Redis [BUG] User parsing in redis-cli URI should ignore empty string

Describe the bug

User parsing #8048 the redis URI will always set config.user even in the case of '' empty string.

https://github.com/redis/redis/blob/74fe15b3602ed7c003b5c53e45e31f7aa6d4a86f/src/redis-cli.c#L423-L432

To reproduce

Given the redis URI following the standard format:

redis://:<password>@<host>:<port>

The user will be parsed as '' empty string. Failing to AUTH as the default user.

Expected behavior

The same behavior as the redis URI:

redis://<password>@<host>:<port>

Which will correctly AUTH as the default user.

Comment From: huangzhw

@beornf I test for now "" is a valid user.

Comment From: beornf

I see that "" may be a valid user however you could still invoke redis-cli with --user "". In Redis client libraries (javascript, python, go etc.) that do URL parsing I've seen that user is parsed as "" by default and hence is not used in AUTH. The URI spec states that redis://<password>@<host>:<port> should be treated as user <password> and password "" . The standard URI format for userinfo is <user>:<password> see https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.1.

Comment From: huangzhw

But in redis:

 *   scheme:    "redis://"
 *   authority: [[<username> ":"] <password> "@"] [<hostname> [":" <port>]]
 *   path:      ["/" [<db>]]

I think the major reason is at first redis only had password. So username is optional.

Comment From: beornf

I'm currently using redis://:<password>@<host>:<post> and that works with clients that ignore empty usernames. In redis-cli prior to version 6.2 the username isn't parsed so this URI was compatible with the default user. I can connect explicitly with -a <password> -h <hostname> -p <port> just thought the URI connect string is more convenient.

Comment From: huangzhw

So your problem is redis://:<password>@<host>:<post> works for 6.0 not 6.2. But we can't treat "" as default user, as "" is valid user. You can use redis://default:<password>@<host>:<post>. I'm not sure whether treat "" as default is valid.

Comment From: beornf

In that case and I guess I'd open as a different feature request would it be possible to change the name of the default user similar to requirepass configuration option. I know I can probably just set some acl options and turn off the default user.

Comment From: enjoy-binbin

closing, see #12746