Improve security config validation (#1154)

Initialize username and password with null to avoid them being `undefined`. With `undefined` value it still works due to `CodecUtil.encodeNullable` logic but it may be confusing. Also, if `token` is not provided in token credentials throw instead of ignoring.
hazelcast · Dec 29, 2021 · 875c528 · 875c528
1 parent baa3f35
commit 875c528
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 3 deletions.
diff --git a/src/config/ConfigBuilder.ts b/src/config/ConfigBuilder.ts
@@ -137,8 +137,8 @@ export class ConfigBuilder {
     }
 
     private handleUsernamePasswordCredentials(jsonObject: any): void {
-        let username: string;
-        let password: string;
+        let username: string | null = null;
+        let password: string | null = null;
         for (const key in jsonObject) {
             const value = jsonObject[key];
             if (key === 'username') {
@@ -168,7 +168,7 @@ export class ConfigBuilder {
         }
 
         if (token == null) {
-            return;
+            throw new RangeError('\'token\' option must be provided in token credentials.');
         }
 
         this.effectiveConfig.security.token = new TokenCredentialsImpl(token, encoding);

diff --git a/test/unit/config/ConfigBuilderTest.js b/test/unit/config/ConfigBuilderTest.js
@@ -570,6 +570,14 @@ describe('ConfigBuilderValidationTest', function () {
                     }
                 }
             },
+            // token field is mandatory
+            {
+                'security': {
+                    'token': {
+                        'encoding': TokenEncoding.ASCII
+                    }
+                }
+            },
             {
                 'security': {
                     'token': {