fix: core config validation (#894)

* fix: core config validation

* fix: core config validation

* fix: PR comments

* fix: PR comments

* fix: test

* fix: startup test

* fix: using ConfigMapper

* fix: test

* fix: config mapper

* fix: core config

CHANGELOG.md

@@ -5,6 +5,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres
 to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [7.0.16] - 2023-12-04
+
+- Returns 400, instead of 500, for badly typed core config while creating CUD, App or Tenant
+
 ## [7.0.15] - 2023-11-28
 
 - Adds test for user pagination from old version

build.gradle

@@ -19,7 +19,7 @@ compileTestJava { options.encoding = "UTF-8" }
 //    }
 //}
 
-version = "7.0.15"
+version = "7.0.16"
 
 
 repositories {

src/main/java/io/supertokens/config/Config.java

@@ -31,6 +31,7 @@
 import io.supertokens.pluginInterface.multitenancy.TenantIdentifier;
 import io.supertokens.pluginInterface.multitenancy.exceptions.TenantOrAppNotFoundException;
 import io.supertokens.storageLayer.StorageLayer;
+import io.supertokens.utils.ConfigMapper;
 import org.jetbrains.annotations.TestOnly;
 
 import java.io.File;
@@ -49,16 +50,17 @@ public class Config extends ResourceDistributor.SingletonResource {
     private Config(Main main, String configFilePath) throws InvalidConfigException, IOException {
         this.main = main;
         final ObjectMapper mapper = new ObjectMapper(new YAMLFactory());
-        CoreConfig config = mapper.readValue(new File(configFilePath), CoreConfig.class);
-        config.normalizeAndValidate(main);
+        Object configObj = mapper.readValue(new File(configFilePath), Object.class);
+        JsonObject jsonConfig = new Gson().toJsonTree(configObj).getAsJsonObject();
+        CoreConfig config = ConfigMapper.mapConfig(jsonConfig, CoreConfig.class);
+        config.normalizeAndValidate(main, true);
         this.core = config;
     }
 
     private Config(Main main, JsonObject jsonConfig) throws IOException, InvalidConfigException {
         this.main = main;
-        final ObjectMapper mapper = new ObjectMapper(new YAMLFactory());
-        CoreConfig config = mapper.readValue(jsonConfig.toString(), CoreConfig.class);
-        config.normalizeAndValidate(main);
+        CoreConfig config = ConfigMapper.mapConfig(jsonConfig, CoreConfig.class);
+        config.normalizeAndValidate(main, false);
         this.core = config;
     }
 

src/main/java/io/supertokens/config/CoreConfig.java

@@ -394,7 +394,7 @@ private String getConfigFileLocation(Main main) {
                 : CLIOptions.get(main).getConfigFilePath()).getAbsolutePath();
     }
 
-    void normalizeAndValidate(Main main) throws InvalidConfigException {
+    void normalizeAndValidate(Main main, boolean includeConfigFilePath) throws InvalidConfigException {
         if (isNormalizedAndValid) {
             return;
         }
@@ -407,8 +407,9 @@ void normalizeAndValidate(Main main) throws InvalidConfigException {
         }
         if (access_token_validity < 1 || access_token_validity > 86400000) {
             throw new InvalidConfigException(
-                    "'access_token_validity' must be between 1 and 86400000 seconds inclusive. The config file can be"
-                            + " found here: " + getConfigFileLocation(main));
+                    "'access_token_validity' must be between 1 and 86400000 seconds inclusive." +
+                            (includeConfigFilePath ? " The config file can be"
+                            + " found here: " + getConfigFileLocation(main) : ""));
         }
         Boolean validityTesting = CoreConfigTestContent.getInstance(main)
                 .getValue(CoreConfigTestContent.VALIDITY_TESTING);
@@ -417,16 +418,18 @@ void normalizeAndValidate(Main main) throws InvalidConfigException {
         if ((refresh_token_validity * 60) <= access_token_validity) {
             if (!Main.isTesting || validityTesting) {
                 throw new InvalidConfigException(
-                        "'refresh_token_validity' must be strictly greater than 'access_token_validity'. The config "
-                                + "file can be found here: " + getConfigFileLocation(main));
+                        "'refresh_token_validity' must be strictly greater than 'access_token_validity'." +
+                                (includeConfigFilePath ? " The config file can be"
+                                        + " found here: " + getConfigFileLocation(main) : ""));
             }
         }
 
         if (!Main.isTesting || validityTesting) { // since in testing we make this really small
             if (access_token_dynamic_signing_key_update_interval < 1) {
                 throw new InvalidConfigException(
-                        "'access_token_dynamic_signing_key_update_interval' must be greater than, equal to 1 hour. The "
-                                + "config file can be found here: " + getConfigFileLocation(main));
+                        "'access_token_dynamic_signing_key_update_interval' must be greater than, equal to 1 hour." +
+                                (includeConfigFilePath ? " The config file can be"
+                                        + " found here: " + getConfigFileLocation(main) : ""));
             }
         }
 
