libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

Fix NPE if user not exists

Browse source 
Check "userSession.getId().equals(clientUser.getId())" fails if getUserFromToken return non existed user. It is happens when AccessToken.subject relates to non existed user.

Closes #16297
This commit is contained in:
Mark Andreev 2023-01-04 09:29:19 +00:00 committed by Pedro Igor
parent 665dec19c0
commit d900540034
2 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
services/src/main/java/org/keycloak/authorization/common/KeycloakIdentity.java
View file

@ -234,6 +234,9 @@ public class KeycloakIdentity implements Identity {
} }
UserModel userSession = getUserFromToken(); UserModel userSession = getUserFromToken();
if (userSession == null) {
throw new IllegalArgumentException("User from token not found");
}
this.resourceServer = clientUser != null && userSession.getId().equals(clientUser.getId()); this.resourceServer = clientUser != null && userSession.getId().equals(clientUser.getId());

7
services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java
View file

@ -356,13 +356,10 @@ public class TokenManager {
// Fallback to lookup user based on username (preferred_username claim) // Fallback to lookup user based on username (preferred_username claim)
if (token.getPreferredUsername() != null) { if (token.getPreferredUsername() != null) {
user = session.users().getUserByUsername(realm, token.getPreferredUsername()); return session.users().getUserByUsername(realm, token.getPreferredUsername());
if (user != null) {
return user;
}
} }
return user; return null;
} }