From 06bab2c4de0ad1e240792a58ceb611bc8fe9b79c Mon Sep 17 00:00:00 2001 From: Derek Collison Date: Mon, 21 Nov 2022 19:47:06 -0800 Subject: [PATCH] If no_auth_user is set, clear auth required for server info. Signed-off-by: Derek Collison --- server/auth.go | 2 +- server/client_test.go | 24 +++++++++++++++++++++++- server/server.go | 6 ++++++ 3 files changed, 30 insertions(+), 2 deletions(-) diff --git a/server/auth.go b/server/auth.go index fbadce75..c6d6e504 100644 --- a/server/auth.go +++ b/server/auth.go @@ -1,4 +1,4 @@ -// Copyright 2012-2019 The NATS Authors +// Copyright 2012-2022 The NATS Authors // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at diff --git a/server/client_test.go b/server/client_test.go index 5cf994ec..60c43a23 100644 --- a/server/client_test.go +++ b/server/client_test.go @@ -1,4 +1,4 @@ -// Copyright 2012-2020 The NATS Authors +// Copyright 2012-2022 The NATS Authors // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at @@ -2583,3 +2583,25 @@ func TestClientDenySysGroupSub(t *testing.T) { require_Error(t, err) require_Contains(t, err.Error(), "Permissions Violation") } + +func TestClientAuthRequiredNoAuthUser(t *testing.T) { + conf := createConfFile(t, []byte(` + listen: 127.0.0.1:-1 + accounts: { + A: { users: [ { user: user, password: pass } ] } + } + no_auth_user: user + `)) + defer removeFile(t, conf) + + s, _ := RunServerWithConfig(conf) + defer s.Shutdown() + + nc, err := nats.Connect(s.ClientURL()) + require_NoError(t, err) + defer nc.Close() + + if nc.AuthRequired() { + t.Fatalf("Expected AuthRequired to be false due to 'no_auth_user'") + } +} diff --git a/server/server.go b/server/server.go index 532dc3f9..358b9d8b 100644 --- a/server/server.go +++ b/server/server.go @@ -2524,6 +2524,12 @@ func (s *Server) createClient(conn net.Conn) *client { c.nonce = []byte(info.Nonce) authRequired = info.AuthRequired + // Check to see if we have auth_required set but we also have a no_auth_user. + // If so set back to false. + if info.AuthRequired && opts.NoAuthUser != _EMPTY_ { + info.AuthRequired = false + } + s.totalClients++ s.mu.Unlock()