fix(auth): handling logged-in user with no roles (#1589)

Fix #1586

client/src/containers/Login/Login.jsx

@@ -68,18 +68,22 @@ class Login extends Form {
     const currentUserData = res.data;
 
     if (currentUserData.logged) {
-      sessionStorage.setItem('login', true);
-      sessionStorage.setItem('user', currentUserData.username);
-      sessionStorage.setItem('roles', organizeRoles(currentUserData.roles));
-
-      const returnTo = sessionStorage.getItem('returnTo');
-      sessionStorage.removeItem('returnTo');
-
-      this.props.history.push({
-        pathname: returnTo || '/ui'
-      });
-
-      window.location.reload(true);
+      if (currentUserData.roles) {
+        sessionStorage.setItem('login', true);
+        sessionStorage.setItem('user', currentUserData.username);
+        sessionStorage.setItem('roles', organizeRoles(currentUserData.roles));
+
+        const returnTo = sessionStorage.getItem('returnTo');
+        sessionStorage.removeItem('returnTo');
+
+        this.props.history.push({
+          pathname: returnTo || '/ui'
+        });
+
+        window.location.reload(true);
+      } else {
+        toast.error('User logged in but no roles assigned');
+      }
     } else {
       toast.error('Wrong Username or Password!');
     }

src/main/java/org/akhq/controllers/AbstractController.java

@@ -60,7 +60,8 @@ protected List<Group> getUserGroups() {
             .collect(Collectors.toList());
 
         // Add the default group if there is one
-        if (groupBindings.isEmpty() && StringUtils.isNotEmpty(securityProperties.getDefaultGroup())) {
+        if (groupBindings.isEmpty() && StringUtils.isNotEmpty(securityProperties.getDefaultGroup())
+            && securityProperties.getGroups().get(securityProperties.getDefaultGroup()) != null) {
             groupBindings.addAll(securityProperties.getGroups().get(securityProperties.getDefaultGroup()));
         }