fix: add guard check in case factor, session, or user are missing (su…

…pabase#1099) Aims to prevent the existing issue where the session seems to be lost and a null pointer execption is raised. HS ID: 1575266879 The root cause is still unidentified and we have only been able to reproduce once. Hoping that with the guard check we can flag more instances. Last recorded occurrence was in April We will follow up with the user to see if there are any repeat occurences --------- Co-authored-by: [email protected] <[email protected]>
LashaJini · Nov 15, 2024 · f175e00 · f175e00
1 parent b861f1c
commit f175e00
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/internal/api/mfa.go b/internal/api/mfa.go
@@ -300,6 +300,9 @@ func (a *API) UnenrollFactor(w http.ResponseWriter, r *http.Request) error {
 	user := getUser(ctx)
 	factor := getFactor(ctx)
 	session := getSession(ctx)
+	if factor == nil || session == nil || user == nil {
+		return internalServerError("A valid session and factor are required to unenroll a factor")
+	}
 
 	if factor.IsVerified() && !session.IsAAL2() {
 		return badRequestError("AAL2 required to unenroll verified factor")