From 061e3c264bd3a7b028b5d55b8ddd135cb4948475 Mon Sep 17 00:00:00 2001
From: firest <blankalupo@163.com>
Date: Fri, 9 Sep 2022 11:41:27 +0800
Subject: [PATCH 1/2] fix(authn_redis): fix that redis authn will deny the
 unknown users

---
 .../src/simple_authn/emqx_authn_redis.erl          |  4 ++--
 apps/emqx_authn/test/emqx_authn_redis_SUITE.erl    | 14 +++++++++++++-
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/apps/emqx_authn/src/simple_authn/emqx_authn_redis.erl b/apps/emqx_authn/src/simple_authn/emqx_authn_redis.erl
index 684d60e49..4cc00322f 100644
--- a/apps/emqx_authn/src/simple_authn/emqx_authn_redis.erl
+++ b/apps/emqx_authn/src/simple_authn/emqx_authn_redis.erl
@@ -149,8 +149,8 @@ authenticate(
                     of
                         ok ->
                             {ok, emqx_authn_utils:is_superuser(Selected)};
-                        {error, Reason} ->
-                            {error, Reason}
+                        {error, _Reason} ->
+                            ignore
                     end;
                 {error, Reason} ->
                     ?TRACE_AUTHN_PROVIDER(error, "redis_query_failed", #{
diff --git a/apps/emqx_authn/test/emqx_authn_redis_SUITE.erl b/apps/emqx_authn/test/emqx_authn_redis_SUITE.erl
index 889404c5e..f9ed8bcb1 100644
--- a/apps/emqx_authn/test/emqx_authn_redis_SUITE.erl
+++ b/apps/emqx_authn/test/emqx_authn_redis_SUITE.erl
@@ -173,6 +173,9 @@ test_user_auth(#{
         {create_authenticator, ?GLOBAL, AuthConfig}
     ),
 
+    {ok, [#{provider := emqx_authn_redis, state := State}]} =
+        emqx_authentication:list_authenticators(?GLOBAL),
+
     Credentials = Credentials0#{
         listener => 'tcp:default',
         protocol => mqtt
@@ -180,6 +183,15 @@ test_user_auth(#{
 
     ?assertEqual(Result, emqx_access_control:authenticate(Credentials)),
 
+    AuthnResult =
+        case Result of
+            {error, _} ->
+                ignore;
+            Any ->
+                Any
+        end,
+    ?assertEqual(AuthnResult, emqx_authn_redis:authenticate(Credentials, State)),
+
     emqx_authn_test_lib:delete_authenticators(
         [authentication],
         ?GLOBAL
@@ -466,7 +478,7 @@ user_seeds() ->
                 <<"cmd">> => <<"HMGET mqtt_user:${username} password_hash salt is_superuser">>,
                 <<"password_hash_algorithm">> => #{<<"name">> => <<"bcrypt">>}
             },
-            result => {error, bad_username_or_password}
+            result => {error, not_authorized}
         },
 
         #{

From 311fa5288f20fe04e3bf597af3b7f0a6bedb8b79 Mon Sep 17 00:00:00 2001
From: firest <blankalupo@163.com>
Date: Fri, 9 Sep 2022 15:31:50 +0800
Subject: [PATCH 2/2] chore: update CHANGES-5.0.md

---
 CHANGES-5.0.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGES-5.0.md b/CHANGES-5.0.md
index 9f86a8ca9..8f85047e2 100644
--- a/CHANGES-5.0.md
+++ b/CHANGES-5.0.md
@@ -9,6 +9,7 @@
 * Fix the extra / prefix when CoAP gateway parsing client topics. [#8658](https://github.com/emqx/emqx/pull/8658)
 * Speed up updating the configuration, When some nodes in the cluster are down. [#8857](https://github.com/emqx/emqx/pull/8857)
 * Fix that EMQX can't start when the retainer is disabled [#8911](https://github.com/emqx/emqx/pull/8911)
+* Fix that redis authn will deny the unknown users [#8934](https://github.com/emqx/emqx/pull/8934)
 
 ## Enhancements