Implement AUTH. Closes #58

This change makes password authentication required for redis usage, and removes anonymous access. Users will need to change their underlying clients to enable writing the auth token for authenticating, otherwise requests will fail. This is a non-optional change, and improves security for users who wish to expose their redis installations outside of their network.
2016-08-27 23:39:31 -04:00
parent 92c2957bfc
commit 919832ba2a
7 changed files with 35 additions and 18 deletions
--- a/tests/service_promote.bats
+++ b/tests/service_promote.bats
@@ -39,22 +39,25 @@ teardown() {
 }

@test "($PLUGIN_COMMAND_PREFIX:promote) changes REDIS_URL" {
-  dokku config:set my_app "REDIS_URL=redis://host:6379/db" "DOKKU_REDIS_BLUE_URL=redis://dokku-redis-l:6379"
+  password="$(cat "$PLUGIN_DATA_ROOT/l/PASSWORD")"
+  dokku config:set my_app "REDIS_URL=redis://u:p@host:6379/db" "DOKKU_REDIS_BLUE_URL=redis://l:$password@dokku-redis-l:6379"
  dokku "$PLUGIN_COMMAND_PREFIX:promote" l my_app
  url=$(dokku config:get my_app REDIS_URL)
-  assert_equal "$url" "redis://dokku-redis-l:6379"
+  assert_equal "$url" "redis://l:$password@dokku-redis-l:6379"
 }

@test "($PLUGIN_COMMAND_PREFIX:promote) creates new config url when needed" {
-  dokku config:set my_app "REDIS_URL=redis://host:6379/db" "DOKKU_REDIS_BLUE_URL=redis://dokku-redis-l:6379"
+  password="$(cat "$PLUGIN_DATA_ROOT/l/PASSWORD")"
+  dokku config:set my_app "REDIS_URL=redis://u:p@host:6379/db" "DOKKU_REDIS_BLUE_URL=redis://l:$password@dokku-redis-l:6379"
  dokku "$PLUGIN_COMMAND_PREFIX:promote" l my_app
  run dokku config my_app
  assert_contains "${lines[*]}" "DOKKU_REDIS_"
 }

@test "($PLUGIN_COMMAND_PREFIX:promote) uses REDIS_DATABASE_SCHEME variable" {
-  dokku config:set my_app "REDIS_DATABASE_SCHEME=redis2" "REDIS_URL=redis://u:p@host:6379" "DOKKU_REDIS_BLUE_URL=redis2://dokku-redis-l:6379"
+  password="$(cat "$PLUGIN_DATA_ROOT/l/PASSWORD")"
+  dokku config:set my_app "REDIS_DATABASE_SCHEME=redis2" "REDIS_URL=redis://u:p@host:6379" "DOKKU_REDIS_BLUE_URL=redis2://l:$password@dokku-redis-l:6379"
  dokku "$PLUGIN_COMMAND_PREFIX:promote" l my_app
  url=$(dokku config:get my_app REDIS_URL)
-  assert_equal "$url" "redis2://dokku-redis-l:6379"
+  assert_equal "$url" "redis2://l:$password@dokku-redis-l:6379"
 }