Skip to content

[9.x] Ignore empty redis username string in PhpRedisConnector#41773

Merged
taylorotwell merged 2 commits into
laravel:9.xfrom
seanmtaylor:redis-empty-username
Apr 1, 2022
Merged

[9.x] Ignore empty redis username string in PhpRedisConnector#41773
taylorotwell merged 2 commits into
laravel:9.xfrom
seanmtaylor:redis-empty-username

Conversation

@seanmtaylor
Copy link
Copy Markdown
Contributor

@seanmtaylor seanmtaylor commented Apr 1, 2022
edited
Loading

A username option was added to the PhpRedisConnector in #41683.

However, some services, such as Heroku, produce a REDIS_URL connection string that has an empty username part.

This is causing the following exception:

RedisException: WRONGPASS invalid username-password pair or user is disabled.

So given the following REDIS_URL format:

redis://username:password@host:port

The following url string, with a blank username, will thrown an error.

redis://:abc123@redishost.example:12345

Solution

I have added an extra check to ensure that the provided username isn't an empty string before attempting to use it.

Considerations

I have used a $config['username'] !== '' check rather than ! empty($config['username']) in the small off chance that the username value is falsey (eg 0).

You might just say why not update the REDIS_URL and replace the empty username part with null.

That's possible, but the issue is services such as Heroku will generate these REDIS_* variables at any time, such as when upgrading the redis instance, so it would need to be manually changed each time the credentials were generated.

Tests

Sorry, I couldn't see any existing tests for this class so wasn't quite sure where to begin.

Feel free to point me in the right direction if a test is required for this.

@seanmtaylor seanmtaylor marked this pull request as ready for review April 1, 2022 11:07
@taylorotwell taylorotwell merged commit 1d82ec6 into laravel:9.x Apr 1, 2022
@taylorotwell
Copy link
Copy Markdown
Member

taylorotwell commented Apr 1, 2022

Thanks!

@GrahamCampbell GrahamCampbell changed the title Ignore empty redis username string in PhpRedisConnector [9.x] Ignore empty redis username string in PhpRedisConnector Apr 1, 2022
@krzysztofrewak krzysztofrewak mentioned this pull request Apr 4, 2022
Closed
@dwightwatson
Copy link
Copy Markdown
Contributor

dwightwatson commented Apr 6, 2022

@seanmtaylor did this fix the issue for you? I just upgraded to v9.7.0 which appears to have this fix but I'm still getting a NOAUTH error on Heroku.

Dropping back to 9.5.1 where this issue wasn't present.

@dwightwatson
Copy link
Copy Markdown
Contributor

dwightwatson commented Apr 6, 2022
edited
Loading

If it's worth noting - I have 2 Redis instances connected to my Laravel app on Heroku. One has no username like above, and the other has the username h. No idea why - perhaps Heroku changed the auth scheme at some point.

However, it worked fine on 9.5.1 and not beyond.

Edit: for anyone else who runs across this - Heroku removed the h username by default for new Redis instances. I resolved this problem by replacing my Redis instances that still used the h username with new ones that had a blank username. Annoying, but I am now able to upgrade past Laravel 9.5.1.

@seanmtaylor seanmtaylor deleted the redis-empty-username branch April 6, 2022 12:38
@seanmtaylor
Copy link
Copy Markdown
Contributor Author

seanmtaylor commented Apr 7, 2022

@seanmtaylor did this fix the issue for you? I just upgraded to v9.7.0 which appears to have this fix but I'm still getting a NOAUTH error on Heroku.

Dropping back to 9.5.1 where this issue wasn't present.

Yeah it has sorted it for me @dwightwatson

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@seanmtaylor @taylorotwell @dwightwatson