From 875c52855e6acea1ff36fe64804801105b2a8a46 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Serkan=20=C3=96zel?= Date: Wed, 29 Dec 2021 14:04:43 +0300 Subject: [PATCH] Improve security config validation (#1154) Initialize username and password with null to avoid them being `undefined`. With `undefined` value it still works due to `CodecUtil.encodeNullable` logic but it may be confusing. Also, if `token` is not provided in token credentials throw instead of ignoring. --- src/config/ConfigBuilder.ts | 6 +++--- test/unit/config/ConfigBuilderTest.js | 8 ++++++++ 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/src/config/ConfigBuilder.ts b/src/config/ConfigBuilder.ts index 95da24342..76348f73b 100644 --- a/src/config/ConfigBuilder.ts +++ b/src/config/ConfigBuilder.ts @@ -137,8 +137,8 @@ export class ConfigBuilder { } private handleUsernamePasswordCredentials(jsonObject: any): void { - let username: string; - let password: string; + let username: string | null = null; + let password: string | null = null; for (const key in jsonObject) { const value = jsonObject[key]; if (key === 'username') { @@ -168,7 +168,7 @@ export class ConfigBuilder { } if (token == null) { - return; + throw new RangeError('\'token\' option must be provided in token credentials.'); } this.effectiveConfig.security.token = new TokenCredentialsImpl(token, encoding); diff --git a/test/unit/config/ConfigBuilderTest.js b/test/unit/config/ConfigBuilderTest.js index e0f6b299d..fbe765bc7 100644 --- a/test/unit/config/ConfigBuilderTest.js +++ b/test/unit/config/ConfigBuilderTest.js @@ -570,6 +570,14 @@ describe('ConfigBuilderValidationTest', function () { } } }, + // token field is mandatory + { + 'security': { + 'token': { + 'encoding': TokenEncoding.ASCII + } + } + }, { 'security': { 'token': {