added safe guards for when the oauth2 providers are null

Author: R-Sandor

server/src/main/java/dev/findfirst/users/controller/UserController.java

@@ -37,6 +37,7 @@
 
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.core.io.FileSystemResource;
 import org.springframework.core.io.Resource;
@@ -63,8 +64,12 @@ public class UserController {
 
   private final RefreshTokenService refreshTokenService;
 
-  private final Oauth2SourceService oauth2SourceService;
+  private Oauth2SourceService oauth2SourceService;
 
+  @Autowired(required = false)
+  public void setOauth2SourceService(Oauth2SourceService oauth2SourceService) {
+    this.oauth2SourceService = oauth2SourceService;
+  }
 
   @Value("${findfirst.app.frontend-url}")
   private String frontendUrl;
@@ -87,6 +92,10 @@ public ResponseEntity<User> userInfo() throws NoUserFoundException {
 
   @GetMapping("/oauth2Providers")
   public ResponseEntity<List<Oauth2Source>> oauth2Providers() {
+    if (oauth2SourceService == null) {
+      // return a blank list.
+      return ResponseEntity.ok(List.of());
+    }
     return ResponseEntity.ok(oauth2SourceService.oauth2Sources());
   }
 

server/src/main/java/dev/findfirst/users/service/Oauth2SourceService.java

@@ -28,18 +28,20 @@ public class Oauth2SourceService {
 
   @PostConstruct
   void init() {
-    oauth2Providers.iterator().forEachRemaining(provider -> {
-      var tknUri = provider.getProviderDetails().getTokenUri();
-      log.debug("Token URI {}", tknUri);
-      // skip http(s)://
-      if (!tknUri.contains("https://")) {
-        log.debug("provider without https {}", tknUri);
-        // do we really want to trust anything that isn't https?
-        return;
-      }
-      oauth2Sources.add(new Oauth2Source(provider.getClientName(), getFaviconURI(provider),
-          "oauth2/authorization/" + provider.getRegistrationId()));
-    });
+    if (oauth2Providers != null) {
+      oauth2Providers.iterator().forEachRemaining(provider -> {
+        var tknUri = provider.getProviderDetails().getTokenUri();
+        log.debug("Token URI {}", tknUri);
+        // skip http(s)://
+        if (!tknUri.contains("https://")) {
+          log.debug("provider without https {}", tknUri);
+          // do we really want to trust anything that isn't https?
+          return;
+        }
+        oauth2Sources.add(new Oauth2Source(provider.getClientName(), getFaviconURI(provider),
+            "oauth2/authorization/" + provider.getRegistrationId()));
+      });
+    }
   }
 
   public List<Oauth2Source> oauth2Sources() {

server/src/test/java/dev/findfirst/users/controller/UserControllerTest.java

@@ -1,7 +1,6 @@
 package dev.findfirst.users.controller;
 
 import static dev.findfirst.utilities.HttpUtility.getHttpEntity;
-import static org.junit.jupiter.api.Assertions.assertArrayEquals;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertTrue;
@@ -247,9 +246,8 @@ void testRemoveUserPhoto_Success() throws Exception {
   @Test
   void getAllProivders() {
     var response = restTemplate.getForEntity("/user/oauth2Providers", Oauth2Source[].class);
-
-    assertArrayEquals(new Oauth2Source[] {new Oauth2Source("GitHub",
-        "https://github.com/favicon.ico", "oauth2/authorization/github")}, response.getBody());
-
+    var sources = response.getBody();
+    assertTrue(sources.length == 1);
+    assertEquals("GitHub", sources[0].provider(), "Github should be the provider.");
   }
 }