From beec2ecf79b04fb2a1b3502a66af317331b4b164 Mon Sep 17 00:00:00 2001
From: k-tamura <ktamura.biz.80@gmail.com>
Date: Mon, 23 Dec 2019 18:32:26 +0900
Subject: [PATCH] Avoid NPE

---
 .../vulnerabilities/VulnerableOIDCRPController.java       | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/main/java/org/t246osslab/easybuggy4sb/vulnerabilities/VulnerableOIDCRPController.java b/src/main/java/org/t246osslab/easybuggy4sb/vulnerabilities/VulnerableOIDCRPController.java
index 65792db..4c63ec5 100644
--- a/src/main/java/org/t246osslab/easybuggy4sb/vulnerabilities/VulnerableOIDCRPController.java
+++ b/src/main/java/org/t246osslab/easybuggy4sb/vulnerabilities/VulnerableOIDCRPController.java
@@ -294,9 +294,11 @@ private void changeNextPageToUserInfo(ModelAndView mav, Locale locale, Map<?, ?>
 			Map<?, ?> fromJson = new Gson().fromJson(e.getContent(), Map.class);
 			if (e.getStatusCode() == 401 && fromJson != null && "invalid_token".equals(fromJson.get("error"))) {
 				TokenResponse tokenRes = refreshTokens((String) ses.getAttribute("refreshToken"));
-				ses.setAttribute("accessToken", tokenRes.getAccessToken());
-				ses.setAttribute("refreshToken", tokenRes.getRefreshToken());
-				return getUserInfo(ses);
+				if (tokenRes != null) {
+					ses.setAttribute("accessToken", tokenRes.getAccessToken());
+					ses.setAttribute("refreshToken", tokenRes.getRefreshToken());
+					return getUserInfo(ses);
+				}
 			} else {
 				log.error("Userinfo request failed.", e);
 			}