Add authentication with username and password for phpredis RedisCluster (#733)

Dodenis · web-flow · commit 4e26a722e6b8 · 2025-03-16T22:15:49.000+01:00
* Add phpredis cluster auth with username and password to work with ACL system

* Add unit test for RedisCluster ACL
diff --git a/.github/workflows/redis-configs/redis-node1/redis.conf b/.github/workflows/redis-configs/redis-node1/redis.conf
@@ -4,4 +4,5 @@ cluster-config-file nodes.conf
 appendonly no
 save ""
 bind 0.0.0.0
-protected-mode no
+protected-mode no
+user snc_redis on +@all ~* >snc_password
diff --git a/.github/workflows/redis-configs/redis-node2/redis.conf b/.github/workflows/redis-configs/redis-node2/redis.conf
@@ -4,4 +4,5 @@ cluster-config-file nodes.conf
 appendonly no
 save ""
 bind 0.0.0.0
-protected-mode no
+protected-mode no
+user snc_redis on +@all ~* >snc_password
diff --git a/.github/workflows/redis-configs/redis-node3/redis.conf b/.github/workflows/redis-configs/redis-node3/redis.conf
@@ -4,4 +4,5 @@ cluster-config-file nodes.conf
 appendonly no
 save ""
 bind 0.0.0.0
-protected-mode no
+protected-mode no
+user snc_redis on +@all ~* >snc_password
diff --git a/.github/workflows/redis-configs/redis-node4/redis.conf b/.github/workflows/redis-configs/redis-node4/redis.conf
@@ -4,4 +4,5 @@ cluster-config-file nodes.conf
 appendonly no
 save ""
 bind 0.0.0.0
-protected-mode no
+protected-mode no
+user snc_redis on +@all ~* >snc_password
diff --git a/.github/workflows/redis-configs/redis-node5/redis.conf b/.github/workflows/redis-configs/redis-node5/redis.conf
@@ -4,4 +4,5 @@ cluster-config-file nodes.conf
 appendonly no
 save ""
 bind 0.0.0.0
-protected-mode no
+protected-mode no
+user snc_redis on +@all ~* >snc_password
diff --git a/.github/workflows/redis-configs/redis-node6/redis.conf b/.github/workflows/redis-configs/redis-node6/redis.conf
@@ -4,4 +4,5 @@ cluster-config-file nodes.conf
 appendonly no
 save ""
 bind 0.0.0.0
-protected-mode no
+protected-mode no
+user snc_redis on +@all ~* >snc_password
diff --git a/docs/README.md b/docs/README.md
@@ -169,6 +169,7 @@ snc_redis:
                 
 ```
 
+It also works for the Phpredis Cluster mode.
 
 ### Sessions ###
 
diff --git a/src/Factory/PhpredisClientFactory.php b/src/Factory/PhpredisClientFactory.php
@@ -187,13 +187,36 @@ public function __construct(string $dsn, string $host, int $port)
      */
     private function createClusterClient(array $dsns, string $class, string $alias, array $options, bool $loggingEnabled): RedisCluster
     {
+        $auth     = $options['parameters']['password'] ?? null;
+        $username = $options['parameters']['username'] ?? null;
+        if ($username !== null && $auth !== null) {
+            $auth = [$username, $auth];
+        }
+
+        if ($auth === null) {
+            $uniqueAuth = null;
+            foreach ($dsns as $index => $dsn) {
+                $uniqueAuth = $dsn->getPassword();
+                $username   = $dsn->getUsername();
+                if ($username !== null && $uniqueAuth !== null) {
+                    $uniqueAuth = [$username, $uniqueAuth];
+                }
+
+                if ($index > 0 && $auth !== $uniqueAuth) {
+                    throw new InvalidConfigurationException('DSNs cannot have different authentication for RedisCluster.');
+                }
+
+                $auth = $uniqueAuth;
+            }
+        }
+
         $client = new $class(
             null,
             array_map(static fn (RedisDsn $dsn) => ($dsn->getTls() ? 'tls://' : '') . $dsn->getHost() . ':' . $dsn->getPort(), $dsns),
             $options['connection_timeout'],
             $options['read_write_timeout'] ?? 0,
             (bool) $options['connection_persistent'],
-            $options['parameters']['password'] ?? null,
+            $auth,
         );
 
         if (isset($options['prefix'])) {
diff --git a/tests/Factory/PhpredisClientFactoryTest.php b/tests/Factory/PhpredisClientFactoryTest.php
@@ -105,6 +105,34 @@ public function testCreateMinimalClusterConfig(): void
         $this->assertSame(0, $client->getOption(RedisCluster::OPT_SLAVE_FAILOVER));
     }
 
+    public function testCreateMinimalClusterConfigWithAcl(): void
+    {
+        $this->logger->expects($this->never())->method('debug');
+        $factory = new PhpredisClientFactory(new RedisCallInterceptor($this->redisLogger));
+
+        $client = $factory->create(
+            RedisCluster::class,
+            ['redis://localhost:7079'],
+            [
+                'connection_timeout' => 5,
+                'connection_persistent' => false,
+                'parameters' => [
+                    'username' => 'snc_redis',
+                    'password' => 'snc_password',
+                ],
+            ],
+            'phprediscluster',
+            false,
+        );
+
+        $this->assertInstanceOf(RedisCluster::class, $client);
+        $this->assertNull($client->getOption(Redis::OPT_PREFIX));
+        $this->assertSame(0, $client->getOption(Redis::OPT_SERIALIZER));
+        $this->assertSame(0., $client->getOption(Redis::OPT_READ_TIMEOUT));
+        $this->assertSame(0, $client->getOption(Redis::OPT_SCAN));
+        $this->assertSame(0, $client->getOption(RedisCluster::OPT_SLAVE_FAILOVER));
+    }
+
     /**
      * @requires extension relay
      * @testWith ["RedisSentinel", "Redis", null, "sentinelauthdefaultpw"]

Original file line number	Diff line number	Diff line change
`@@ -169,6 +169,7 @@ snc_redis:`
`169`	`169`
`170`	`170`	```
`171`	`171`
	`172`	`+It also works for the Phpredis Cluster mode.`
`172`	`173`
`173`	`174`	`### Sessions ###`
`174`	`175`