify
   local server_name             = configuration and configuration.server_name
 
+
   local auth
-  if password then
-    if username then
-      auth = username .. " " .. password
-    else
+  if not username then
+    if password then
       auth = password
+      password = nil
     end
   end
 
@@ -234,6 +234,8 @@ function storage.new(configuration)
         max_connection_attempts = max_connection_attempts,
         max_connection_timeout = max_connection_timeout,
         auth = auth,
+        username = username,
+        password = password,
         connect_opts = {
           ssl = ssl,
           ssl_verify = ssl_verify,
@@ -263,6 +265,8 @@ function storage.new(configuration)
       max_connection_attempts = max_connection_attempts,
       max_connection_timeout = max_connection_timeout,
       auth = auth,
+      username = username,
+      password = password,
     },
   }, metatable)
 end

From 0796f88b32f4e407cc26e815432c1ec40b6b8e72 Mon Sep 17 00:00:00 2001
From: Aapo Talvensaari <aapo.talvensaari@gmail.com>
Date: Mon, 11 Aug 2025 10:16:30 +0000
Subject: [PATCH 2/2] chore(*): release 4.1.4

---
 lib/resty/session.lua                                         | 2 +-
 ...ion-4.1.3-1.rockspec => lua-resty-session-4.1.4-1.rockspec | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)
 rename lua-resty-session-4.1.3-1.rockspec => lua-resty-session-4.1.4-1.rockspec (97%)

diff --git a/lib/resty/session.lua b/lib/resty/session.lua
index bfd7506b..64512770 100644
--- a/lib/resty/session.lua
+++ b/lib/resty/session.lua
@@ -2294,7 +2294,7 @@ end
 
 
 local session = {
-  _VERSION = "4.1.3",
+  _VERSION = "4.1.4",
   metatable = metatable,
 }
 
diff --git a/lua-resty-session-4.1.3-1.rockspec b/lua-resty-session-4.1.4-1.rockspec
similarity index 97%
rename from lua-resty-session-4.1.3-1.rockspec
rename to lua-resty-session-4.1.4-1.rockspec
index 99b92b85..f6e6cd08 100644
--- a/lua-resty-session-4.1.3-1.rockspec
+++ b/lua-resty-session-4.1.4-1.rockspec
@@ -1,8 +1,8 @@
 package = "lua-resty-session"
-version = "4.1.3-1"
+version = "4.1.4-1"
 source = {
   url = "git+https://github.com/bungle/lua-resty-session.git",
-  tag = "v4.1.3",
+  tag = "v4.1.4",
 }
 description = {
   summary = "Session Library for OpenResty - Flexible and Secure",