From 54a2e9d04e5d0ba9e51edf7bd550e8c401b522b4 Mon Sep 17 00:00:00 2001
From: Loganathan Sekar <loganathan.sekar@mindtree.com>
Date: Thu, 23 Jun 2022 11:32:13 +0530
Subject: [PATCH] Fixed NPE on validating ID Token

---
 .../api/controller/LoginController.java       | 21 ++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/controller/LoginController.java b/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/controller/LoginController.java
index 449285ad1a3..91cabb78112 100644
--- a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/controller/LoginController.java
+++ b/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/controller/LoginController.java
@@ -33,6 +33,8 @@
 @RestController
 public class LoginController {
 	
+	private static final String ID_TOKEN = "id_token";
+
 	private final static Logger LOGGER= LoggerFactory.getLogger(LoginController.class);
 
 	@Value("${auth.token.header:Authorization}")
@@ -46,7 +48,10 @@ public class LoginController {
 	private LoginService loginService;
 	
 	@Autowired
-	private ValidateTokenHelper validateTokenHelper; 
+	private ValidateTokenHelper validateTokenHelper;
+
+	@Value("${auth.validate.id-token:false}")
+	private boolean validateIdToken; 
 
 	@GetMapping(value = "/login/{redirectURI}")
 	public void login(@CookieValue(name = "state", required = false) String state,
@@ -88,11 +93,17 @@ public void loginRedirect(@PathVariable("redirectURI") String redirectURI, @Requ
 				redirectURI);
 		String accessToken = jwtResponseDTO.getAccessToken();
 		validateToken(accessToken);
-		String idToken = jwtResponseDTO.getIdToken();
-		validateToken(idToken);
 		Cookie cookie = loginService.createCookie(accessToken);
 		res.addCookie(cookie);
-		res.addCookie(new Cookie("id_token", idToken));
+		if(validateIdToken) {
+			String idToken = jwtResponseDTO.getIdToken();
+			if(idToken == null) {
+				throw new ClientException(Errors.TOKEN_NOTPRESENT_ERROR.getErrorCode(),
+						Errors.TOKEN_NOTPRESENT_ERROR.getErrorMessage() + ": " + ID_TOKEN);
+			}
+			validateToken(idToken);
+			res.addCookie(new Cookie(ID_TOKEN, idToken));
+		}
 		res.setStatus(302);
 		String url = new String(Base64.decodeBase64(redirectURI.getBytes()));
 		if(url.contains("#")) {
@@ -103,7 +114,7 @@ public void loginRedirect(@PathVariable("redirectURI") String redirectURI, @Requ
 			throw new ServiceException(Errors.ALLOWED_URL_EXCEPTION.getErrorCode(), Errors.ALLOWED_URL_EXCEPTION.getErrorMessage());
 		}
 		res.sendRedirect(url);	
-		}
+	}
 
 	private void validateToken(String accessToken) {
 		if(!validateTokenHelper.isTokenValid(accessToken).getKey()){