From 2efd320a90a77b66af25f3ba1688f5ce40c3af77 Mon Sep 17 00:00:00 2001 From: Lubos Racansky Date: Tue, 13 Feb 2024 07:17:07 +0100 Subject: [PATCH] Fix #1576: UserProfileController returns Internal Server Error if Principal missing --- .../controller/UserProfileController.java | 24 ++++++++++++------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/powerauth-webflow-resources/src/main/java/io/getlime/security/powerauth/lib/webflow/resource/controller/UserProfileController.java b/powerauth-webflow-resources/src/main/java/io/getlime/security/powerauth/lib/webflow/resource/controller/UserProfileController.java index bbe561b03..c9c534eac 100644 --- a/powerauth-webflow-resources/src/main/java/io/getlime/security/powerauth/lib/webflow/resource/controller/UserProfileController.java +++ b/powerauth-webflow-resources/src/main/java/io/getlime/security/powerauth/lib/webflow/resource/controller/UserProfileController.java @@ -26,16 +26,15 @@ import io.getlime.security.powerauth.lib.webflow.resource.configuration.WebFlowResourcesServerConfiguration; import io.getlime.security.powerauth.lib.webflow.resource.model.UserInfoResponse; import io.getlime.security.powerauth.lib.webflow.resource.model.UserResponse; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; +import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.authentication.InsufficientAuthenticationException; import org.springframework.security.core.annotation.AuthenticationPrincipal; import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal; -import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; -import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.bind.annotation.RestController; import java.util.Date; import java.util.Map; @@ -45,8 +44,9 @@ * * @author Petr Dvorak, petr@wultra.com */ -@Controller +@RestController @RequestMapping("/api/secure/profile") +@Slf4j public class UserProfileController { private final DataAdapterClient client; @@ -58,8 +58,6 @@ public class UserProfileController { private static final String ANONYMOUS_USER = "anonymousUser"; - private static final Logger logger = LoggerFactory.getLogger(UserProfileController.class); - @Autowired public UserProfileController(DataAdapterClient client, WebFlowResourcesServerConfiguration webFlowResourcesServerConfiguration) { this.client = client; @@ -76,7 +74,11 @@ public UserProfileController(DataAdapterClient client, WebFlowResourcesServerCon * @return User profile. */ @GetMapping("me") - public @ResponseBody UserResponse me(@AuthenticationPrincipal OAuth2AuthenticatedPrincipal principal) { + public UserResponse me(@AuthenticationPrincipal OAuth2AuthenticatedPrincipal principal) { + if (principal == null) { + throw new InsufficientAuthenticationException("Missing principal"); + } + final UserResponse userResponse = new UserResponse(); // Try to fetch user details from the service @@ -132,7 +134,11 @@ public UserProfileController(DataAdapterClient client, WebFlowResourcesServerCon * @return User profile. */ @RequestMapping(value = "me/info", method = { RequestMethod.GET, RequestMethod.POST }) - public @ResponseBody UserInfoResponse userInfo(@AuthenticationPrincipal OAuth2AuthenticatedPrincipal principal) { + public UserInfoResponse userInfo(@AuthenticationPrincipal OAuth2AuthenticatedPrincipal principal) { + if (principal == null) { + throw new InsufficientAuthenticationException("Missing principal"); + } + // Try to fetch user details from the service try { final String usedId = principal.getName();