Fixed exception while logging in with unknown user

webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java

@@ -19,7 +19,11 @@ public class UserService implements UserDetailsService {
     @Override
     public WebGoatUser loadUserByUsername(String username) throws UsernameNotFoundException {
         WebGoatUser webGoatUser = userRepository.findByUsername(username);
-        webGoatUser.createUser();
+        if (webGoatUser == null) {
+            throw new UsernameNotFoundException("User not found");
+        } else {
+            webGoatUser.createUser();
+        }
         return webGoatUser;
     }
 

webgoat-container/src/test/java/org/owasp/webgoat/users/UserServiceTest.java

@@ -0,0 +1,25 @@
+package org.owasp.webgoat.users;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.runners.MockitoJUnitRunner;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+
+import static org.mockito.Matchers.any;
+import static org.mockito.Mockito.when;
+
+@RunWith(MockitoJUnitRunner.class)
+public class UserServiceTest {
+
+    @Mock
+    private UserRepository userRepository;
+
+    @Test(expected = UsernameNotFoundException.class)
+    public void shouldThrowExceptionWhenUserIsNotFound() {
+        when(userRepository.findByUsername(any())).thenReturn(null);
+        UserService userService = new UserService(userRepository);
+        userService.loadUserByUsername("unknown");
+    }
+
+}