Handle null user in captch tokenable (#1897)

* Handle null user in captch tokenable * Update test/Core.Test/Models/Business/Tokenables/HCaptchaTokenableTests.cs Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com> Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
2025-01-10 20:07:56 +01:00 · 2022-03-08 09:21:54 -05:00 · 2022-03-08 09:21:54 -05:00 · a725802476
commit a725802476
parent 4deb138fd9
2 changed files with 39 additions and 2 deletions
--- a/src/Core/Models/Business/Tokenables/HCaptchaTokenable.cs
+++ b/src/Core/Models/Business/Tokenables/HCaptchaTokenable.cs
@ -24,12 +24,17 @@ namespace Bit.Core.Models.Business.Tokenables

        public HCaptchaTokenable(User user) : this()
        {
-            Id = user.Id;
-            Email = user.Email;
+            Id = user?.Id ?? default;
+            Email = user?.Email;
        }

        public bool TokenIsValid(User user)
        {
+            if (Id == default || Email == default || user == null)
+            {
+                return false;
+            }
+
            return Id == user.Id &&
            Email.Equals(user.Email, StringComparison.InvariantCultureIgnoreCase);
        }
--- a/test/Core.Test/Models/Business/Tokenables/HCaptchaTokenableTests.cs
+++ b/test/Core.Test/Models/Business/Tokenables/HCaptchaTokenableTests.cs
@ -3,12 +3,44 @@ using AutoFixture.Xunit2;
 using Bit.Core.Entities;
 using Bit.Core.Models.Business.Tokenables;
 using Bit.Core.Tokens;
+using Bit.Test.Common.AutoFixture.Attributes;
 using Xunit;

 namespace Bit.Core.Test.Models.Business.Tokenables
 {
    public class HCaptchaTokenableTests
    {
+        [Fact]
+        public void CanHandleNullUser()
+        {
+            var token = new HCaptchaTokenable(null);
+
+            Assert.Equal(default, token.Id);
+            Assert.Equal(default, token.Email);
+        }
+
+        [Fact]
+        public void TokenWithNullUserIsInvalid()
+        {
+            var token = new HCaptchaTokenable(null)
+            {
+                ExpirationDate = DateTime.UtcNow + TimeSpan.FromDays(1)
+            };
+
+            Assert.False(token.Valid);
+        }
+
+        [Theory, BitAutoData]
+        public void TokenValidityCheckNullUserIdIsInvalid(User user)
+        {
+            var token = new HCaptchaTokenable(user)
+            {
+                ExpirationDate = DateTime.UtcNow + TimeSpan.FromDays(1)
+            };
+
+            Assert.False(token.TokenIsValid(null));
+        }
+
        [Theory, AutoData]
        public void CanUpdateExpirationToNonStandard(User user)
        {