Merge pull request #3659 from nats-io/no_auth_user

If no_auth_user is set, clear auth required from server info to client.

server/auth.go

@@ -1,4 +1,4 @@
-// Copyright 2012-2019 The NATS Authors
+// Copyright 2012-2022 The NATS Authors
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at

server/client_test.go

@@ -1,4 +1,4 @@
-// Copyright 2012-2020 The NATS Authors
+// Copyright 2012-2022 The NATS Authors
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
@@ -2583,3 +2583,25 @@ func TestClientDenySysGroupSub(t *testing.T) {
 	require_Error(t, err)
 	require_Contains(t, err.Error(), "Permissions Violation")
 }
+
+func TestClientAuthRequiredNoAuthUser(t *testing.T) {
+	conf := createConfFile(t, []byte(`
+		listen: 127.0.0.1:-1
+		accounts: {
+			A: { users: [ { user: user, password: pass } ] }
+		}
+		no_auth_user: user
+	`))
+	defer removeFile(t, conf)
+
+	s, _ := RunServerWithConfig(conf)
+	defer s.Shutdown()
+
+	nc, err := nats.Connect(s.ClientURL())
+	require_NoError(t, err)
+	defer nc.Close()
+
+	if nc.AuthRequired() {
+		t.Fatalf("Expected AuthRequired to be false due to 'no_auth_user'")
+	}
+}

server/server.go

@@ -2524,6 +2524,12 @@ func (s *Server) createClient(conn net.Conn) *client {
 	c.nonce = []byte(info.Nonce)
 	authRequired = info.AuthRequired
 
+	// Check to see if we have auth_required set but we also have a no_auth_user.
+	// If so set back to false.
+	if info.AuthRequired && opts.NoAuthUser != _EMPTY_ {
+		info.AuthRequired = false
+	}
+
 	s.totalClients++
 	s.mu.Unlock()