Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-18903

WebEngine form authenticator logout expects a username and fails

    Details

      Description

      A call to @@login resets the authentication.
      Then, it performs the login if it founds the required parameters: username, passward and caller.
      It uses:

      org.nuxeo.ecm.webengine.login.WebEngineFormAuthenticator.handleRetrieveIdentity(HttpServletRequest, HttpServletResponse) {
              if (!isLoginRequest(httpRequest)) {
                  return null;
              }
              String userName = httpRequest.getParameter(usernameKey);
              String password = httpRequest.getParameter(passwordKey);
              return new UserIdentificationInfo(userName, password);
          }
      

      But the method returns an identity even if the username parameter is not present.
      It causes a NPE when loging out on the NuxeoAuthenticationFilter which expects a valid identity with a username.
      Currently line 507

                   if (cachableUserIdent == null || cachableUserIdent.getUserInfo() == null) {
                          UserIdentificationInfo userIdent = handleRetrieveIdentity(httpRequest, httpResponse);
                          if (userIdent != null && userIdent.getUserName().equals(getAnonymousId())) {   <=== HERE
      

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                PagerDuty

                Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.