From 5b1d8c723ab7db2aafec7583fff054c27125f29e Mon Sep 17 00:00:00 2001
From: Matt Gibson <mgibson@bitwarden.com>
Date: Tue, 19 Oct 2021 09:48:23 -0500
Subject: [PATCH] Early return default on null user (#1645)

Clearly, no known device exists for an unknown user.
---
 src/Core/IdentityServer/BaseRequestValidator.cs | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/Core/IdentityServer/BaseRequestValidator.cs b/src/Core/IdentityServer/BaseRequestValidator.cs
index 9b6da5e4e..7eb9052ad 100644
--- a/src/Core/IdentityServer/BaseRequestValidator.cs
+++ b/src/Core/IdentityServer/BaseRequestValidator.cs
@@ -474,9 +474,15 @@ namespace Bit.Core.IdentityServer
         protected async Task<bool> KnownDeviceAsync(User user, ValidatedTokenRequest request) =>
             (await GetKnownDeviceAsync(user, request)) != default;
 
-        protected async Task<Device> GetKnownDeviceAsync(User user, ValidatedTokenRequest request) =>
-            await _deviceRepository.GetByIdentifierAsync(GetDeviceFromRequest(request).Identifier, user.Id);
+        protected async Task<Device> GetKnownDeviceAsync(User user, ValidatedTokenRequest request)
+        {
+            if (user == null)
+            {
+                return default;
+            }
 
+            return await _deviceRepository.GetByIdentifierAsync(GetDeviceFromRequest(request).Identifier, user.Id);
+        }
         private async Task<Device> SaveDeviceAsync(User user, ValidatedTokenRequest request)
         {
             var device = GetDeviceFromRequest(request);