Merge pull request #687 from hmcts/RDCC-6555

addresses Idam returning user with null roles assigned

src/main/java/uk/gov/hmcts/reform/cwrdapi/oidc/JwtGrantedAuthoritiesConverter.java

@@ -12,6 +12,7 @@
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
+import java.util.Optional;
 import java.util.stream.Collectors;
 
 import static java.lang.Boolean.TRUE;
@@ -53,7 +54,8 @@ public Collection<GrantedAuthority> convert(Jwt jwt) {
     }
 
     private List<GrantedAuthority> extractAuthorityFromClaims(List<String> roles) {
-        return roles.stream()
+        return Optional.ofNullable(roles).orElse(new ArrayList<>())
+                .stream()
                 .map(SimpleGrantedAuthority::new)
                 .collect(Collectors.toList());
     }

src/test/java/uk/gov/hmcts/reform/cwrdapi/oidc/JwtGrantedAuthoritiesConverterTest.java

@@ -116,4 +116,25 @@ void test_shouldReturnEmptyAuthoritiesWhenIdamReturnsUsers() {
         assertNotNull(userInfo);
     }
 
+    @Test
+    void test_shouldReturnEmptyAuthoritiesWhenIdamReturnsUsersWithNullRoles() {
+        List<String> roles = null;
+
+        when(jwtMock.hasClaim(anyString())).thenReturn(true);
+        when(jwtMock.getClaim(anyString())).thenReturn("access_token");
+        when(jwtMock.getTokenValue()).thenReturn("access_token");
+        when(userInfoMock.getRoles()).thenReturn(roles);
+        when(idamRepositoryMock.getUserInfo(anyString())).thenReturn(userInfoMock);
+
+        Collection<GrantedAuthority> authorities = converter.convert(jwtMock);
+
+        assertNotNull(authorities);
+        assertEquals(0, authorities.size());
+        verify(jwtMock, times(1)).hasClaim(anyString());
+        verify(jwtMock, times(1)).getClaim(anyString());
+        verify(jwtMock, times(1)).getTokenValue();
+        verify(userInfoMock, times(1)).getRoles();
+        verify(idamRepositoryMock, times(1)).getUserInfo(anyString());
+    }
+
 }