fix: Prevent NPE when AuthenticatorConfig is null

Closes #465 Signed-off-by: Sven-Torben Janus <[email protected]>
sventorben · Dec 17, 2024 · 51ad4e9 · 51ad4e9
1 parent 805e688
commit 51ad4e9
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/src/main/java/de/sventorben/keycloak/authentication/hidpd/AuthenticationChallenge.java b/src/main/java/de/sventorben/keycloak/authentication/hidpd/AuthenticationChallenge.java
@@ -8,6 +8,7 @@
 import org.keycloak.services.managers.AuthenticationManager;
 
 import java.util.List;
+import java.util.Optional;
 
 final class AuthenticationChallenge {
 
@@ -32,7 +33,9 @@ void forceChallenge() {
         String rememberMeUsername = rememberMe.getUserName();
 
         if (reauthentication.required() && context.getUser() != null) {
-            String attribute = context.getAuthenticatorConfig().getConfig().getOrDefault("userAttribute", "username");
+            String attribute = Optional.ofNullable(context.getAuthenticatorConfig())
+                .map(it -> it.getConfig().getOrDefault("userAttribute", "email").trim())
+                .orElse("email");
             formData.add(AuthenticationManager.FORM_USERNAME, context.getUser().getFirstAttribute(attribute));
         } else {
             if (loginHintUsername != null || rememberMeUsername != null) {