Fix #30571: fix NPE in OpenIdReAuthorizeFilter

LEDfan · LEDfan · commit 2bdc9544f3c1 · 2023-05-11T11:39:17.000+02:00
diff --git a/src/main/java/eu/openanalytics/containerproxy/auth/impl/oidc/OpenIdReAuthorizeFilter.java b/src/main/java/eu/openanalytics/containerproxy/auth/impl/oidc/OpenIdReAuthorizeFilter.java
@@ -109,8 +109,10 @@ protected void doFilterInternal(@Nonnull HttpServletRequest request, @Nonnull Ht
      * See {@link RefreshTokenOAuth2AuthorizedClientProvider}
      */
     private boolean accessTokenExpired(OAuth2AuthorizedClient authorizedClient) {
-        return authorizedClient.getAccessToken().getExpiresAt() == null ||
-                clock.instant().isAfter(authorizedClient.getAccessToken().getExpiresAt().minus(this.clockSkew));
+        if (authorizedClient == null || authorizedClient.getAccessToken() == null || authorizedClient.getAccessToken().getExpiresAt() == null) {
+            return true;
+        }
+        return clock.instant().isAfter(authorizedClient.getAccessToken().getExpiresAt().minus(this.clockSkew));
     }
 
 }

Original file line number	Diff line number	Diff line change
`@@ -109,8 +109,10 @@ protected void doFilterInternal(@Nonnull HttpServletRequest request, @Nonnull Ht`
`109`	`109`	`* See {@link RefreshTokenOAuth2AuthorizedClientProvider}`
`110`	`110`	`*/`
`111`	`111`	`private boolean accessTokenExpired(OAuth2AuthorizedClient authorizedClient) {`
`112`		`- return authorizedClient.getAccessToken().getExpiresAt() == null \|\|`
`113`		`- clock.instant().isAfter(authorizedClient.getAccessToken().getExpiresAt().minus(this.clockSkew));`
	`112`	`+ if (authorizedClient == null \|\| authorizedClient.getAccessToken() == null \|\| authorizedClient.getAccessToken().getExpiresAt() == null) {`
	`113`	`+ return true;`
	`114`	`+ }`
	`115`	`+ return clock.instant().isAfter(authorizedClient.getAccessToken().getExpiresAt().minus(this.clockSkew));`
`114`	`116`	`}`
`115`	`117`
`116`	`118`	`}`