Merge pull request #62 from prime-framework/degroff/npe_test

Test to cause NPE in ResourceBundleMessageProvider.findMessage

Author: robotdan

.github/workflows/build.yml

@@ -15,10 +15,10 @@ jobs:
         uses: actions/checkout@v4
       - name: savant setup
         run: |
-          curl -O https://repository.savantbuild.org/org/savantbuild/savant-core/2.0.0-RC.7/savant-2.0.0-RC.7.tar.gz
-          tar xzvf savant-2.0.0-RC.7.tar.gz
-          savant-2.0.0-RC.7/bin/sb --version
-          SAVANT_PATH=$(realpath -s "./savant-2.0.0-RC.7/bin")
+          curl -O https://repository.savantbuild.org/org/savantbuild/savant-core/2.0.0/savant-2.0.0.tar.gz
+          tar xzvf savant-2.0.0.tar.gz
+          savant-2.0.0/bin/sb --version
+          SAVANT_PATH=$(realpath -s "./savant-2.0.0/bin")
           echo "${SAVANT_PATH}" >> $GITHUB_PATH
           mkdir -p ~/.savant/plugins
           # For now, using the JDK that comes on the GHA runner

build.savant

@@ -29,7 +29,7 @@ logbackVersion = "1.4.14"
 slf4jVersion = "2.0.13"
 testngVersion = "7.8.0"
 
-project(group: "org.primeframework", name: "prime-mvc", version: "4.26.0", licenses: ["ApacheV2_0"]) {
+project(group: "org.primeframework", name: "prime-mvc", version: "4.26.1", licenses: ["ApacheV2_0"]) {
   workflow {
     fetch {
       // Dependency resolution order:
@@ -99,13 +99,13 @@ project(group: "org.primeframework", name: "prime-mvc", version: "4.26.0", licen
 }
 
 // Plugins
-file = loadPlugin(id: "org.savantbuild.plugin:file:2.0.0-RC.7")
-dependency = loadPlugin(id: "org.savantbuild.plugin:dependency:2.0.0-RC.7")
-java = loadPlugin(id: "org.savantbuild.plugin:java:2.0.0-RC.6")
-javaTestNG = loadPlugin(id: "org.savantbuild.plugin:java-testng:2.0.0-RC.6")
-idea = loadPlugin(id: "org.savantbuild.plugin:idea:2.0.0-RC.7")
-pom = loadPlugin(id: "org.savantbuild.plugin:pom:2.0.0-RC.6")
-release = loadPlugin(id: "org.savantbuild.plugin:release-git:2.0.0-RC.6")
+file = loadPlugin(id: "org.savantbuild.plugin:file:2.0.0")
+dependency = loadPlugin(id: "org.savantbuild.plugin:dependency:2.0.0")
+java = loadPlugin(id: "org.savantbuild.plugin:java:2.0.0")
+javaTestNG = loadPlugin(id: "org.savantbuild.plugin:java-testng:2.0.0")
+idea = loadPlugin(id: "org.savantbuild.plugin:idea:2.0.0")
+pom = loadPlugin(id: "org.savantbuild.plugin:pom:2.0.0")
+release = loadPlugin(id: "org.savantbuild.plugin:release-git:2.0.0")
 
 // Plugin settings
 java.settings.javaVersion = "17"

pom.xml

@@ -5,7 +5,7 @@
 
   <groupId>org.primeframework</groupId>
   <artifactId>prime-mvc</artifactId>
-  <version>4.26.0</version>
+  <version>4.26.1</version>
   <packaging>jar</packaging>
 
   <name>FusionAuth App</name>

src/main/java/org/primeframework/mvc/message/l10n/ResourceBundleMessageProvider.java

@@ -137,6 +137,10 @@ protected String findMessage(ActionInvocation actionInvocation, String key) {
     }
 
     ActionConfiguration config = actionInvocation.configuration;
+    if (config == null) {
+      return null;
+    }
+
     return config.alternateMessageURIs.stream()
                                       .map(uri -> findMessage(uri, key))
                                       .filter(Objects::nonNull)

src/test/java/org/primeframework/mvc/GlobalTest.java

@@ -183,6 +183,33 @@ public void escapePathSegmentsWithWildCard() throws Exception {
                                      "theRest=foo bar,foobar,foo bar,foo@bar"));
   }
 
