UserService.findByLoginAndPassword(): fixed possible NPE.

Correctly handle situation when user have null as hash or salt.

Author: php-coder

src/main/java/ru/mystamps/web/service/UserService.java

@@ -127,7 +127,19 @@ public User findByLoginAndPassword(final String login, final String password) {
 			return null;
 		}
 
-		if (!user.getHash().equals(computeSha1Sum(user.getSalt() + password))) {
+		final String hash = user.getHash();
+		if (hash == null) {
+			log.warn("User with login '{}' and id={} has null hash!", login, user.getId());
+			return null;
+		}
+		
+		final String salt = user.getSalt();
+		if (salt == null) {
+			log.warn("User with login '{}' and id={} has null salt!", login, user.getId());
+			return null;
+		}
+		
+		if (!hash.equals(computeSha1Sum(salt + password))) {
 			log.info("Wrong password for login '{}'", login);
 			return null;
 		}

src/test/java/ru/mystamps/web/service/UserServiceTest.java

@@ -286,6 +286,26 @@ public void findByLoginAndPasswordShouldReturnUserForValidCredentials() {
 		//assertThat(user).isEqualTo(resultUser);
 	}
 
+	@Test
+	public void findByLoginAndPasswordShouldReturnNullWhenUserHasNullSalt() {
+		final User resultUser = getValidUser();
+		resultUser.setSalt(null);
+		when(userDao.findByLogin(anyString())).thenReturn(resultUser);
+		
+		final User user = service.findByLoginAndPassword(null, TEST_PASSWORD);
+		assertThat(user).isNull();
+	}
+	
+	@Test
+	public void findByLoginAndPasswordShouldReturnNullWhenUserHasNullHash() {
+		final User resultUser = getValidUser();
+		resultUser.setHash(null);
+		when(userDao.findByLogin(anyString())).thenReturn(resultUser);
+		
+		final User user = service.findByLoginAndPassword(null, TEST_PASSWORD);
+		assertThat(user).isNull();
+	}
+	
 	private User getValidUser() {
 		final User user = new User();
 		user.setId(777);