From faf5a48ce8b1d78fb812e0a525f8e20e84d690ad Mon Sep 17 00:00:00 2001
From: Mathieu Baudier <mbaudier@argeo.org>
Date: Wed, 7 Feb 2018 12:35:57 +0100
Subject: [PATCH] Make auth more robust

---
 .../src/org/argeo/cms/auth/CmsAuthUtils.java  | 23 ++++++++++---------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java b/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java
index e6c63a4de..dde2d73f5 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/CmsAuthUtils.java
@@ -158,18 +158,19 @@ class CmsAuthUtils {
 				cmsSession = new WebCmsSessionImpl(subject, authorization, locale, request);
 			}
 			// request.setAttribute(CmsSession.class.getName(), cmsSession);
-			CmsSessionId nodeSessionId = new CmsSessionId(cmsSession.getUuid());
-			if (subject.getPrivateCredentials(CmsSessionId.class).size() == 0)
-				subject.getPrivateCredentials().add(nodeSessionId);
-			else {
-				UUID storedSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next().getUuid();
-				// if (storedSessionId.equals(httpSessionId.getValue()))
-				throw new CmsException(
-						"Subject already logged with session " + storedSessionId + " (not " + nodeSessionId + ")");
+			if (cmsSession != null) {
+				CmsSessionId nodeSessionId = new CmsSessionId(cmsSession.getUuid());
+				if (subject.getPrivateCredentials(CmsSessionId.class).size() == 0)
+					subject.getPrivateCredentials().add(nodeSessionId);
+				else {
+					UUID storedSessionId = subject.getPrivateCredentials(CmsSessionId.class).iterator().next()
+							.getUuid();
+					// if (storedSessionId.equals(httpSessionId.getValue()))
+					throw new CmsException(
+							"Subject already logged with session " + storedSessionId + " (not " + nodeSessionId + ")");
+				}
 			}
-		} else
-
-		{
+		} else {
 			// TODO desktop, CLI
 		}
 	}
-- 
2.30.2