Details
-
Bug
-
Status: Resolved
-
Minor
-
Resolution: Not A Problem
-
1.2.2
-
None
-
None
-
AEM 6.1
Description
Starting at line 193 in Version 1.2.2 which shipped with AEM 6.1 this code can never be reached.
sId = syncHandler.findIdentity(userMgr, userId);
// if there exists an authorizable with the given userid but is
// not an external one or if it belongs to another IDP, we just ignore it.
if (sId != null) {
Line 193 ExternalIdentityRef externalIdRef = sId.getExternalIdRef();
if (externalIdRef == null) {
Because when no ExternalReference is present sId will be null.
See https://github.com/apache/jackrabbit-oak/blob/jackrabbit-oak-1.2.2/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DefaultSyncHandler.java#L187
Instead of being null it should return a SyncedIdentity with the ExternalIdRef set to null.
As far as I can see the same bug still exists in the current trunk see
and