From ba3cb8eddc1dbd2e175ff426c5ceb5fd8de10b39 Mon Sep 17 00:00:00 2001
From: "francesco.mangiacrapa" <francesco.mangiacrapa@isti.cnr.it>
Date: Tue, 22 Oct 2024 17:09:13 +0200
Subject: [PATCH] Minor fix into UserUtils to check if the `user` is `null`.

---
 cms-plugin-framework/CHANGELOG.md             |  3 +-
 cms-plugin-framework/pom.xml                  |  2 +-
 .../cms/implementations/utils/UserUtils.java  | 41 ++++++++++---------
 3 files changed, 25 insertions(+), 21 deletions(-)

diff --git a/cms-plugin-framework/CHANGELOG.md b/cms-plugin-framework/CHANGELOG.md
index f936503..e6c491a 100644
--- a/cms-plugin-framework/CHANGELOG.md
+++ b/cms-plugin-framework/CHANGELOG.md
@@ -1,8 +1,9 @@
 # Changelog for org.gcube.application.cms-plugin-framework
 
-## [v1.0.6] - 2024-10-01
+## [v1.0.6-SNAPSHOT] - 2024-10-01
 
 - Included the file size to reduce/optimize the time to upload files to the storage hub [#28150]
+- Checked if the user is `null` in the `UserUtils` class [#28301]
 
 ## [v1.0.5] - 2024-07-03
 
diff --git a/cms-plugin-framework/pom.xml b/cms-plugin-framework/pom.xml
index 95a99d4..791e98b 100644
--- a/cms-plugin-framework/pom.xml
+++ b/cms-plugin-framework/pom.xml
@@ -4,7 +4,7 @@
 	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<modelVersion>4.0.0</modelVersion>
 	<artifactId>cms-plugin-framework</artifactId>
-	<version>1.0.6</version>
+	<version>1.0.6-SNAPSHOT</version>
 
 	<parent>
 		<groupId>org.gcube.application.cms</groupId>
diff --git a/cms-plugin-framework/src/main/java/org/gcube/application/cms/implementations/utils/UserUtils.java b/cms-plugin-framework/src/main/java/org/gcube/application/cms/implementations/utils/UserUtils.java
index 86806ff..a168533 100644
--- a/cms-plugin-framework/src/main/java/org/gcube/application/cms/implementations/utils/UserUtils.java
+++ b/cms-plugin-framework/src/main/java/org/gcube/application/cms/implementations/utils/UserUtils.java
@@ -21,28 +21,31 @@ import lombok.extern.slf4j.Slf4j;
 @Slf4j
 public class UserUtils {
 
-	public static List<String> DEFAULT_ROLES=new ArrayList<>();
+	public static List<String> DEFAULT_ROLES = new ArrayList<>();
 
 	public static AuthenticatedUser getCurrent() throws SecurityException {
 		log.debug("Loading caller info..");
 
 		SecretManager cm = SecretManagerProvider.instance.get();
 		String context = cm.getContext();
-		if(context==null) throw new SecurityException("Cannot determine context");
+		if (context == null)
+			throw new SecurityException("Cannot determine context");
+		Set<String> roles = new HashSet<>();
 		org.gcube.common.authorization.utils.user.User user = cm.getUser();
-		log.info("Identified caller {} in context {}",user.getUsername(),context);
 
-		Set<String> roles=new HashSet<>();
-		roles.addAll(user.getRoles());
+		if (user == null) {
+			log.warn("No user found in the session work, context is {}", context);
+		} else {
+			log.info("Identified caller {} in context {}", user.getUsername(), context);
+			roles.addAll(user.getRoles());
+		}
+		AuthenticatedUser toReturn = new AuthenticatedUser(user, roles, AccessTokenProvider.instance.get(),
+				SecurityTokenProvider.instance.get(), context);
 
-		AuthenticatedUser toReturn =
-				new AuthenticatedUser(user,roles, AccessTokenProvider.instance.get(),SecurityTokenProvider.instance.get(),context);
-
-		log.info("Current User is {} ",toReturn);
+		log.info("Current User is {} ", toReturn);
 		return toReturn;
 	}
 
-
 	@AllArgsConstructor
 	@Getter
 	public static class AuthenticatedUser {
@@ -63,10 +66,10 @@ public class UserUtils {
 			builder.append("User [user=");
 			builder.append(user);
 			builder.append(", uma_token=");
-			builder.append(uma_token==null?uma_token:"***");
+			builder.append(uma_token == null ? uma_token : "***");
 
 			builder.append(", gcube_token=");
-			builder.append(gcube_token==null?gcube_token:"***");
+			builder.append(gcube_token == null ? gcube_token : "***");
 
 			builder.append(", roles=");
 			builder.append(roles);
@@ -77,14 +80,14 @@ public class UserUtils {
 			return builder.toString();
 		}
 
-		public AccountingInfo asInfo(){
-			AccountingInfo info=new AccountingInfo();
+		public AccountingInfo asInfo() {
+			AccountingInfo info = new AccountingInfo();
 			User user = new User();
-			try{
+			try {
 				user.setUsername(this.getUser().getUsername());
 				user.setRoles(roles);
-			}catch(Exception e){
-				log.warn("Unable to determine user id, using FAKE",e);
+			} catch (Exception e) {
+				log.warn("Unable to determine user id, using FAKE", e);
 				user.setUsername("FAKE");
 				user.setRoles(new HashSet<>());
 				user.getRoles().addAll(DEFAULT_ROLES);
@@ -92,9 +95,9 @@ public class UserUtils {
 
 			info.setUser(user);
 			info.setInstant(LocalDateTime.now());
-			Context c=new Context();
+			Context c = new Context();
 			c.setId(this.context);
-			c.setName(context.contains("/")?context.substring(context.lastIndexOf("/")):context);
+			c.setName(context.contains("/") ? context.substring(context.lastIndexOf("/")) : context);
 			info.setContext(c);
 			return info;
 		}