Add null check for userId field

satheeshms · ebyhr · commit 52a1d2a9a741 · 2025-07-16T11:26:22.000+09:00
diff --git a/gateway-ha/src/main/java/io/trino/gateway/ha/security/LbAuthenticator.java b/gateway-ha/src/main/java/io/trino/gateway/ha/security/LbAuthenticator.java
@@ -51,7 +51,12 @@ public Optional<LbPrincipal> authenticate(String idToken)
         Optional<String> privilegesField = oauthManager.getPrivilegesField();
         if (privilegesField.isPresent()) {
             Map<String, Claim> claims = oauthManager.getClaimsFromIdToken(idToken).orElseThrow();
-            String userId = claims.get(userIdField).asString().replace("\"", "");
+            Claim userIdClaim = claims.get(userIdField);
+            if (userIdClaim == null) {
+                log.error("Required userId field %s not found", userIdField);
+                throw new AuthenticationException("UserId field does not exist");
+            }
+            String userId = userIdClaim.asString().replace("\"", "");
 
             Claim claim = claims.get(privilegesField.orElseThrow());
             if (claim == null) {
diff --git a/gateway-ha/src/test/java/io/trino/gateway/ha/security/TestLbAuthenticator.java b/gateway-ha/src/test/java/io/trino/gateway/ha/security/TestLbAuthenticator.java
@@ -176,6 +176,26 @@ void testAuthenticatorMissingClaim()
         assertThat(lbAuth.authenticate(ID_TOKEN)).isEmpty();
     }
 
+    @Test
+    void testAuthenticatorUserIdFieldNotExist()
+    {
+        Claim claim = Mockito.mock(Claim.class);
+        AuthorizationManager authorization = Mockito.mock(AuthorizationManager.class);
+        LbOAuthManager authentication = Mockito.mock(LbOAuthManager.class);
+
+        Mockito.when(authentication.getClaimsFromIdToken(ID_TOKEN))
+                .thenReturn(Optional.of(Map.of("no-sub", claim)));
+        Mockito.when(authentication.getUserIdField())
+                .thenReturn("sub");
+        Mockito.when(authentication.getPrivilegesField())
+                .thenReturn(Optional.of("role_list"));
+
+        LbAuthenticator lbAuth = new LbAuthenticator(authentication, authorization);
+
+        assertThatThrownBy(() -> lbAuth.authenticate(ID_TOKEN))
+                .hasMessageStartingWith("UserId field does not exist");
+    }
+
     @Test
     void testPresetUsers()
             throws Exception
