From bb79224f6b59d71098863ada728623bd728df6ff Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Mon, 23 Sep 2013 10:53:27 -0400
Subject: [PATCH] Fix potential NPE in cookie retrieval

---
 src/main/java/com/gitblit/ConfigUserService.java |   17 +++++++++++++++++
 1 files changed, 17 insertions(+), 0 deletions(-)

diff --git a/src/main/java/com/gitblit/ConfigUserService.java b/src/main/java/com/gitblit/ConfigUserService.java
index f2bd7b8..2475b9a 100644
--- a/src/main/java/com/gitblit/ConfigUserService.java
+++ b/src/main/java/com/gitblit/ConfigUserService.java
@@ -92,6 +92,8 @@
 	
 	private static final String STARRED = "starred";
 	
+	private static final String LOCALE = "locale";
+
 	private final File realmFile;
 
 	private final Logger logger = LoggerFactory.getLogger(ConfigUserService.class);
@@ -186,6 +188,9 @@
 		}
 		read();
 		UserModel storedModel = users.get(model.username.toLowerCase());
+		if (storedModel == null) {
+			return null;
+		}
 		return storedModel.cookie;
 	}
 
@@ -205,6 +210,12 @@
 		UserModel model = null;
 		if (cookies.containsKey(hash)) {
 			model = cookies.get(hash);
+		}
+		
+		if (model != null) {
+			// clone the model, otherwise all changes to this object are
+			// live and unpersisted
+			model = DeepCopier.copy(model);
 		}
 		return model;
 	}
@@ -849,6 +860,11 @@
 			if (!StringUtils.isEmpty(model.countryCode)) {
 				config.setString(USER, model.username, COUNTRYCODE, model.countryCode);
 			}
+			if (model.getPreferences() != null) {
+				if (!StringUtils.isEmpty(model.getPreferences().locale)) {
+					config.setString(USER, model.username, LOCALE, model.getPreferences().locale);
+				}
+			}
 
 			// user roles
 			List<String> roles = new ArrayList<String>();
@@ -1010,6 +1026,7 @@
 					user.stateProvince = config.getString(USER, username, STATEPROVINCE);
 					user.countryCode = config.getString(USER, username, COUNTRYCODE);
 					user.cookie = config.getString(USER, username, COOKIE);
+					user.getPreferences().locale = config.getString(USER, username, LOCALE);	
 					if (StringUtils.isEmpty(user.cookie) && !StringUtils.isEmpty(user.password)) {
 						user.cookie = StringUtils.getSHA1(user.username + user.password);
 					}

--
Gitblit v1.9.1