search

Yubico / java-webauthn-server

Server-side Web Authentication library for Java https://www.w3.org/TR/webauthn/#rp-operations
Other
439 stars 137 forks source link

NPE @ FinishRegistrationStep.Step22.validate #324

Closed fcorneli closed 7 months ago

fcorneli commented 9 months ago

In case credentialRepository.lookupAll returns a null. Stack trace:

Caused by: java.lang.NullPointerException
    at com.yubico.webauthn.FinishRegistrationSteps$Step22.validate(FinishRegistrationSteps.java:620)
    at com.yubico.webauthn.FinishRegistrationSteps$Step.next(FinishRegistrationSteps.java:113)
    at com.yubico.webauthn.FinishRegistrationSteps$Step.run(FinishRegistrationSteps.java:121)
    at com.yubico.webauthn.FinishRegistrationSteps$Step.run(FinishRegistrationSteps.java:121)
    at com.yubico.webauthn.FinishRegistrationSteps$Step.run(FinishRegistrationSteps.java:121)
    at com.yubico.webauthn.FinishRegistrationSteps$Step.run(FinishRegistrationSteps.java:121)
    at com.yubico.webauthn.FinishRegistrationSteps$Step.run(FinishRegistrationSteps.java:121)
    at com.yubico.webauthn.FinishRegistrationSteps$Step.run(FinishRegistrationSteps.java:121)
    at com.yubico.webauthn.FinishRegistrationSteps$Step.run(FinishRegistrationSteps.java:121)
    at com.yubico.webauthn.FinishRegistrationSteps$Step.run(FinishRegistrationSteps.java:121)
    at com.yubico.webauthn.FinishRegistrationSteps$Step.run(FinishRegistrationSteps.java:121)
    at com.yubico.webauthn.FinishRegistrationSteps$Step.run(FinishRegistrationSteps.java:121)
    at com.yubico.webauthn.FinishRegistrationSteps$Step.run(FinishRegistrationSteps.java:121)
    at com.yubico.webauthn.FinishRegistrationSteps$Step.run(FinishRegistrationSteps.java:121)
    at com.yubico.webauthn.FinishRegistrationSteps$Step.run(FinishRegistrationSteps.java:121)
    at com.yubico.webauthn.FinishRegistrationSteps$Step.run(FinishRegistrationSteps.java:121)
    at com.yubico.webauthn.FinishRegistrationSteps$Step.run(FinishRegistrationSteps.java:121)
    at com.yubico.webauthn.FinishRegistrationSteps$Step.run(FinishRegistrationSteps.java:121)
    at com.yubico.webauthn.FinishRegistrationSteps.run(FinishRegistrationSteps.java:100)
    at com.yubico.webauthn.RelyingParty.finishRegistration(RelyingParty.java:505)
emlun commented 9 months ago

If no credentials are found, CredentialRepository.lookupAll should return an empty set, not null.