+  @Test
+  public void flash_scope_compatibility() throws Exception {
+    // Use case: MVC is able to decrypt a flash message cookie that was encrypted with legacy methods
+    // Create a SimpleMessage, serialize, encrypt, and encode. The message text is hard-coded here because there is no context to look up the message.
+    var message = new SimpleMessage(MessageType.INFO, "[FlashScopeMessageKey]", "This is a message!");
+    // Serialize List<Message>
+    var serialized = objectMapper.writeValueAsBytes(List.of(message));
+    // Instantiate DefaultEncryptor with two copies of CBCCipherProvider to encrypt with CBC
+    Encryptor cbcEncryptor = new DefaultEncryptor(new CBCCipherProvider(configuration), new CBCCipherProvider(configuration));
+    var encrypted = cbcEncryptor.encrypt(serialized);
+    var encoded = Base64.getUrlEncoder().encodeToString(encrypted);
+
+    simulator.test("/flash-scope/")
+             .withCookie(configuration.messageFlashScopeCookieName(), encoded)
+             .get()
+             .assertStatusCode(200)
+             .assertContainsGeneralMessageCodes(MessageType.INFO, "[FlashScopeMessageKey]")
+             .assertBodyContainsMessagesFromKey("[FlashScopeMessageKey]")
+             .assertBody("""
+                             This is an index page.
+                             
+                               Info:This is a message!
+                             
+                             """)
+    ;
+  }
+
   @Test
   public void get() throws Exception {
     // Not called yet
@@ -1038,40 +1065,13 @@ public void get_redirect_flash_scope_messageLookup() throws Exception {
                                                           .assertBodyContainsMessagesFromKey("[FlashScopeMessageKey]")
                                                           .assertBody("""
                                                                           This is an index page.
-                                                                                               
+                                                                          
                                                                             Info:This is a message!
-                                                                            
+                                                                          
                                                                           """)
              );
   }
 
-  @Test
-  public void flash_scope_compatibility() throws Exception {
-    // Use case: MVC is able to decrypt a flash message cookie that was encrypted with legacy methods
-    // Create a SimpleMessage, serialize, encrypt, and encode. The message text is hard-coded here because there is no context to look up the message.
-    var message = new SimpleMessage(MessageType.INFO, "[FlashScopeMessageKey]", "This is a message!");
-    // Serialize List<Message>
-    var serialized = objectMapper.writeValueAsBytes(List.of(message));
-    // Instantiate DefaultEncryptor with two copies of CBCCipherProvider to encrypt with CBC
-    Encryptor cbcEncryptor = new DefaultEncryptor(new CBCCipherProvider(configuration), new CBCCipherProvider(configuration));
-    var encrypted = cbcEncryptor.encrypt(serialized);
-    var encoded = Base64.getUrlEncoder().encodeToString(encrypted);
-
-    simulator.test("/flash-scope/")
-             .withCookie(configuration.messageFlashScopeCookieName(), encoded)
-             .get()
-             .assertStatusCode(200)
-             .assertContainsGeneralMessageCodes(MessageType.INFO, "[FlashScopeMessageKey]")
-             .assertBodyContainsMessagesFromKey("[FlashScopeMessageKey]")
-             .assertBody("""
-                             This is an index page.
-                                                  
-                               Info:This is a message!
-                               
-                             """)
-    ;
-  }
-
   @Test
   public void get_redirect_withActual() throws Exception {
     // Contains no parameters
@@ -1100,6 +1100,12 @@ public void get_template_noAction() throws Exception {
              .assertStatusCode(200)
              .assertBodyContains("Yo, nice template.");
 
+    // uses a message key that's not found
+    simulator.test("/freemarker/missing-message-template")
+             .get()
+             .assertStatusCode(200)
+             .assertBodyContains("Yo, nice template.", "the default message");
+
     // Double slash, redirect to the correct location
     simulator.test("/freemarker//stand-alone-template")
              .get()
@@ -1961,7 +1967,7 @@ public void post_jsonContentType() throws Exception {
                                  "message" : "Invalid [Content-Type] HTTP request header value of [application/test+json]. Supported values for this request include [application/json]."
                                } ]
                              }
-                              """);
+                             """);
 
     // Patch not supported on this endpoint
     simulator.test("/json-content-type-no-restriction")
@@ -1981,7 +1987,7 @@ public void post_jsonContentType() throws Exception {
                                  "message" : "The [Content-Type] HTTP request header value of [application/json-patch+json] is not supported for this request."
                                } ]
                              }
-                              """);
+                             """);
 
     // Missing Content-Type Header
     simulator.test("/json-content-type")
@@ -2028,7 +2034,7 @@ public void post_jsonContentType() throws Exception {
                                  "message" : "Invalid [Content-Type] HTTP request header value of [application/klingon]. Supported values for this request include [application/json]."
                                } ]
                              }
-                              """);
+                             """);
 
     // Not supported in general
     simulator.test("/json-content-type-no-restriction")

src/test/web/templates/freemarker/missing-message-template.ftl

@@ -0,0 +1,14 @@
+<html lang="en_US">
+<body>
+<div>
+  Yo, nice template.
+    [#--
+          Use case: We have a template that:
+          1. Is rendered directly from a HTTP GET (/freemarker/missing-message-template), without an action class
+          2. Specifies a message key that does not exist in the action URI search path.
+          3. Tries to specify a default message in case the message key does not exist.
+    --]
+  <span>[@control.message key="testing" default="the default message"/]</span>
+</div>
+</body>
+</html>