Fix empty token handling in RawAuthResponse constructor

hpark-miovision · hpark-miovision · commit 676c481d498b · 2024-05-08T22:05:25.000-04:00
RawAuthResponse constructor first checks to ensure provided token is not null and is not empty. Existing implementation used != operator to detect non-empty string, thus failed to handle when provided token is actually empty, i.e. "".

The token comparison logic in RawAuthResponse constructor is now updated to use isEmpty() instead, more specifically, (token != null &amp;&amp; !token.isEmpty()) to properly handle "" case.

New test case with sample json has been added for validation; the test prior to the change would fail with java.lang.ArrayIndexOutOfBoundsException.
diff --git a/client/src/main/java/io/split/engine/sse/dtos/RawAuthResponse.java b/client/src/main/java/io/split/engine/sse/dtos/RawAuthResponse.java
@@ -22,7 +22,7 @@ public RawAuthResponse(boolean pushEnabled, String token) {
         this.pushEnabled = pushEnabled;
         this.token = token;
 
-        if (token != null && token != "") {
+        if (token != null && !token.isEmpty()) {
             String tokenDecoded = decodeJwt();
             this.jwt = Json.fromJson(tokenDecoded, Jwt.class);
         } else {
diff --git a/client/src/test/java/io/split/engine/sse/AuthApiClientTest.java b/client/src/test/java/io/split/engine/sse/AuthApiClientTest.java
@@ -85,6 +85,23 @@ public void authenticateWithPushDisabledShouldReturnSuccess() throws IOException
         Assert.assertTrue(StringUtils.isEmpty(result.getToken()));
     }
 
+    @Test
+    public void authenticateWithPushDisabledWithEmptyTokenShouldReturnSuccess() throws IOException, IllegalAccessException,
+            NoSuchMethodException, InvocationTargetException, URISyntaxException {
+        CloseableHttpClient httpClientMock = TestHelper.mockHttpClient("streaming-auth-push-disabled-empty-token.json",
+                HttpStatus.SC_OK);
+        SplitHttpClient splitHttpClient = SplitHttpClientImpl.create(httpClientMock, new RequestDecorator(null),
+                "qwerty", metadata());
+
+        AuthApiClient authApiClient = new AuthApiClientImp("www.split-test.io", splitHttpClient, TELEMETRY_STORAGE);
+        AuthenticationResponse result = authApiClient.Authenticate();
+
+        Assert.assertFalse(result.isPushEnabled());
+        Assert.assertTrue(StringUtils.isEmpty(result.getChannels()));
+        Assert.assertFalse(result.isRetry());
+        Assert.assertTrue(StringUtils.isEmpty(result.getToken()));
+    }
+
     @Test
     public void authenticateServerErrorShouldReturnErrorWithRetry() throws IOException, IllegalAccessException,
             NoSuchMethodException, InvocationTargetException, URISyntaxException {
diff --git a/client/src/test/resources/streaming-auth-push-disabled-empty-token.json b/client/src/test/resources/streaming-auth-push-disabled-empty-token.json
@@ -0,0 +1 @@
+{"pushEnabled":false,"token":""}
