NPE in EmailOTP Authenticator when context.isRetrying() is true

[ratnajothy]

Describe the issue: Refer $title

ERROR {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - Exception in Authentication Framework java.lang.NullPointerException
        at org.wso2.carbon.identity.authenticator.emailotp.EmailOTPAuthenticator.publishPostEmailOTPValidatedEvent(EmailOTPAuthenticator.java:2939)
        at org.wso2.carbon.identity.authenticator.emailotp.EmailOTPAuthenticator.process(EmailOTPAuthenticator.java:212)
        at org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler.doAuthentication(DefaultStepHandler.java:512)
        at org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler.handle(DefaultStepHandler.java:268)
        at org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.GraphBasedSequenceHandler.handleAuthenticationStep(GraphBasedSequenceHandler.java:431)
        at org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.GraphBasedSequenceHandler.handleNode(GraphBasedSequenceHandler.java:174)
        at org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl.GraphBasedSequenceHandler.handle(GraphBasedSequenceHandler.java:129)
        at org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler.handle(DefaultAuthenticationRequestHandler.java:186)
        at org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator.handle(DefaultRequestCoordinator.java:250)
        at org.wso2.carbon.identity.application.authentication.framework.servlet.CommonAuthenticationServlet.doPost(CommonAuthenticationServlet.java:53)
        ...

This reason is OTP_GENERATED_TIME is null [1], since context.isRetrying() is true and, so these [2] properties don't set.

[1] https://github.com/wso2-extensions/identity-outbound-auth-email-otp/blob/46286e469b906838d1702ca209447b4cac582ea4/component/authenticator/src/main/java/org/wso2/carbon/identity/authenticator/emailotp/EmailOTPAuthenticator.java#L2722
[2] https://github.com/wso2-extensions/identity-outbound-auth-email-otp/blob/46286e469b906838d1702ca209447b4cac582ea4/component/authenticator/src/main/java/org/wso2/carbon/identity/authenticator/emailotp/EmailOTPAuthenticator.java#L1011-L1012

How to reproduce:
Add MFA as follows,
Step 1 => Basic Auth
Step 2 => SMS OTP
Step 3 => Email OTP and add the below script to executeStep(3) on failure of Step 2.

var onLoginRequest = function(context) {
    executeStep(1, {
        onSuccess: function (context) {
            executeStep(2, {
                onFail: function (context) {
                    executeStep(3);
                }
            });
        }        
    });
};

When entering incorrect SMS OTP, the error occurs without navigating to EmailOTP.

Expected behaviour:
executeStep(3) without exceptions.

Environment information:

• Product Version: IS 5.10.0

[darksoul96]

This issue is still reproducible in v7.0.0 in latest update level

[KD23243]

@darksoul96 Hi, According to this issue, and this comment Isn't this the expected behaviour?

I also couldn't reproduce the NPE. Can you provide me the exact steps to reproduce? Thanks

Screen.Recording.2025-01-23.at.7.22.28.PM.mov