From 0b0d9ab07610b448583a11edc37b2b0e3163ac9f Mon Sep 17 00:00:00 2001
From: Damian Jansen <djansen@redhat.com>
Date: Tue, 24 Apr 2018 16:24:19 +1000
Subject: [PATCH] fix(ZNTA-2387): handle some null safety

---
 .../zanata/dao/AccountActivationKeyDAO.java   |  3 +-
 .../main/java/org/zanata/dao/AccountDAO.kt    | 36 +++++++++----------
 .../java/org/zanata/dao/AllowedAppDAO.java    |  4 +++
 .../server/rpc/GetTranslatorListHandler.java  | 10 +++---
 4 files changed, 30 insertions(+), 23 deletions(-)

diff --git a/server/services/src/main/java/org/zanata/dao/AccountActivationKeyDAO.java b/server/services/src/main/java/org/zanata/dao/AccountActivationKeyDAO.java
index 017f4184971..33f61150ad7 100644
--- a/server/services/src/main/java/org/zanata/dao/AccountActivationKeyDAO.java
+++ b/server/services/src/main/java/org/zanata/dao/AccountActivationKeyDAO.java
@@ -47,7 +47,8 @@ public HAccountActivationKey findByAccountIdAndKeyHash(Long accountId, String ke
                 "from HAccountActivationKey key where key.account.id = :accountId and key.keyHash= :keyHash")
             .setLong("accountId", accountId)
             .setString("keyHash", keyHash)
-            .setComment("AccountDAO.getByUsernameAndEmail").uniqueResult();
+            .setComment("AccountActivationKeyDAO.findByAccountIdAndKeyHash")
+            .uniqueResult();
     }
 
 }
diff --git a/server/services/src/main/java/org/zanata/dao/AccountDAO.kt b/server/services/src/main/java/org/zanata/dao/AccountDAO.kt
index 6c574e37d83..d89301557a7 100644
--- a/server/services/src/main/java/org/zanata/dao/AccountDAO.kt
+++ b/server/services/src/main/java/org/zanata/dao/AccountDAO.kt
@@ -1,22 +1,22 @@
 /*
  * Copyright 2018, Red Hat, Inc. and individual contributors
- *  as indicated by the @author tags. See the copyright.txt file in the
- *  distribution for a full listing of individual contributors.
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
  *
- *  This is free software; you can redistribute it and/or modify it
- *  under the terms of the GNU Lesser General Public License as
- *  published by the Free Software Foundation; either version 2.1 of
- *  the License, or (at your option) any later version.
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
  *
- *  This software is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- *  Lesser General Public License for more details.
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
  *
- *  You should have received a copy of the GNU Lesser General Public
- *  License along with this software; if not, write to the Free
- *  Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- *  02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
  */
 package org.zanata.dao
 
@@ -60,7 +60,7 @@ class AccountDAO : AbstractDAOImpl<HAccount, Long> {
         return Optional.ofNullable(getByUsername(username))
     }
 
-    fun getByEmail(email: String): HAccount {
+    fun getByEmail(email: String): HAccount? {
         return session.createQuery(
                 "from HAccount acc where acc.person.email = :email") .apply {
                 setString("email", email)
@@ -68,7 +68,7 @@ class AccountDAO : AbstractDAOImpl<HAccount, Long> {
         }.uniqueResult() as HAccount
     }
 
-    fun getByUsernameAndEmail(username: String, email: String): HAccount {
+    fun getByUsernameAndEmail(username: String, email: String): HAccount? {
         return session.createQuery(
                 "from HAccount acc where acc.username = :username " +
                         "and acc.person.email = :email").apply {
@@ -77,7 +77,7 @@ class AccountDAO : AbstractDAOImpl<HAccount, Long> {
         }.uniqueResult() as HAccount
     }
 
-    fun getByApiKey(apikey: String): HAccount {
+    fun getByApiKey(apikey: String): HAccount? {
         return session.createCriteria(HAccount::class.java)
                 .add(Restrictions.eq("apiKey", apikey))
                 .uniqueResult() as HAccount
@@ -151,7 +151,7 @@ class AccountDAO : AbstractDAOImpl<HAccount, Long> {
         }
     }
 
-    fun getByCredentialsId(credentialsId: String): HAccount {
+    fun getByCredentialsId(credentialsId: String): HAccount? {
         return session.createQuery(
                 "select c.account from HCredentials c where c.user = :id")
                 .apply {
diff --git a/server/services/src/main/java/org/zanata/dao/AllowedAppDAO.java b/server/services/src/main/java/org/zanata/dao/AllowedAppDAO.java
index 5e7d5241621..89adfb14a64 100644
--- a/server/services/src/main/java/org/zanata/dao/AllowedAppDAO.java
+++ b/server/services/src/main/java/org/zanata/dao/AllowedAppDAO.java
@@ -26,6 +26,7 @@
 import javax.inject.Inject;
 
 import org.hibernate.Session;
+import org.zanata.exception.NoSuchUserException;
 import org.zanata.model.AllowedApp;
 import org.zanata.model.HAccount;
 
@@ -52,6 +53,9 @@ public AllowedAppDAO() {
     // TODO support client secret when we support pre-registration of clients
     public void persistClientId(String username, String clientId) {
         HAccount hAccount = accountDAO.getByUsername(username);
+        if (hAccount == null) {
+            throw new NoSuchUserException("Attempted persist with unknown user");
+        }
         AllowedApp allowedApp = new AllowedApp(hAccount, clientId);
         hAccount.getAllowedApps().add(allowedApp);
 
diff --git a/server/services/src/main/java/org/zanata/webtrans/server/rpc/GetTranslatorListHandler.java b/server/services/src/main/java/org/zanata/webtrans/server/rpc/GetTranslatorListHandler.java
index f981e24dcec..5a2dc7e939b 100644
--- a/server/services/src/main/java/org/zanata/webtrans/server/rpc/GetTranslatorListHandler.java
+++ b/server/services/src/main/java/org/zanata/webtrans/server/rpc/GetTranslatorListHandler.java
@@ -10,6 +10,7 @@
 import javax.inject.Inject;
 import javax.inject.Named;
 import org.zanata.dao.AccountDAO;
+import org.zanata.model.HAccount;
 import org.zanata.model.HPerson;
 import org.zanata.security.ZanataIdentity;
 import org.zanata.service.GravatarService;
@@ -58,10 +59,11 @@ public GetTranslatorListResult execute(GetTranslatorList action,
         for (Map.Entry<EditorClientId, PersonSessionDetails> entry : result
                 .entrySet()) {
             PersonId personId = entry.getValue().getPerson().getId();
-
-            HPerson person =
-                    accountDAO.getByUsername(personId.toString()).getPerson();
-
+            HAccount hAccount = accountDAO.getByUsername(personId.toString());
+            if (hAccount == null) {
+                continue;
+            }
+            HPerson person = hAccount.getPerson();
             Person translator =
                     new Person(personId, person.getName(),
                             gravatarServiceImpl.getUserImageUrl(16,