Merge pull request #7187 from ddevsr/redis-tls

fix: [Session] `Redis` connect to protocol `TLS`

Author: samsonasik

system/Session/Handlers/RedisHandler.php

@@ -24,7 +24,8 @@
  */
 class RedisHandler extends BaseHandler
 {
-    private const DEFAULT_PORT = 6379;
+    private const DEFAULT_PORT     = 6379;
+    private const DEFAULT_PROTOCOL = 'tcp';
 
     /**
      * phpRedis instance
@@ -102,20 +103,21 @@ protected function setSavePath(): void
             throw SessionException::forEmptySavepath();
         }
 
-        if (preg_match('#(?:tcp://)?([^:?]+)(?:\:(\d+))?(\?.+)?#', $this->savePath, $matches)) {
-            if (! isset($matches[3])) {
-                $matches[3] = ''; // Just to avoid undefined index notices below
+        if (preg_match('#(?:(tcp|tls)://)?([^:?]+)(?:\:(\d+))?(\?.+)?#', $this->savePath, $matches)) {
+            if (! isset($matches[4])) {
+                $matches[4] = ''; // Just to avoid undefined index notices below
             }
 
             $this->savePath = [
-                'host'     => $matches[1],
-                'port'     => empty($matches[2]) ? self::DEFAULT_PORT : $matches[2],
-                'password' => preg_match('#auth=([^\s&]+)#', $matches[3], $match) ? $match[1] : null,
-                'database' => preg_match('#database=(\d+)#', $matches[3], $match) ? (int) $match[1] : 0,
-                'timeout'  => preg_match('#timeout=(\d+\.\d+|\d+)#', $matches[3], $match) ? (float) $match[1] : 0.0,
+                'protocol' => ! empty($matches[1]) ? $matches[1] : self::DEFAULT_PROTOCOL,
+                'host'     => $matches[2],
+                'port'     => empty($matches[3]) ? self::DEFAULT_PORT : $matches[3],
+                'password' => preg_match('#auth=([^\s&]+)#', $matches[4], $match) ? $match[1] : null,
+                'database' => preg_match('#database=(\d+)#', $matches[4], $match) ? (int) $match[1] : 0,
+                'timeout'  => preg_match('#timeout=(\d+\.\d+|\d+)#', $matches[4], $match) ? (float) $match[1] : 0.0,
             ];
 
-            preg_match('#prefix=([^\s&]+)#', $matches[3], $match) && $this->keyPrefix = $match[1];
+            preg_match('#prefix=([^\s&]+)#', $matches[4], $match) && $this->keyPrefix = $match[1];
         } else {
             throw SessionException::forInvalidSavePathFormat($this->savePath);
         }
@@ -135,7 +137,7 @@ public function open($path, $name): bool
 
         $redis = new Redis();
 
-        if (! $redis->connect($this->savePath['host'], ($this->savePath['host'][0] === '/' ? 0 : $this->savePath['port']), $this->savePath['timeout'])) {
+        if (! $redis->connect($this->savePath['protocol'] . '://' . $this->savePath['host'], ($this->savePath['host'][0] === '/' ? 0 : $this->savePath['port']), $this->savePath['timeout'])) {
             $this->logger->error('Session: Unable to connect to Redis with the configured settings.');
         } elseif (isset($this->savePath['password']) && ! $redis->auth($this->savePath['password'])) {
             $this->logger->error('Session: Unable to authenticate to Redis instance.');

tests/system/Session/Handlers/Database/RedisHandlerTest.php

@@ -54,6 +54,41 @@ protected function getInstance($options = [])
         return new RedisHandler(new AppConfig(), $this->userIpAddress);
     }
 
+    public function testSavePathWithoutProtocol()
+    {
+        $handler = $this->getInstance(
+            ['savePath' => '127.0.0.1:6379']
+        );
+
+        $savePath = $this->getPrivateProperty($handler, 'savePath');
+
+        $this->assertSame('tcp', $savePath['protocol']);
+    }
+
+    public function testSavePathTLSAuth()
+    {
+        $handler = $this->getInstance(
+            ['savePath' => 'tls://127.0.0.1:6379?auth=password']
+        );
+
+        $savePath = $this->getPrivateProperty($handler, 'savePath');
+
+        $this->assertSame('tls', $savePath['protocol']);
+        $this->assertSame('password', $savePath['password']);
+    }
+
+    public function testSavePathTCPAuth()
+    {
+        $handler = $this->getInstance(
+            ['savePath' => 'tcp://127.0.0.1:6379?auth=password']
+        );
+
+        $savePath = $this->getPrivateProperty($handler, 'savePath');
+
+        $this->assertSame('tcp', $savePath['protocol']);
+        $this->assertSame('password', $savePath['password']);
+    }
+
     public function testSavePathTimeoutFloat()
     {
         $handler = $this->getInstance(
@@ -82,6 +117,19 @@ public function testOpen()
         $this->assertTrue($handler->open($this->sessionSavePath, $this->sessionName));
     }
 
+    public function testOpenWithDefaultProtocol()
+    {
+        $default = $this->sessionSavePath;
+
+        $this->sessionSavePath = '127.0.0.1:6379';
+
+        $handler = $this->getInstance();
+        $this->assertTrue($handler->open($this->sessionSavePath, $this->sessionName));
+
+        // Rollback to default
+        $this->sessionSavePath = $default;
+    }
+
     public function testWrite()
     {
         $handler = $this->getInstance();

user_guide_src/source/changelogs/v4.3.2.rst

@@ -27,6 +27,8 @@ Deprecations
 Bugs Fixed
 **********
 
+* Fixed : ``Session`` Redis connect to protocol TLS
+
 See the repo's
 `CHANGELOG.md <https://github.com/codeigniter4/CodeIgniter4/blob/develop/CHANGELOG.md>`_
 for a complete list of bugs fixed.

user_guide_src/source/libraries/sessions.rst

@@ -613,7 +613,7 @@ RedisHandler Driver
 
 .. note:: Since Redis doesn't have a locking mechanism exposed, locks for
     this driver are emulated by a separate value that is kept for up
-    to 300 seconds.
+    to 300 seconds. With ``v4.3.2`` or above, You can connect ``Redis`` with **TLS** protocol.
 
 Redis is a storage engine typically used for caching and popular because
 of its high performance, which is also probably your reason to use the