From a6f7ca5abd860c7e235edaf29f64f0ea43c9f1c5 Mon Sep 17 00:00:00 2001
From: Caleb Doxsey <cdoxsey@pomerium.com>
Date: Thu, 29 Jul 2021 16:11:39 -0600
Subject: [PATCH] only check impersonate id on non-nil pbSession

---
 authenticate/handlers.go | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/authenticate/handlers.go b/authenticate/handlers.go
index a04310fdc..ccb17848e 100644
--- a/authenticate/handlers.go
+++ b/authenticate/handlers.go
@@ -453,15 +453,20 @@ func (a *Authenticate) userInfo(w http.ResponseWriter, r *http.Request) error {
 
 	isImpersonated := false
 	pbSession, err := session.Get(ctx, state.dataBrokerClient, s.ID)
-	if pbSession.GetImpersonateSessionId() != "" {
-		pbSession, err = session.Get(ctx, state.dataBrokerClient, pbSession.GetImpersonateSessionId())
-		isImpersonated = true
-	}
 	if err != nil {
 		pbSession = &session.Session{
 			Id: s.ID,
 		}
 	}
+	if pbSession.GetImpersonateSessionId() != "" {
+		pbSession, err = session.Get(ctx, state.dataBrokerClient, pbSession.GetImpersonateSessionId())
+		isImpersonated = true
+		if err != nil {
+			pbSession = &session.Session{
+				Id: s.ID,
+			}
+		}
+	}
 
 	pbUser, err := user.Get(ctx, state.dataBrokerClient, pbSession.GetUserId())
 	if err != nil {