From d251dc81e7c066d59d297325685b34ae9bb3d9a4 Mon Sep 17 00:00:00 2001
From: Jonathan Cobb <jonathan@kyuss.org>
Date: Fri, 7 Feb 2020 14:32:38 -0500
Subject: [PATCH] avoid NPE when user is null

---
 .../src/main/java/bubble/filters/BubbleRateLimitFilter.java   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/bubble-server/src/main/java/bubble/filters/BubbleRateLimitFilter.java b/bubble-server/src/main/java/bubble/filters/BubbleRateLimitFilter.java
index dcbfe11b..7f8a5a7b 100644
--- a/bubble-server/src/main/java/bubble/filters/BubbleRateLimitFilter.java
+++ b/bubble-server/src/main/java/bubble/filters/BubbleRateLimitFilter.java
@@ -34,8 +34,8 @@ public class BubbleRateLimitFilter extends RateLimitFilter {
     // super-admins have unlimited API usage. helpful when populating models
     @Override protected boolean allowUnlimitedUse(Principal user, ContainerRequestContext request) {
         try {
-            final boolean allowUnlimited = ((Account) user).admin() || request.getUriInfo().getPath().startsWith(getFilterPrefix());
-            if (log.isTraceEnabled()) log.trace("allowUnlimitedUse: allowUnlimited="+allowUnlimited+", admin="+((Account) user).admin()+", path="+request.getUriInfo().getPath()+", filterPrefix="+getFilterPrefix());
+            final boolean allowUnlimited = (user != null && ((Account) user).admin()) || request.getUriInfo().getPath().startsWith(getFilterPrefix());
+            if (log.isTraceEnabled()) log.trace("allowUnlimitedUse: allowUnlimited="+allowUnlimited+", admin="+(user == null ? "null" : ""+((Account) user).admin())+", path="+request.getUriInfo().getPath()+", filterPrefix="+getFilterPrefix());
             return allowUnlimited;
         } catch (Exception e) {
             log.warn("allowUnlimitedUse: "+shortError(e));