Merge pull request #1503 from RedisInsight/feature/RI-3574_set_password_recommendation

#RI-3574 - add set password recommendation

Author: vlad-dargel

redisinsight/api/src/__mocks__/errors.ts

@@ -6,6 +6,12 @@ export const mockRedisNoAuthError: ReplyError = {
   message: 'NOAUTH authentication is required',
 };
 
+export const mockRedisNoPasswordError: ReplyError = {
+  name: 'ReplyError',
+  command: 'AUTH',
+  message: 'ERR Client sent AUTH, but no password is set',
+};
+
 export const mockRedisNoPermError: ReplyError = {
   name: 'ReplyError',
   command: 'GET',

redisinsight/api/src/constants/recommendations.ts

@@ -12,4 +12,5 @@ export const RECOMMENDATION_NAMES = Object.freeze({
   COMPRESS_HASH_FIELD_NAMES: 'compressHashFieldNames',
   COMPRESSION_FOR_LIST: 'compressionForList',
   ZSET_HASHTABLE_TO_ZIPLIST: 'zSetHashtableToZiplist',
+  SET_PASSWORD: 'setPassword',
 });

redisinsight/api/src/modules/recommendation/providers/recommendation.provider.spec.ts

@@ -1,6 +1,7 @@
 import IORedis from 'ioredis';
 import { when } from 'jest-when';
 import { RECOMMENDATION_NAMES } from 'src/constants';
+import { mockRedisNoAuthError, mockRedisNoPasswordError } from 'src/__mocks__';
 import { RecommendationProvider } from 'src/modules/recommendation/providers/recommendation.provider';
 
 const nodeClient = Object.create(IORedis.prototype);
@@ -21,6 +22,16 @@ const mockRedisConfigResponse = ['name', '512'];
 const mockRedisClientsResponse_1: string = '# Clients\r\nconnected_clients:100\r\n';
 const mockRedisClientsResponse_2: string = '# Clients\r\nconnected_clients:101\r\n';
 
+const mockRedisAclListResponse_1: string[] = [
+  'user <pass off resetchannels -@all',
+  'user default on #d74ff0ee8da3b9806b18c877dbf29bbde50b5bd8e4dad7a3a725000feb82e8f1 ~* &* +@all',
+];
+
+const mockRedisAclListResponse_2: string[] = [
+  ...mockRedisAclListResponse_1,
+  'user test_2 on nopass ~* &* +@all',
+];
+
 const mockKeys = [
   {
     name: Buffer.from('name'), type: 'string', length: 10, memory: 10, ttl: -1,
@@ -389,4 +400,59 @@ describe('RecommendationProvider', () => {
         expect(connectionClientsRecommendation).toEqual(null);
       });
   });
+
+  describe('determineSetPasswordRecommendation', () => {
+    it('should not return setPassword recommendation', async () => {
+      when(nodeClient.sendCommand)
+        .calledWith(jasmine.objectContaining({ name: 'acl' }))
+        .mockResolvedValue(mockRedisAclListResponse_1);
+
+      const setPasswordRecommendation = await service
+        .determineSetPasswordRecommendation(nodeClient);
+      expect(setPasswordRecommendation).toEqual(null);
+    });
+
+    it('should return setPassword recommendation', async () => {
+      when(nodeClient.sendCommand)
+        .calledWith(jasmine.objectContaining({ name: 'acl' }))
+        .mockResolvedValue(mockRedisAclListResponse_2);
+
+      const setPasswordRecommendation = await service
+        .determineSetPasswordRecommendation(nodeClient);
+      expect(setPasswordRecommendation).toEqual({ name: RECOMMENDATION_NAMES.SET_PASSWORD });
+    });
+
+    it('should not return setPassword recommendation when acl command executed with error',
+      async () => {
+        when(nodeClient.sendCommand)
+          .calledWith(jasmine.objectContaining({ name: 'acl' }))
+          .mockRejectedValue('some error');
+
+        const setPasswordRecommendation = await service
+          .determineSetPasswordRecommendation(nodeClient);
+        expect(setPasswordRecommendation).toEqual(null);
+      });
+
+    it('should not return setPassword recommendation when acl command executed with error',
+      async () => {
+        when(nodeClient.sendCommand)
+          .calledWith(jasmine.objectContaining({ name: 'auth' }))
+          .mockRejectedValue(mockRedisNoAuthError);
+
+        const setPasswordRecommendation = await service
+          .determineSetPasswordRecommendation(nodeClient);
+        expect(setPasswordRecommendation).toEqual(null);
+      });
+
+    it('should return setPassword recommendation when acl command executed with no password error',
+      async () => {
+        when(nodeClient.sendCommand)
+          .calledWith(jasmine.objectContaining({ name: 'auth' }))
+          .mockRejectedValue(mockRedisNoPasswordError);
+
+        const setPasswordRecommendation = await service
+          .determineSetPasswordRecommendation(nodeClient);
+        expect(setPasswordRecommendation).toEqual({ name: RECOMMENDATION_NAMES.SET_PASSWORD });
+      });
+  });
 });

