2026-05-19 09:23:03 +02:00
2 changed files with 22 additions and 0 deletions
--- a/backend/src/main/java/org/raddatz/familienarchiv/auth/AuthService.java
+++ b/backend/src/main/java/org/raddatz/familienarchiv/auth/AuthService.java
@@ -75,6 +75,7 @@ public class AuthService {
    }

    public int revokeOtherSessions(String currentSessionId, String principalName) {
+        if (sessionRepository == null) return 0;
        int count = 0;
        for (String id : sessionRepository.findByPrincipalName(principalName).keySet()) {
            if (!id.equals(currentSessionId)) {
@@ -86,6 +87,7 @@ public class AuthService {
    }

    public int revokeAllSessions(String principalName) {
+        if (sessionRepository == null) return 0;
        var sessions = sessionRepository.findByPrincipalName(principalName);
        sessions.keySet().forEach(sessionRepository::deleteById);
        return sessions.size();
--- a/backend/src/test/java/org/raddatz/familienarchiv/auth/AuthServiceTest.java
+++ b/backend/src/test/java/org/raddatz/familienarchiv/auth/AuthServiceTest.java
@@ -214,4 +214,24 @@ class AuthServiceTest {
        verify(sessionRepository).deleteById("session-1");
        verify(sessionRepository).deleteById("session-2");
    }
+
+    // ─── null-guard when sessionRepository is unavailable ────────────────────
+
+    @Test
+    void revokeAllSessions_returns_zero_when_sessionRepository_is_null() {
+        ReflectionTestUtils.setField(authService, "sessionRepository", null);
+
+        int count = authService.revokeAllSessions("user@test.de");
+
+        assertThat(count).isEqualTo(0);
+    }
+
+    @Test
+    void revokeOtherSessions_returns_zero_when_sessionRepository_is_null() {
+        ReflectionTestUtils.setField(authService, "sessionRepository", null);
+
+        int count = authService.revokeOtherSessions("session-keep", "user@test.de");
+
+        assertThat(count).isEqualTo(0);
+    }
 }