From e9884edf1982ee76869b4a044abee845a2e68814 Mon Sep 17 00:00:00 2001
From: Nanne Baars <nanne.baars@owasp.org>
Date: Thu, 23 Mar 2017 21:46:21 +0100
Subject: [PATCH] Fixed exception while logging in with unknown user

---
 .../org/owasp/webgoat/users/UserService.java  |  6 ++++-
 .../owasp/webgoat/users/UserServiceTest.java  | 25 +++++++++++++++++++
 2 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 webgoat-container/src/test/java/org/owasp/webgoat/users/UserServiceTest.java

diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java b/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java
index 7e153f81c..15a6cf6d4 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java
@@ -19,7 +19,11 @@ public class UserService implements UserDetailsService {
     @Override
     public WebGoatUser loadUserByUsername(String username) throws UsernameNotFoundException {
         WebGoatUser webGoatUser = userRepository.findByUsername(username);
-        webGoatUser.createUser();
+        if (webGoatUser == null) {
+            throw new UsernameNotFoundException("User not found");
+        } else {
+            webGoatUser.createUser();
+        }
         return webGoatUser;
     }
 
diff --git a/webgoat-container/src/test/java/org/owasp/webgoat/users/UserServiceTest.java b/webgoat-container/src/test/java/org/owasp/webgoat/users/UserServiceTest.java
new file mode 100644
index 000000000..15606b7e8
--- /dev/null
+++ b/webgoat-container/src/test/java/org/owasp/webgoat/users/UserServiceTest.java
@@ -0,0 +1,25 @@
+package org.owasp.webgoat.users;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.runners.MockitoJUnitRunner;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+
+import static org.mockito.Matchers.any;
+import static org.mockito.Mockito.when;
+
+@RunWith(MockitoJUnitRunner.class)
+public class UserServiceTest {
+
+    @Mock
+    private UserRepository userRepository;
+
+    @Test(expected = UsernameNotFoundException.class)
+    public void shouldThrowExceptionWhenUserIsNotFound() {
+        when(userRepository.findByUsername(any())).thenReturn(null);
+        UserService userService = new UserService(userRepository);
+        userService.loadUserByUsername("unknown");
+    }
+
+}
\ No newline at end of file