feat(Redis Node): Add option to disable TLS verification in Redis node (#19143)

Co-authored-by: Michael Kret <michael.k@radency.com>

packages/nodes-base/credentials/Redis.credentials.ts

@@ -2,11 +2,8 @@ import type { ICredentialType, INodeProperties } from 'n8n-workflow';
 
 export class Redis implements ICredentialType {
 	name = 'redis';
-
 	displayName = 'Redis';
-
 	documentationUrl = 'redis';
-
 	properties: INodeProperties[] = [
 		{
 			displayName: 'Password',
@@ -48,5 +45,18 @@ export class Redis implements ICredentialType {
 			type: 'boolean',
 			default: false,
 		},
+		{
+			displayName: 'Disable TLS Verification (insecure)',
+			name: 'disableTlsVerification',
+			type: 'boolean',
+			displayOptions: {
+				show: {
+					ssl: [true],
+				},
+			},
+			default: false,
+			description:
+				'Whether to disable TLS certificate verification. Enable this to use self-signed certificates. WARNING: This makes the connection less secure.',
+		},
 	];
 }

packages/nodes-base/nodes/Redis/Redis.node.ts

@@ -515,6 +515,8 @@ export class Redis implements INodeType {
 		const credentials = await this.getCredentials<RedisCredential>('redis');
 
 		const client = setupRedisClient(credentials);
+
+		try {
 			await client.connect();
 			await client.ping();
 
@@ -533,7 +535,6 @@ export class Redis implements INodeType {
 							},
 						});
 					} else {
-					await client.quit();
 						throw new NodeOperationError(this.getNode(), error);
 					}
 				}
@@ -650,12 +651,23 @@ export class Redis implements INodeType {
 							});
 							continue;
 						}
-					await client.quit();
 						throw new NodeOperationError(this.getNode(), error, { itemIndex });
 					}
 				}
 			}
-		await client.quit();
 			return [returnItems];
+		} finally {
+			// Ensure the Redis client is always closed to prevent leaked connections
+			try {
+				await client.quit();
+			} catch {
+				// If quit fails, forcefully disconnect
+				try {
+					await client.disconnect();
+				} catch {
+					// Ignore disconnect errors in cleanup
+				}
+			}
+		}
 	}
 }

packages/nodes-base/nodes/Redis/__tests__/Redis.node.test.ts

@@ -37,6 +37,8 @@ describe('Redis Node', () => {
 					host: 'redis.domain',
 					port: 1234,
 					tls: false,
+					connectTimeout: 10000,
+					reconnectStrategy: undefined,
 				},
 			});
 		});
@@ -54,6 +56,69 @@ describe('Redis Node', () => {
 					host: 'redis.domain',
 					port: 1234,
 					tls: true,
+					connectTimeout: 10000,
+					reconnectStrategy: undefined,
+				},
+			});
+		});
+
+		it('should configure TLS with verification disabled for self-signed certificates', () => {
+			setupRedisClient({
+				host: 'redis.domain',
+				port: 1234,
+				database: 0,
+				ssl: true,
+				disableTlsVerification: true,
+			});
+			expect(createClient).toHaveBeenCalledWith({
+				database: 0,
+				socket: {
+					host: 'redis.domain',
+					port: 1234,
+					tls: true,
+					rejectUnauthorized: false,
+					connectTimeout: 10000,
+					reconnectStrategy: undefined,
+				},
+			});
+		});
+
+		it('should not set rejectUnauthorized when TLS verification is enabled', () => {
+			setupRedisClient({
+				host: 'redis.domain',
+				port: 1234,
+				database: 0,
+				ssl: true,
+				disableTlsVerification: false,
+			});
+			expect(createClient).toHaveBeenCalledWith({
+				database: 0,
+				socket: {
+					host: 'redis.domain',
+					port: 1234,
+					tls: true,
+					connectTimeout: 10000,
+					reconnectStrategy: undefined,
+				},
+			});
+		});
+
+		it('should not set rejectUnauthorized when SSL is disabled', () => {
+			setupRedisClient({
+				host: 'redis.domain',
+				port: 1234,
+				database: 0,
+				ssl: false,
+				disableTlsVerification: true,
+			});
+			expect(createClient).toHaveBeenCalledWith({
+				database: 0,
+				socket: {
+					host: 'redis.domain',
+					port: 1234,
+					tls: false,
+					connectTimeout: 10000,
+					reconnectStrategy: undefined,
 				},
 			});
 		});
@@ -74,6 +139,33 @@ describe('Redis Node', () => {
 					host: 'redis.domain',
 					port: 1234,
 					tls: false,
+					connectTimeout: 10000,
+					reconnectStrategy: undefined,
+				},
+			});
+		});
+
+		it('should configure TLS with disabled verification and auth', () => {
+			setupRedisClient({
+				host: 'redis.domain',
+				port: 1234,
+				database: 0,
+				ssl: true,
+				disableTlsVerification: true,
+				user: 'test_user',
+				password: 'test_password',
+			});
+			expect(createClient).toHaveBeenCalledWith({
+				database: 0,
+				username: 'test_user',
+				password: 'test_password',
+				socket: {
+					host: 'redis.domain',
+					port: 1234,
+					tls: true,
+					rejectUnauthorized: false,
+					connectTimeout: 10000,
+					reconnectStrategy: undefined,
 				},
 			});
 		});
@@ -95,10 +187,14 @@ describe('Redis Node', () => {
 				host: 'localhost',
 				port: 6379,
 				tls: false,
+				connectTimeout: 10000,
+				reconnectStrategy: false,
 			},
 			database: 0,
 			username: 'username',
 			password: 'password',
+			disableOfflineQueue: true,
+			enableOfflineQueue: false,
 		};
 
