From 0e40a1d922755903f2779e8b7e11b11cd9267d7d Mon Sep 17 00:00:00 2001
From: Yang Luo <hsluoyz@qq.com>
Date: Sun, 6 Mar 2022 00:09:57 +0800
Subject: [PATCH] Check application existence in login().

---
 controllers/auth.go | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/controllers/auth.go b/controllers/auth.go
index 186b73c3..ed1e0ede 100644
--- a/controllers/auth.go
+++ b/controllers/auth.go
@@ -204,6 +204,11 @@ func (c *ApiController) Login() {
 			resp = &Response{Status: "error", Msg: msg}
 		} else {
 			application := object.GetApplication(fmt.Sprintf("admin/%s", form.Application))
+			if application == nil {
+				c.ResponseError(fmt.Sprintf("The application: %s does not exist", form.Application))
+				return
+			}
+
 			resp = c.HandleLoggedIn(application, user, &form)
 
 			record := object.NewRecord(c.Ctx)
@@ -213,6 +218,11 @@ func (c *ApiController) Login() {
 		}
 	} else if form.Provider != "" {
 		application := object.GetApplication(fmt.Sprintf("admin/%s", form.Application))
+		if application == nil {
+			c.ResponseError(fmt.Sprintf("The application: %s does not exist", form.Application))
+			return
+		}
+
 		organization := object.GetOrganization(fmt.Sprintf("%s/%s", "admin", application.Organization))
 		provider := object.GetProvider(fmt.Sprintf("admin/%s", form.Provider))
 		providerItem := application.GetProviderItem(provider.Name)
@@ -383,6 +393,11 @@ func (c *ApiController) Login() {
 		if c.GetSessionUsername() != "" {
 			// user already signed in to Casdoor, so let the user click the avatar button to do the quick sign-in
 			application := object.GetApplication(fmt.Sprintf("admin/%s", form.Application))
+			if application == nil {
+				c.ResponseError(fmt.Sprintf("The application: %s does not exist", form.Application))
+				return
+			}
+
 			user := c.getCurrentUser()
 			resp = c.HandleLoggedIn(application, user, &form)
 		} else {