redisinsight/api/src/modules/recommendation/providers/recommendation.provider.ts

@@ -280,4 +280,43 @@ export class RecommendationProvider {
       return null;
     }
   }
+
+  /**
+ * Check set password recommendation
+ * @param redisClient
+ */
+
+  async determineSetPasswordRecommendation(
+    redisClient: Redis | Cluster,
+  ): Promise<Recommendation> {
+    if (await this.checkAuth(redisClient)) {
+      return { name: RECOMMENDATION_NAMES.SET_PASSWORD };
+    }
+
+    try {
+      const users = await redisClient.sendCommand(
+        new Command('acl', ['list'], { replyEncoding: 'utf8' }),
+      ) as string[];
+
+      const nopassUser = users.some((user) => user.split(' ')[3] === 'nopass');
+
+      return nopassUser ? { name: RECOMMENDATION_NAMES.SET_PASSWORD } : null;
+    } catch (err) {
+      this.logger.error('Can not determine set password recommendation', err);
+      return null;
+    }
+  }
+
+  private async checkAuth(redisClient: Redis | Cluster): Promise<boolean> {
+    try {
+      await redisClient.sendCommand(
+        new Command('auth', ['pass']),
+      );
+    } catch (err) {
+      if (err.message.includes('Client sent AUTH, but no password is set')) {
+        return true;
+      }
+    }
+    return false;
+  }
 }

redisinsight/api/src/modules/recommendation/recommendation.service.ts

@@ -48,6 +48,7 @@ export class RecommendationService {
         await this.recommendationProvider.determineZSetHashtableToZiplistRecommendation(client, keys),
         await this.recommendationProvider.determineBigSetsRecommendation(keys),
         await this.recommendationProvider.determineConnectionClientsRecommendation(client),
+        await this.recommendationProvider.determineSetPasswordRecommendation(client),
       ]));
   }
 }

redisinsight/api/test/api/database-analysis/POST-databases-id-analysis.test.ts

@@ -156,6 +156,59 @@ describe('POST /databases/:instanceId/analysis', () => {
       await rte.data.truncate();
     });
 