 		it('should return success when connection is established', async () => {
@@ -126,6 +222,44 @@ describe('Redis Node', () => {
 			expect(mockClient.connect).toHaveBeenCalled();
 			expect(mockClient.ping).not.toHaveBeenCalled();
 		});
+
+		it('should return success when connection is established with disabled TLS verification', async () => {
+			const credentialsWithTls = mock<ICredentialsDecrypted>({
+				data: {
+					host: 'localhost',
+					port: 6379,
+					ssl: true,
+					disableTlsVerification: true,
+					user: 'username',
+					password: 'password',
+					database: 0,
+				},
+			});
+
+			const result = await redisConnectionTest.call(thisArg, credentialsWithTls);
+
+			expect(result).toEqual({
+				status: 'OK',
+				message: 'Connection successful!',
+			});
+			expect(createClient).toHaveBeenCalledWith({
+				socket: {
+					host: 'localhost',
+					port: 6379,
+					tls: true,
+					rejectUnauthorized: false,
+					connectTimeout: 10000,
+					reconnectStrategy: false,
+				},
+				database: 0,
+				username: 'username',
+				password: 'password',
+				disableOfflineQueue: true,
+				enableOfflineQueue: false,
+			});
+			expect(mockClient.connect).toHaveBeenCalled();
+			expect(mockClient.ping).toHaveBeenCalled();
+		});
 	});
 
 	describe('operations', () => {

packages/nodes-base/nodes/Redis/types.ts

@@ -6,6 +6,7 @@ export type RedisCredential = {
 	host: string;
 	port: number;
 	ssl?: boolean;
+	disableTlsVerification?: boolean;
 	database: number;
 	user?: string;
 	password?: string;

packages/nodes-base/nodes/Redis/utils.ts

@@ -10,16 +10,31 @@ import { createClient } from 'redis';
 
 import type { RedisCredential, RedisClient } from './types';
 
-export function setupRedisClient(credentials: RedisCredential): RedisClient {
+export function setupRedisClient(credentials: RedisCredential, isTest = false): RedisClient {
-	return createClient({
+	const socketConfig: any = {
-		socket: {
 		host: credentials.host,
 		port: credentials.port,
 		tls: credentials.ssl === true,
-		},
+		connectTimeout: 10000,
+		// Disable reconnection for tests to prevent hanging
+		reconnectStrategy: isTest ? false : undefined,
+	};
+
+	// If SSL is enabled and TLS verification should be disabled
+	if (credentials.ssl === true && credentials.disableTlsVerification === true) {
+		socketConfig.rejectUnauthorized = false;
+	}
+
+	return createClient({
+		socket: socketConfig,
 		database: credentials.database,
-		username: credentials.user || undefined,
+		username: credentials.user ?? undefined,
-		password: credentials.password || undefined,
+		password: credentials.password ?? undefined,
+		// Disable automatic error retry for tests
+		...(isTest && {
+			disableOfflineQueue: true,
+			enableOfflineQueue: false,
+		}),
 	});
 }
 
@@ -28,26 +43,68 @@ export async function redisConnectionTest(
 	credential: ICredentialsDecrypted,
 ): Promise<INodeCredentialTestResult> {
 	const credentials = credential.data as RedisCredential;
+	let client: RedisClient | undefined;
 
 	try {
-		const client = setupRedisClient(credentials);
+		client = setupRedisClient(credentials, true);
-		await client.connect();
+
+		// Add error event handler to catch connection errors
+		const errorPromise = new Promise<never>((_, reject) => {
+			client!.on('error', (err) => {
+				reject(err);
+			});
+		});
+
+		// Create a timeout promise
+		const timeoutPromise = new Promise<never>((_, reject) => {
+			setTimeout(() => {
+				reject(new Error('Connection timeout: Unable to connect to Redis server'));
+			}, 10000); // 10 seconds timeout
+		});
+
+		// Race between connecting and error/timeout
+		await Promise.race([client.connect(), errorPromise, timeoutPromise]);
+
 		await client.ping();
 		return {
 			status: 'OK',
 			message: 'Connection successful!',
 		};
 	} catch (error) {
+		// Handle specific error types for better user feedback
+		let errorMessage = error.message;
+		if (error.code === 'ECONNRESET') {
+			errorMessage =
+				'Connection reset: The Redis server rejected the connection. This often happens when trying to connect without SSL to an SSL-only server.';
+		} else if (error.code === 'ECONNREFUSED') {
+			errorMessage =
+				'Connection refused: Unable to connect to the Redis server. Please check the host and port.';
+		}
+
 		return {
 			status: 'Error',
-			message: error.message,
+			message: errorMessage,
 		};
+	} finally {
+		// Ensure the Redis client is always closed to prevent leaked connections
+		if (client) {
+			try {
+				await client.quit();
+			} catch {
+				// If quit fails, forcefully disconnect
+				try {
+					await client.disconnect();
+				} catch {
+					// Ignore disconnect errors in cleanup
+				}
+			}
+		}
 	}
 }
 
 /** Parses the given value in a number if it is one else returns a string */
 function getParsedValue(value: string): string | number {
-	if (value.match(/^[\d\.]+$/) === null) {
+	if (value.match(/^[\d.]+$/) === null) {
 		// Is a string
 		return value;
 	} else {