This commit is contained in:
Suresh Kumar Anaparti 2026-07-04 15:36:29 +01:00 committed by GitHub
commit 295c2cb33c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 13 additions and 6 deletions

View File

@ -3240,7 +3240,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
ApiKeyPair keyPair;
if (accessingApiKey != null) {
ApiKeyPair accessingKeyPair = apiKeyPairService.findByApiKey(accessingApiKey);
if (userId == accessingKeyPair.getUserId()) {
if (accessingKeyPair != null && userId == accessingKeyPair.getUserId()) {
keyPair = apiKeyPairService.findByApiKey(accessingApiKey);
} else {
keyPair = _accountService.getLatestUserKeyPair(userId);
@ -3358,6 +3358,10 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
return Boolean.TRUE;
}
ApiKeyPair accessingKeyPair = apiKeyPairService.findByApiKey(apiKey);
if (accessingKeyPair == null) {
logger.warn("Unable to find API key pair for the accessing API key: {}", apiKey);
return Boolean.TRUE;
}
return isApiKeySupersetOfPermission(new ArrayList<>(getAllKeypairPermissions(accessingKeyPair.getApiKey())), new ArrayList<>(getAllKeypairPermissions(accessedKeyPair.getApiKey())));
}
@ -3373,7 +3377,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
return accessingApiKey;
}
} catch (NullPointerException e) {
logger.info("Accessing API through session.");
logger.info("Accessing API through session.", e);
}
return null;
}
@ -3620,6 +3624,10 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
throw new InvalidParameterValueException("API key not present in the request's URL and, thus, unable to fetch API key rules.");
}
ApiKeyPair apiKeyPair = keyPairManager.findByApiKey(apiKey);
if (apiKeyPair == null) {
logger.warn("Unable to find API key pair by API key: {}", apiKey);
return new ArrayList<>();
}
Account account = _accountDao.findById(apiKeyPair.getAccountId());
List<ApiKeyPairPermission> keyPairPermissions = keyPairManager.findAllPermissionsByKeyPairId(apiKeyPair.getId(), account.getRoleId());
return new ArrayList<>(keyPairPermissions);
@ -3886,12 +3894,11 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
@Override
public UserAccount getUserByApiKey(String apiKey) {
ApiKeyPairVO keyPair = apiKeyPairDao.findByApiKey(apiKey);
if (keyPair == null) {
return null;
if (keyPair != null) {
return userAccountDao.findById(keyPair.getUserId());
}
return userAccountDao.findById(keyPair.getUserId());
return null;
}
@Override