From 2887a67a4dc271b634994ae9b890fa470cdeb240 Mon Sep 17 00:00:00 2001
From: Serge Rider <serge@jkiss.org>
Date: Thu, 1 Feb 2024 17:11:01 +0100
Subject: [PATCH] CB-4617 NPE fix

---
 .../security/CBEmbeddedSecurityController.java  | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/server/bundles/io.cloudbeaver.service.security/src/io/cloudbeaver/service/security/CBEmbeddedSecurityController.java b/server/bundles/io.cloudbeaver.service.security/src/io/cloudbeaver/service/security/CBEmbeddedSecurityController.java
index bd1491b9b0..b40c620e01 100644
--- a/server/bundles/io.cloudbeaver.service.security/src/io/cloudbeaver/service/security/CBEmbeddedSecurityController.java
+++ b/server/bundles/io.cloudbeaver.service.security/src/io/cloudbeaver/service/security/CBEmbeddedSecurityController.java
@@ -1410,10 +1410,12 @@ private String createNewAuthAttempt(
         String authAttemptId = UUID.randomUUID().toString();
         try (Connection dbCon = database.openConnection()) {
             try (JDBCTransaction txn = new JDBCTransaction(dbCon)) {
-                if (smConfig.isCheckBruteforce()
-                    && this.getAuthProvider(authProviderId).getInstance() instanceof SMBruteForceProtected bruteforceProtected) {
-                    BruteForceUtils.checkBruteforce(smConfig,
-                        getLatestUserLogins(dbCon, authProviderId, bruteforceProtected.getInputUsername(authData).toString()));
+                if (smConfig.isCheckBruteforce() && this.getAuthProvider(authProviderId).getInstance() instanceof SMBruteForceProtected bruteforceProtected) {
+                    Object inputUsername = bruteforceProtected.getInputUsername(authData);
+                    if (inputUsername != null) {
+                        BruteForceUtils.checkBruteforce(smConfig,
+                            getLatestUserLogins(dbCon, authProviderId, inputUsername.toString()));
+                    }
                 }
                 try (PreparedStatement dbStat = dbCon.prepareStatement(
                     database.normalizeTableNames(
@@ -1435,7 +1437,12 @@ private String createNewAuthAttempt(
                     }
                     dbStat.setString(7, isMainSession ? CHAR_BOOL_TRUE : CHAR_BOOL_FALSE);
                     if (this.getAuthProvider(authProviderId).getInstance() instanceof SMBruteForceProtected bruteforceProtected) {
-                        dbStat.setString(8, bruteforceProtected.getInputUsername(authData).toString());
+                        Object inputUsername = bruteforceProtected.getInputUsername(authData);
+                        if (inputUsername != null) {
+                            dbStat.setString(8, inputUsername.toString());
+                        } else {
+                            dbStat.setString(8, null);
+                        }
                     } else {
                         dbStat.setString(8, null);
                     }