+    describe('useSmallerKeys recommendation', () => {
+      // generate 1M keys take a lot of time
+      requirements('!rte.type=CLUSTER');
+  
+      [
+        {
+          name: 'Should create new database analysis with useSmallerKeys recommendation',
+          data: {
+            delimiter: '-',
+          },
+          statusCode: 201,
+          responseSchema,
+          before: async () => {
+            await rte.data.truncate();
+            const KEYS_NUMBER = 1_000_006;
+            await rte.data.generateNKeys(KEYS_NUMBER, false);
+          },
+          checkFn: async ({ body }) => {
+            expect(body.recommendations).to.include.deep.members([
+              constants.TEST_SMALLER_KEYS_DATABASE_ANALYSIS_RECOMMENDATION,
+              constants.TEST_COMBINE_SMALL_STRING_TO_HASHES_RECOMMENDATION,
+            ]);
+          },
+          after: async () => {
+            expect(await repository.count()).to.eq(5);
+          }
+        },
+      ].map(mainCheckFn);
+    });
+
+
+    describe('setPassword recommendation', () => {
+      requirements('!rte.pass');
+      [
+        {
+          name: 'Should create new database analysis with useSmallerKeys recommendation',
+          data: {
+            delimiter: '-',
+          },
+          statusCode: 201,
+          responseSchema,
+          checkFn: async ({ body }) => {
+            expect(body.recommendations).to.include.deep.members([
+              constants.TEST_SET_PASSWORD_RECOMMENDATION,
+            ]);
+          },
+          after: async () => {
+            expect(await repository.count()).to.eq(5);
+          }
+        },
+      ].map(mainCheckFn);
+    });
+
     [
       {
         name: 'Should create new database analysis with bigHashes recommendation',
@@ -169,7 +222,7 @@ describe('POST /databases/:instanceId/analysis', () => {
           await rte.data.generateHugeNumberOfFieldsForHashKey(NUMBERS_OF_HASH_FIELDS, true);
         },
         checkFn: async ({ body }) => {
-          expect(body.recommendations).to.deep.eq([
+          expect(body.recommendations).to.include.deep.members([
             constants.TEST_BIG_HASHES_DATABASE_ANALYSIS_RECOMMENDATION,
             constants.TEST_HASH_HASHTABLE_TO_ZIPLIST_RECOMMENDATION,
             constants.TEST_COMPRESS_HASH_FIELD_NAMES_RECOMMENDATION,
@@ -191,7 +244,9 @@ describe('POST /databases/:instanceId/analysis', () => {
           await rte.data.generateHugeNumberOfMembersForSetKey(NUMBERS_OF_SET_MEMBERS, true);
         },
         checkFn: async ({ body }) => {
-          expect(body.recommendations).to.deep.eq([constants.TEST_INCREASE_SET_MAX_INTSET_ENTRIES_RECOMMENDATION]);
+          expect(body.recommendations).to.include.deep.members([
+            constants.TEST_INCREASE_SET_MAX_INTSET_ENTRIES_RECOMMENDATION,
+          ]);
         },
         after: async () => {
           expect(await repository.count()).to.eq(5);
@@ -208,7 +263,9 @@ describe('POST /databases/:instanceId/analysis', () => {
           await rte.data.generateStrings(true);
         },
         checkFn: async ({ body }) => {
-          expect(body.recommendations).to.deep.eq([constants.TEST_COMBINE_SMALL_STRING_TO_HASHES_RECOMMENDATION]);
+          expect(body.recommendations).to.include.deep.members([
+            constants.TEST_COMBINE_SMALL_STRING_TO_HASHES_RECOMMENDATION,
+          ]);
         },
         after: async () => {
           expect(await repository.count()).to.eq(5);
@@ -226,7 +283,7 @@ describe('POST /databases/:instanceId/analysis', () => {
           await rte.data.generateHugeNumberOfFieldsForHashKey(NUMBERS_OF_HASH_FIELDS, true);
         },
         checkFn: async ({ body }) => {
-          expect(body.recommendations).to.deep.eq([
+          expect(body.recommendations).to.include.deep.members([
             constants.TEST_HASH_HASHTABLE_TO_ZIPLIST_RECOMMENDATION,
           ]);
         },
@@ -246,7 +303,7 @@ describe('POST /databases/:instanceId/analysis', () => {
           await rte.data.generateHugeNumberOfFieldsForHashKey(NUMBERS_OF_HASH_FIELDS, true);
         },
         checkFn: async ({ body }) => {
-          expect(body.recommendations).to.deep.eq([
+          expect(body.recommendations).to.include.deep.members([
             constants.TEST_HASH_HASHTABLE_TO_ZIPLIST_RECOMMENDATION,
             constants.TEST_COMPRESS_HASH_FIELD_NAMES_RECOMMENDATION,
           ]);
@@ -267,7 +324,7 @@ describe('POST /databases/:instanceId/analysis', () => {
           await rte.data.generateHugeElementsForListKey(NUMBERS_OF_LIST_ELEMENTS, true);
         },
         checkFn: async ({ body }) => {
-          expect(body.recommendations).to.deep.eq([
+          expect(body.recommendations).to.include.deep.members([
             constants.TEST_COMPRESSION_FOR_LIST_RECOMMENDATION,
           ]);
         },
@@ -289,7 +346,9 @@ describe('POST /databases/:instanceId/analysis', () => {
           await rte.data.sendCommand('set', [constants.TEST_STRING_KEY_1, bigStringValue]);
         },
         checkFn: async ({ body }) => {
-          expect(body.recommendations).to.deep.eq([constants.TEST_BIG_STRINGS_RECOMMENDATION]);
+          expect(body.recommendations).to.include.deep.members([
+            constants.TEST_BIG_STRINGS_RECOMMENDATION,
+          ]);
         },
         after: async () => {
           expect(await repository.count()).to.eq(5);
@@ -307,7 +366,7 @@ describe('POST /databases/:instanceId/analysis', () => {
           await rte.data.generateHugeMembersForSortedListKey(NUMBERS_OF_ZSET_MEMBERS, true);
         },
         checkFn: async ({ body }) => {
-          expect(body.recommendations).to.deep.eq([
+          expect(body.recommendations).to.include.deep.members([
             constants.TEST_ZSET_HASHTABLE_TO_ZIPLIST_RECOMMENDATION,
           ]);
         },
@@ -327,7 +386,7 @@ describe('POST /databases/:instanceId/analysis', () => {
           await rte.data.generateHugeNumberOfMembersForSetKey(NUMBERS_OF_SET_MEMBERS, true);
         },
         checkFn: async ({ body }) => {
-          expect(body.recommendations).to.deep.eq([
+          expect(body.recommendations).to.include.deep.members([
             // by default max_intset_entries = 512
             constants.TEST_INCREASE_SET_MAX_INTSET_ENTRIES_RECOMMENDATION,
             constants.TEST_BIG_SETS_RECOMMENDATION,
@@ -348,43 +407,15 @@ describe('POST /databases/:instanceId/analysis', () => {
           await rte.data.generateNCachedScripts(11, true);
         },
         checkFn: async ({ body }) => {
-          expect(body.recommendations).to.deep.eq([constants.TEST_LUA_DATABASE_ANALYSIS_RECOMMENDATION]);
+          expect(body.recommendations).to.include.deep.members([
+            constants.TEST_LUA_DATABASE_ANALYSIS_RECOMMENDATION,
+          ]);
         },
         after: async () => {
           await rte.data.sendCommand('script', ['flush']);
           expect(await repository.count()).to.eq(5);
         }
       },
     ].map(mainCheckFn);
-
-    describe('useSmallerKeys recommendation', () => {
-      // generate 1M keys take a lot of time
-      requirements('!rte.type=CLUSTER');
-  
-      [
-        {
-          name: 'Should create new database analysis with useSmallerKeys recommendation',
-          data: {
-            delimiter: '-',
-          },
-          statusCode: 201,
-          responseSchema,
-          before: async () => {
-            await rte.data.truncate();
-            const KEYS_NUMBER = 1_000_006;
-            await rte.data.generateNKeys(KEYS_NUMBER, false);
-          },
-          checkFn: async ({ body }) => {
-            expect(body.recommendations).to.deep.eq([
-              constants.TEST_SMALLER_KEYS_DATABASE_ANALYSIS_RECOMMENDATION,
-              constants.TEST_COMBINE_SMALL_STRING_TO_HASHES_RECOMMENDATION,
-            ]);
-          },
-          after: async () => {
-            expect(await repository.count()).to.eq(5);
-          }
-        },
-      ].map(mainCheckFn);
-    });
   });
 });

