From 9701c3f7a1148635a97bdbeb0328ffd75b22c3b6 Mon Sep 17 00:00:00 2001
From: Ilya Averyanov <av@rubybox.dev>
Date: Tue, 13 Jun 2023 16:20:24 +0200
Subject: [PATCH] fix(redis): validate database number

---
 .../test/emqx_authn_redis_SUITE.erl           | 22 ++++++++++++++-----
 apps/emqx_redis/src/emqx_redis.erl            |  2 +-
 changes/ce/fix-11039.en.md                    |  1 +
 3 files changed, 18 insertions(+), 7 deletions(-)
 create mode 100644 changes/ce/fix-11039.en.md

diff --git a/apps/emqx_authn/test/emqx_authn_redis_SUITE.erl b/apps/emqx_authn/test/emqx_authn_redis_SUITE.erl
index 581055755..31602ecec 100644
--- a/apps/emqx_authn/test/emqx_authn_redis_SUITE.erl
+++ b/apps/emqx_authn/test/emqx_authn_redis_SUITE.erl
@@ -157,22 +157,32 @@ t_create_with_config_values_wont_work(_Config) ->
     ).
 
 t_create_invalid_config(_Config) ->
-    Config0 = raw_redis_auth_config(),
-    Config = maps:without([<<"server">>], Config0),
+    BaseAuthConfig = raw_redis_auth_config(),
+
+    test_create_invalid_config(
+        maps:without([<<"server">>], BaseAuthConfig),
+        "authentication.1.server"
+    ),
+    test_create_invalid_config(
+        BaseAuthConfig#{<<"database">> => <<"-1">>},
+        "authentication.1.database"
+    ).
+
+test_create_invalid_config(InvalidAuthConfig, Path) ->
     ?assertMatch(
         {error, #{
             kind := validation_error,
             matched_type := "authn:redis_single",
-            path := "authentication.1.server",
-            reason := required_field
+            path := Path
         }},
-        emqx:update_config(?PATH, {create_authenticator, ?GLOBAL, Config})
+        emqx:update_config(?PATH, {create_authenticator, ?GLOBAL, InvalidAuthConfig})
     ),
     ?assertMatch([], emqx_config:get_raw([authentication])),
     ?assertEqual(
         {error, {not_found, {chain, ?GLOBAL}}},
         emqx_authentication:list_authenticators(?GLOBAL)
-    ).
+    ),
+    ok.
 
 t_authenticate(_Config) ->
     ok = lists:foreach(
diff --git a/apps/emqx_redis/src/emqx_redis.erl b/apps/emqx_redis/src/emqx_redis.erl
index bbcf79a16..ef89c3931 100644
--- a/apps/emqx_redis/src/emqx_redis.erl
+++ b/apps/emqx_redis/src/emqx_redis.erl
@@ -294,7 +294,7 @@ redis_fields() ->
         {pool_size, fun emqx_connector_schema_lib:pool_size/1},
         {password, fun emqx_connector_schema_lib:password/1},
         {database, #{
-            type => integer(),
+            type => non_neg_integer(),
             default => 0,
             desc => ?DESC("database")
         }},
diff --git a/changes/ce/fix-11039.en.md b/changes/ce/fix-11039.en.md
new file mode 100644
index 000000000..f986368ff
--- /dev/null
+++ b/changes/ce/fix-11039.en.md
@@ -0,0 +1 @@
+Fixed database number validation for Redis connector. Previously negative numbers were accepted as valid database numbers.