Improve security config validation (#1153)

srknzl · web-flow · commit cd3bcdf159b8 · 2021-12-29T13:58:42.000+03:00
Initialize username and password with null to avoid them being `undefined`.
With `undefined` value it still works due to `CodecUtil.encodeNullable` logic
but it may be confusing.

Also, if `token` is not provided in token credentials throw instead of ignoring.
diff --git a/src/config/ConfigBuilder.ts b/src/config/ConfigBuilder.ts
@@ -136,8 +136,8 @@ export class ConfigBuilder {
     }
 
     private handleUsernamePasswordCredentials(jsonObject: any): void {
-        let username: string;
-        let password: string;
+        let username: string | null = null;
+        let password: string | null = null;
         for (const key in jsonObject) {
             const value = jsonObject[key];
             if (key === 'username') {
@@ -167,7 +167,7 @@ export class ConfigBuilder {
         }
 
         if (token == null) {
-            return;
+            throw new RangeError('\'token\' option must be provided in token credentials.');
         }
 
         this.effectiveConfig.security.token = new TokenCredentialsImpl(token, encoding);
diff --git a/test/unit/config/ConfigBuilderTest.js b/test/unit/config/ConfigBuilderTest.js
@@ -421,6 +421,14 @@ describe('ConfigBuilderRangeValidationTest', function () {
                     }
                 }
             },
+            // token field is mandatory
+            {
+                'security': {
+                    'token': {
+                        'encoding': TokenEncoding.ASCII
+                    }
+                }
+            },
             {
                 'security': {
                     'token': {

Original file line number	Diff line number	Diff line change
`@@ -136,8 +136,8 @@ export class ConfigBuilder {`
`136`	`136`	`}`
`137`	`137`
`138`	`138`	`private handleUsernamePasswordCredentials(jsonObject: any): void {`
`139`		`- let username: string;`
`140`		`- let password: string;`
	`139`	`+ let username: string \| null = null;`
	`140`	`+ let password: string \| null = null;`
`141`	`141`	`for (const key in jsonObject) {`
`142`	`142`	`const value = jsonObject[key];`
`143`	`143`	`if (key === 'username') {`
`@@ -167,7 +167,7 @@ export class ConfigBuilder {`
`167`	`167`	`}`
`168`	`168`
`169`	`169`	`if (token == null) {`
`170`		`- return;`
	`170`	`+ throw new RangeError('\'token\' option must be provided in token credentials.');`
`171`	`171`	`}`
`172`	`172`
`173`	`173`	`this.effectiveConfig.security.token = new TokenCredentialsImpl(token, encoding);`
Original file line number	Diff line number	Diff line change
`@@ -421,6 +421,14 @@ describe('ConfigBuilderRangeValidationTest', function () {`
`421`	`421`	`}`
`422`	`422`	`}`
`423`	`423`	`},`
	`424`	`+ // token field is mandatory`
	`425`	`+ {`
	`426`	`+ 'security': {`
	`427`	`+ 'token': {`
	`428`	`+ 'encoding': TokenEncoding.ASCII`
	`429`	`+ }`
	`430`	`+ }`
	`431`	`+ },`
`424`	`432`	`{`
`425`	`433`	`'security': {`
`426`	`434`	`'token': {`