Fix JedisURIHelper.getPassword throwing ArrayIndexOutOfBoundsException for username-only URIs (#4109)

Fix for bug #4003. Better message instead of ArrayIndexOutOfBoundsException

Authentication details can be provided in the URI in the form of a username and password.
Examples :
   - Username and Password: redis://username:password@host:port
   - Password-only: redis://:password@host:port 
   - No Authentication: redis://host:port 
   - Empty password: redis://username:@host:port 

Using JedisURIHelper with a URI having only a username is considered invalid and should throw `IllegalArgumentException`.

Closes #4003.
---------
Co-authored-by: ggivo <[email protected]>

Author: smadasu

src/main/java/redis/clients/jedis/util/JedisURIHelper.java

@@ -5,6 +5,32 @@
 import redis.clients.jedis.Protocol;
 import redis.clients.jedis.RedisProtocol;
 
+/**
+ * Utility class for handling Redis URIs.
+ * This class provides methods to extract various components from a Redis URI,
+ * such as host, port, user, password, database index, and protocol.
+ * It also includes methods to validate the URI and check its scheme.
+ *
+ * <h2>URI syntax</h2>
+ *
+ * <blockquote>
+ * <i>redis[s]</i><b>{@code ://}</b>[[<i>username</i>]<i>[{@code :}password</i>]@]
+ * <i>host</i>[<b>{@code :}</b><i>port</i>][<b>{@code /}</b><i>database</i>]
+ * </blockquote>
+ *
+ *
+ * <h2>Authentication</h2>
+ * <p>Authentication details can be provided in the URI in the form of a username and password.
+ * Redis URIs may contain authentication details that effectively lead to usernames with passwords,
+ * password-only, or no authentication.</p>
+ * <h3>Examples:</h3>
+ * <ul>
+ *   <li><b>Username and Password:</b> redis://username:password@host:port</li>
+ *   <li><b>Password-only:</b> redis://:password@host:port</li>
+ *   <li><b>Empty password:</b> redis://username:@host:port</li>
+ *   <li><b>No Authentication:</b> redis://host:port</li>
+ * </ul>
+ */
 public final class JedisURIHelper {
 
   private static final String REDIS = "redis";
@@ -18,6 +44,14 @@ public static HostAndPort getHostAndPort(URI uri) {
     return new HostAndPort(uri.getHost(), uri.getPort());
   }
 
+  /**
+   * Extracts the user from the given URI.
+   * <p>
+   * For details on the URI format and authentication examples, see {@link JedisURIHelper}.
+   * </p>
+   * @param uri the URI to extract the user from
+   * @return the user as a String, or null if user is empty or {@link URI#getUserInfo()} info is missing
+   */
   public static String getUser(URI uri) {
     String userInfo = uri.getUserInfo();
     if (userInfo != null) {
@@ -30,10 +64,24 @@ public static String getUser(URI uri) {
     return null;
   }
 
+  /**
+   * Extracts the password from the given URI.
+   * <p>
+   * For details on the URI format and authentication examples, see {@link JedisURIHelper}.
+   * </p>
+   * @param uri the URI to extract the password from
+   * @return the password as a String, or null if {@link URI#getUserInfo()} info is missing
+   * @throws IllegalArgumentException if {@link URI#getUserInfo()} is provided but does not contain
+   *           a password
+   */
   public static String getPassword(URI uri) {
     String userInfo = uri.getUserInfo();
     if (userInfo != null) {
-      return userInfo.split(":", 2)[1];
+      String[] userAndPassword = userInfo.split(":", 2);
+      if (userAndPassword.length < 2) {
+        throw new IllegalArgumentException("Password not provided in uri.");
+      }
+      return userAndPassword[1];
     }
     return null;
   }

src/test/java/redis/clients/jedis/util/JedisURIHelperTest.java

@@ -1,15 +1,14 @@
 package redis.clients.jedis.util;
 
+import static org.junit.Assert.*;
 import static redis.clients.jedis.util.JedisURIHelper.*;
 
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertNull;
-
 import java.net.URI;
 import java.net.URISyntaxException;
 import org.junit.Test;
 import redis.clients.jedis.RedisProtocol;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.emptyString;
 
 public class JedisURIHelperTest {
 
@@ -69,8 +68,31 @@ public void shouldGetDefaultProtocolWhenNotDefined() {
   @Test
   public void shouldGetProtocolFromDefinition() {
     assertEquals(RedisProtocol.RESP3, getRedisProtocol(URI.create("redis://host:1234?protocol=3")));
-    assertEquals(RedisProtocol.RESP3, getRedisProtocol(URI.create("redis://host:1234/?protocol=3")));
-    assertEquals(RedisProtocol.RESP3, getRedisProtocol(URI.create("redis://host:1234/1?protocol=3")));
-    assertEquals(RedisProtocol.RESP3, getRedisProtocol(URI.create("redis://host:1234/1/?protocol=3")));
+    assertEquals(RedisProtocol.RESP3,
+      getRedisProtocol(URI.create("redis://host:1234/?protocol=3")));
+    assertEquals(RedisProtocol.RESP3,
+      getRedisProtocol(URI.create("redis://host:1234/1?protocol=3")));
+    assertEquals(RedisProtocol.RESP3,
+      getRedisProtocol(URI.create("redis://host:1234/1/?protocol=3")));
+  }
+
+  @Test
+  public void emptyPassword() {
+    // ensure we can provide an empty password for default user
+    assertThat(JedisURIHelper.getPassword(URI.create("redis://:@host:9000/0")), emptyString());
+
+    // ensure we can provide an empty password for user
+    assertEquals(JedisURIHelper.getUser(URI.create("redis://username:@host:9000/0")), "username");
+    assertThat(JedisURIHelper.getPassword(URI.create("redis://username:@host:9000/0")),
+      emptyString());
+  }
+
+  @Test
+  public void shouldThrowIfNoPasswordInURI() throws URISyntaxException {
+    // ensure we throw if user is provided but password is missing in URI
+    URI uri = new URI("redis://user@host:9000/0");
+    IllegalArgumentException illegalArgumentException = assertThrows(IllegalArgumentException.class,
+      () -> getPassword(uri));
+    assertEquals("Password not provided in uri.", illegalArgumentException.getMessage());
   }
 }