@@ -456,8 +459,9 @@ void normalizeAndValidate(Main main) throws InvalidConfigException {
 
         if (max_server_pool_size <= 0) {
             throw new InvalidConfigException(
-                    "'max_server_pool_size' must be >= 1. The config file can be found here: "
-                            + getConfigFileLocation(main));
+                    "'max_server_pool_size' must be >= 1." +
+                            (includeConfigFilePath ? " The config file can be"
+                                    + " found here: " + getConfigFileLocation(main) : ""));
         }
 
         if (api_keys != null) {

src/main/java/io/supertokens/utils/ConfigMapper.java

@@ -0,0 +1,148 @@
+/*
+ *    Copyright (c) 2023, VRAI Labs and/or its affiliates. All rights reserved.
+ *
+ *    This software is licensed under the Apache License, Version 2.0 (the
+ *    "License") as published by the Apache Software Foundation.
+ *
+ *    You may not use this file except in compliance with the License. You may
+ *    obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *    License for the specific language governing permissions and limitations
+ *    under the License.
+ */
+
+package io.supertokens.utils;
+
+import com.google.gson.JsonElement;
+import com.google.gson.JsonNull;
+import com.google.gson.JsonObject;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonAlias;
+import io.supertokens.pluginInterface.exceptions.InvalidConfigException;
+
+import java.lang.annotation.Annotation;
+import java.lang.reflect.Field;
+import java.util.Map;
+
+public class ConfigMapper {
+    public static <T> T mapConfig(JsonObject config, Class<T> clazz) throws InvalidConfigException {
+        try {
+            T result = clazz.newInstance();
+            for (Map.Entry<String, JsonElement> entry : config.entrySet()) {
+                Field field = findField(clazz, entry.getKey());
+                if (field != null) {
+                    setValue(result, field, entry.getValue());
+                }
+            }
+            return result;
+        } catch (InstantiationException | IllegalAccessException e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    private static <T> Field findField(Class<T> clazz, String key) {
+        Field[] fields = clazz.getDeclaredFields();
+
+        for (Field field : fields) {
+            if (field.getName().equals(key)) {
+                return field;
+            }
+
+            // Check for JsonProperty annotation
+            JsonProperty jsonProperty = field.getAnnotation(JsonProperty.class);
+            if (jsonProperty != null && jsonProperty.value().equals(key)) {
+                return field;
+            }
+
+            // Check for JsonAlias annotation
+            JsonAlias jsonAlias = field.getAnnotation(JsonAlias.class);
+            if (jsonAlias != null) {
+                for (String alias : jsonAlias.value()) {
+                    if (alias.equals(key)) {
+                        return field;
+                    }
+                }
+            }
+        }
+
+        return null; // Field not found
+    }
+
+    private static <T> void setValue(T object, Field field, JsonElement value) throws InvalidConfigException {
+        boolean foundAnnotation = false;
+        for (Annotation a : field.getAnnotations()) {
+            if (a.toString().contains("JsonProperty")) {
+                foundAnnotation = true;
+                break;
+            }
+        }
+
+        if (!foundAnnotation) {
+            return;
+        }
+
+        field.setAccessible(true);
+        Object convertedValue = convertJsonElementToTargetType(value, field.getType(), field.getName());
+        if (convertedValue != null) {
+            try {
+                field.set(object, convertedValue);
+            } catch (IllegalAccessException e) {
+                throw new IllegalStateException("should never happen");
+            }
+        }
+    }
+
+    private static Object convertJsonElementToTargetType(JsonElement value, Class<?> targetType, String fieldName)
+            throws InvalidConfigException {
+        // If the value is JsonNull, return null for any type
+        if (value instanceof JsonNull || value == null) {
+            return null;
+        }
+
+        try {
+            if (targetType == String.class) {
+                return value.getAsString();
+            } else if (targetType == Integer.class || targetType == int.class) {
+                if (value.getAsDouble() == (double) value.getAsInt()) {
+                    return value.getAsInt();
+                }
+            } else if (targetType == Long.class || targetType == long.class) {
+                if (value.getAsDouble() == (double) value.getAsLong()) {
+                    return value.getAsLong();
+                }
+            } else if (targetType == Double.class || targetType == double.class) {
+                return value.getAsDouble();
+            } else if (targetType == Float.class || targetType == float.class) {
+                return value.getAsFloat();
+            } else if (targetType == Boolean.class || targetType == boolean.class) {
+                // Handle boolean conversion from strings like "true", "false"
+                return handleBooleanConversion(value, fieldName);
+            }
+        } catch (NumberFormatException e) {
+            // do nothing, will fall into InvalidConfigException
+        }
+
+        // Throw an exception for unsupported conversions
+        throw new InvalidConfigException("'" + fieldName + "' must be of type " + targetType.getSimpleName());
+    }
+
+    private static Object handleBooleanConversion(JsonElement value, String fieldName) throws InvalidConfigException {
+        // Handle boolean conversion from strings like "true", "false"
+        if (value.isJsonPrimitive() && value.getAsJsonPrimitive().isString()) {
+            String stringValue = value.getAsString().toLowerCase();
+            if (stringValue.equals("true")) {
+                return true;
+            } else if (stringValue.equals("false")) {
+                return false;
+            }
+        } else if (value.isJsonPrimitive() && value.getAsJsonPrimitive().isBoolean()) {
+            return value.getAsBoolean();
+        }
+
+        // Throw an exception for unsupported conversions
+        throw new InvalidConfigException("'" + fieldName + "' must be of type boolean");
+    }
+}