Describe the bug
I'm developing an authentication module that takes advantage of the authentication module features to block the client during authentication.
When the server is configured for cluster mode and the cluster is down, such as when it is first being created, any client that attempts to login gets the message "AUTH failed: CLUSTERDOWN The cluster is down". My code is authenticating the user with RedisModule_AuthenticateClientWithACLUser and returning REDISMODULE_AUTH_HANDLED in the same way that the test code under test/modules/auth.c is doing.
To reproduce
The blocking auth example in tests/modules/auth.c blocking_auth_cb should be enough to reproduce on a single node that is configured with "cluster-enabled yes"
Expected behavior
A client blocked for auth module authentication should be able to login even if the cluster is down.
Additional information
In the 7.2 code, I believe the fix is to exclude clients that are blocked from module authentication in cluster.c -> clusterRedirectBlockedClientIfNeeded
int clusterRedirectBlockedClientIfNeeded(client c) { if (c->flags & CLIENT_BLOCKED && (c->bstate.btype == BLOCKED_LIST || c->bstate.btype == BLOCKED_ZSET || c->bstate.btype == BLOCKED_STREAM || c->bstate.btype == BLOCKED_MODULE) && !clientHasModuleAuthInProgress(c)*) {
Comment From: jdork0
Attached is the minimal code from tests/modules/auth.c to create a module to expose the problem. auth.c.gz
redis.conf file:
loadmodule auth.so
cluster-enabled yes
cluster-config-file cluster.nodes.conf
user foo on ~* +@all
user default off
Steps to re-create:
- Compile the module with
gcc -shared auth.c -o auth.so - Start redis the attached config file
- login with the user
foo, passwordblocking.
$ redis-cli --user foo --pass blocking
Warning: Using a password with '-a' or '-u' option on the command line interface may not be safe.
AUTH failed: CLUSTERDOWN The cluster is down