Skip to content

Revise "Enforce authentication #nm2" #463

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Nov 9, 2025
Merged

Revise "Enforce authentication #nm2" #463

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 13 additions & 14 deletions stage_descriptions/auth-07-nm2.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,15 +1,16 @@
In this stage, you'll add support for enforcing authentication for the `default` user.

### Enforcing `default` user authentication
### Enforcing `default` User Authentication

By default, every new connection is automatically authenticated as the `default` user. This is because the `nopass` flag is set for the `default` user from the start. However, after clearing this flag (by setting a password for the `default` user), new connections are not automatically authenticated as the `default` user. Connections which have already been authenticated will remain authenticated.
When you create a new connection, it is automatically authenticated as the `default` user. This happens because the `nopass` flag is set for the `default` user from the start.

Example usage:
Once you set a password for the `default` user, new connections will no longer be automatically authenticated. However, any connections that were already authenticated will stay logged in.

For example:

```bash
# Client 1
$ redis-cli
> ACL SETUSER default >password
$ redis-cli ACL SETUSER default >password
OK

# This connection remains authenticated as the default user
Expand All @@ -18,11 +19,12 @@ OK

# Client 2
# This connection is not authenticated
$ redis-cli
> ACL WHOAMI
$ redis-cli ACL WHOAMI
(error) NOAUTH Authentication required.
```

When an unauthenticated connection tries to execute a command, return the simple error: `NOAUTH Authentication required.`

### Tests

The tester will execute your program like this:
Expand All @@ -31,7 +33,7 @@ The tester will execute your program like this:
$ ./your_program.sh
```

It'll then send commands to two different clients.
It will then send commands to two different clients:

```bash
# Client 1
Expand All @@ -51,9 +53,6 @@ $ redis-cli
(error) NOAUTH Authentication required.
```

The tester will validate the following:

1. The first client (Client 1) is still authenticated as the `default` user.

2. A second client (Client 2) receives a `NOAUTH` error when attempting to execute commands without authentication.
- This is because after we set the password for the `default` user, the `nopass` flag is also cleared. This disables auto-authentication of new users as the `default` user.
The tester will verify that:
- Client 1 can still execute commands and remains authenticated as the `default` user.
- Client 2 receives a `NOAUTH` error when trying to execute commands without authentication.
Loading