Fix JedisURIHelper.getPassword throwing ArrayIndexOutOfBoundsException for username-only URIs

[Links2004]

Authentication details can be provided in the URI in the form of a username and password.
Redis URIs may contain authentication details that effectively lead to usernames with passwords, password-only, or no authentication.

Examples :

• Username and Password: redis://username:password@host:port
• Password-only: redis://:password@host:port
• No Authentication: redis://host:port
• Empty password: redis://username:@host:port

Using JedisURIHelper with a URI having only a username is considered invalid and should throw IllegalArgumentException.

• Username-only: redis://username@host:port

Expected behavior

JedisURIHelper.getPassword throws IllegalArgumentException when there is only a username and no password in the URI.

Actual behavior

JedisURIHelper.getPassword does throw an exception ArrayIndexOutOfBoundsException when there is only a username and no password in the URI.

java.lang.ArrayIndexOutOfBoundsException: Index 1 out of bounds for length 1
	at redis.clients.jedis.util.JedisURIHelper.getPassword(JedisURIHelper.java:36)

Steps to reproduce:

URI redisProperUri = URI.create("redis://user@redisHost.redisDomain");
JedisURIHelper.getPassword(redisProperUri); 

Redis / Jedis Configuration

Jedis version:

Redis version:

Java version:

[sazzad16]

Redis has two authentication options:

1. password only - legacy AUTH mode
2. username and password - updated AUTH mode

There is no username only mode. As a client for Redis, what should Jedis do in such case?

[Links2004]

reporting a AUTH error is good,
having a stack trace that you do not understand with out reading the code is bad.

or be more spezifisch return null for the getPassword function and not a ArrayIndexOutOfBoundsException

jedis/src/main/java/redis/clients/jedis/util/JedisURIHelper.java

Lines 33 to 39 in e30dc29

	public static String getPassword(URI uri) {
	String userInfo = uri.getUserInfo();
	if (userInfo != null) {
	return userInfo.split(":", 2)[1];
	}
	return null;
	}

this is about handling wrong user Input/Configuration (like you stated if there is a username there must be a password).
failing the AUTH is totally expected, but having a stack trace with ArrayIndexOutOfBoundsException is hard to understand.

[sazzad16]

@Links2004 Thanks!

[smadasu]

I have a fix that throws JedisException with a message "AUTH error. Password not provided in uri" instead of ArrayIndexOutOfBoundsException. I will submitting a PR soon