Adds argument validations for auth classes

[shubham1g5]

Product Description

An action item from https://dimagi.atlassian.net/browse/CI-418 where I want to remove the possibility of mobile sending empty tokens with the help of these validations.

I added these logs to make sure that we are not initing these auth classes in code with empty values due to a bug, If yes, think the app should crash here as that implies a very serious app bug.

Safety Assurance

Safety story

This might cause a crash in scenarios where these errors were silently ignored and were resulting in API errors instead but think that's an acceptable behaviour in these scenarios.

Special deploy instructions

• This PR can be deployed after merge with no further considerations.

Rollback instructions

• This PR can be reverted after deploy with no further considerations.

Review

• The set of people pinged as reviewers is appropriate for the level of risk of the change.

Duplicate PR

Automatically duplicate this PR as defined in contributing.md.

Summary by CodeRabbit

• Bug Fixes
  • Authentication inputs now validate that usernames, passwords, and tokens are not empty before processing, throwing clear errors when validation fails.
  • Strengthened input validation across authentication methods for improved data integrity and error reporting.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Input validation enhancements added to two constructor methods in the AuthInfo class. The ProvidedAuth constructor now validates that username and password are non-empty, and the TokenAuth constructor validates that the token is non-empty. Both throw IllegalArgumentException when validation fails.

Changes

Cohort / File(s)	Summary
Authentication Input Validation src/main/java/org/commcare/core/network/AuthInfo.java	Added non-empty validation checks to ProvidedAuth(String username, String password, boolean wrapDomain) and TokenAuth(String token) constructors with IllegalArgumentException thrown on empty credentials. Introduced StringUtils import to support validation.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~5–10 minutes

• Verify that empty string checks are appropriate for all authentication methods
• Confirm that IllegalArgumentException is the intended exception type for invalid input
• Validate that the StringUtils import matches the project's utility library conventions

Poem

🐰 A validation sprint so fine and neat,
Empty credentials? We won't repeat!
Guards at the gate, they check and they see,
Strong authentication, secure as can be! ✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Adds argument validations for auth classes' directly and clearly describes the main change: adding validation checks to authentication classes.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch addAuthValidations

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 926cab9 and 1d3c02c.

📒 Files selected for processing (1)

• src/main/java/org/commcare/core/network/AuthInfo.java (3 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

src/main/java/org/commcare/core/network/AuthInfo.java (1)

src/main/java/org/commcare/cases/util/StringUtils.java (1)

• StringUtils (13-166)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: task-list-completed

🔇 Additional comments (3)

src/main/java/org/commcare/core/network/AuthInfo.java (3)

3-3: LGTM!

The import is correctly added and necessary for the validation logic in the constructor methods.

---

26-36: Validation logic is correct and properly tested.

The constructor properly validates both username and password before field assignment using StringUtils.isEmpty(), throwing IllegalArgumentException with clear messages. The fail-fast approach aligns with best practices. Comprehensive tests in AuthInfoTest.java verify both validation checks work as expected.

One note: There is only a 3-parameter constructor; there is no separate 2-parameter constructor that delegates to it. The validation logic itself is sound and covers all usage paths.

Optional enhancement (nitpick):

Consider whether whitespace-only strings (e.g., " ") should be rejected in addition to null/empty. The current validation using StringUtils.isEmpty() only catches null or truly empty strings, not whitespace-only values. This could be deferred as a separate enhancement if desired.

---

45-50: Validation logic is correct and properly implemented.

The constructor validates that token is not null or empty using StringUtils.isEmpty() before assignment, and throws IllegalArgumentException with a clear message. The implementation at lines 46-48 is sound.

Note: The custom StringUtils.isEmpty() checks only for null or empty strings, not whitespace-only strings (e.g., " " would pass validation). Consider whether whitespace-only tokens should be rejected in a future iteration, but this is outside the current scope.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}