[sling-whiteboard] branch master updated: oidc-rp: prevent NPE when the refresh token is not present

Wed, 05 Jul 2023 01:43:48 -0700 

This is an automated email from the ASF dual-hosted git repository.

rombert pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-whiteboard.git


The following commit(s) were added to refs/heads/master by this push:
     new c8b3de04 oidc-rp: prevent NPE when the refresh token is not present
c8b3de04 is described below

commit c8b3de04f90926eda5f1e7a98f65e5f8d7c256fa
Author: Robert Munteanu <romb...@apache.org>
AuthorDate: Wed Jul 5 11:41:34 2023 +0300

    oidc-rp: prevent NPE when the refresh token is not present
    
    This was discovered when testing against the Google provider, which does 
not always provide
    refresh tokens, even if requested.
---
 .../servlets/oidc_rp/impl/OidcConnectionFinderImpl.java  | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git 
a/org.apache.sling.servlets.oidc-rp/src/main/java/org/apache/sling/servlets/oidc_rp/impl/OidcConnectionFinderImpl.java
 
b/org.apache.sling.servlets.oidc-rp/src/main/java/org/apache/sling/servlets/oidc_rp/impl/OidcConnectionFinderImpl.java
index 8e429815..84d273c1 100644
--- 
a/org.apache.sling.servlets.oidc-rp/src/main/java/org/apache/sling/servlets/oidc_rp/impl/OidcConnectionFinderImpl.java
+++ 
b/org.apache.sling.servlets.oidc-rp/src/main/java/org/apache/sling/servlets/oidc_rp/impl/OidcConnectionFinderImpl.java
@@ -128,25 +128,27 @@ public class OidcConnectionFinderImpl implements 
OidcConnectionFinder, OidcConne
             User currentUser = resolver.adaptTo(User.class);
             Session session = resolver.adaptTo(Session.class);
 
-            String accessToken = tokens.getAccessToken().getValue();
-            String refreshToken = tokens.getRefreshToken().getValue();
             ZonedDateTime expiry = null;
             long expiresIn = tokens.getAccessToken().getLifetime();
             if ( expiresIn > 0 ) {
                 expiry = LocalDateTime.now().plus(expiresIn, 
ChronoUnit.SECONDS).atZone(ZoneId.systemDefault());
             }
 
+            String accessToken = tokens.getAccessToken().getValue();
             currentUser.setProperty(propertyPath(connection, 
PROPERTY_NAME_ACCESS_TOKEN), 
session.getValueFactory().createValue(accessToken));
             if ( expiry != null ) {
                 Calendar cal = GregorianCalendar.from(expiry);
                 currentUser.setProperty(propertyPath(connection, 
PROPERTY_NAME_EXPIRES_AT), session.getValueFactory().createValue(cal));
             } else
                 currentUser.removeProperty(propertyPath(connection, 
PROPERTY_NAME_EXPIRES_AT));
-            
-            if ( refreshToken != null )
-                currentUser.setProperty(propertyPath(connection, 
PROPERTY_NAME_REFRESH_TOKEN), 
session.getValueFactory().createValue(refreshToken));
-            else
-                currentUser.removeProperty(propertyPath(connection, 
PROPERTY_NAME_REFRESH_TOKEN));
+
+            if ( tokens.getRefreshToken() != null ) {
+                String refreshToken = tokens.getRefreshToken().getValue();
+                if ( refreshToken != null )
+                    currentUser.setProperty(propertyPath(connection, 
PROPERTY_NAME_REFRESH_TOKEN), 
session.getValueFactory().createValue(refreshToken));
+                else
+                    currentUser.removeProperty(propertyPath(connection, 
PROPERTY_NAME_REFRESH_TOKEN));
+            }
 
             if ( tokens instanceof OIDCTokens oidcTokens) {
                 // don't touch the id token if we don't have an OIDC token, 
e.g. when refreshing the access token

Reply via email to