redisinsight/api/test/helpers/constants.ts

@@ -488,5 +488,9 @@ export const constants = {
     name: RECOMMENDATION_NAMES.BIG_SETS,
   },
 
+  TEST_SET_PASSWORD_RECOMMENDATION: {
+    name: RECOMMENDATION_NAMES.SET_PASSWORD,
+  },
+
   // etc...
 }

redisinsight/ui/src/constants/dbAnalysisRecommendations.json

@@ -434,5 +434,38 @@
       }
     ],
     "badges": ["code_changes"]
+  },
+  "setPassword": {
+    "id": "setPassword",
+    "title":"Set the password",
+    "content": [
+      {
+        "id": "1",
+        "type": "span",
+        "value": "Protect your database by setting a password and using the "
+      },
+      {
+        "id": "2",
+        "type": "link",
+        "value": {
+          "href": "https://redis.io/commands/auth/",
+          "name": "AUTH"
+        }
+      },
+      {
+        "id": "3",
+        "type": "span",
+        "value": " command to authenticate the connection. "
+      },
+      {
+        "id": "4",
+        "type": "link",
+        "value": {
+          "href": "https://redis.io/docs/management/security/",
+          "name": "Read more"
+        }
+      }
+    ],
+    "badges": ["configuration_changes"]
   }
 }