From c261445f83eb7a76555abefcd5834593f8988428 Mon Sep 17 00:00:00 2001
From: davidadeleon <56207066+davidadeleon@users.noreply.github.com>
Date: Wed, 26 Apr 2023 16:52:39 -0400
Subject: [PATCH] add nil check for mfa enforcement config namespace on login
 (#20375)

* add nil check for mfa enforcement config ns

* move nil check and add changelog
---
 changelog/20375.txt | 3 +++
 vault/login_mfa.go  | 3 ++-
 2 files changed, 5 insertions(+), 1 deletion(-)
 create mode 100644 changelog/20375.txt

diff --git a/changelog/20375.txt b/changelog/20375.txt
new file mode 100644
index 000000000000..92caf1e57642
--- /dev/null
+++ b/changelog/20375.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+core: prevent panic on login after namespace is deleted that had mfa enforcement
+```
\ No newline at end of file
diff --git a/vault/login_mfa.go b/vault/login_mfa.go
index 9a210983101d..780c1fe39431 100644
--- a/vault/login_mfa.go
+++ b/vault/login_mfa.go
@@ -1788,7 +1788,8 @@ ECONFIG_LOOP:
 		if err != nil {
 			return nil, fmt.Errorf("failed to find the MFAEnforcementConfig namespace")
 		}
-		if eConfig == nil || (eConfigNS.ID != ns.ID && !ns.HasParent(eConfigNS)) {
+
+		if eConfig == nil || eConfigNS == nil || (eConfigNS.ID != ns.ID && !ns.HasParent(eConfigNS)) {
 			continue
 		}