Resolves Auth Warnings (#4642)

* Resolve Auth Warnings * Move Assertion * ClaimsPrincipal is actually nullable
2025-02-23 03:01:23 +01:00 · 2024-08-16 09:32:25 -04:00 · 2024-08-16 09:32:25 -04:00 · abb223aabb
commit abb223aabb
parent 07ef299f1e
5 changed files with 15 additions and 10 deletions
--- a/src/Core/Auth/Models/Api/Request/Accounts/RegisterSendVerificationEmailRequestModel.cs
+++ b/src/Core/Auth/Models/Api/Request/Accounts/RegisterSendVerificationEmailRequestModel.cs
@ -7,9 +7,8 @@ namespace Bit.Core.Auth.Models.Api.Request.Accounts;
 public class RegisterSendVerificationEmailRequestModel
 {
    [StringLength(50)] public string? Name { get; set; }
-    [Required]
    [StrictEmailAddress]
    [StringLength(256)]
-    public string Email { get; set; }
+    public required string Email { get; set; }
    public bool ReceiveMarketingEmails { get; set; }
 }
--- a/src/Core/Auth/Models/Api/Request/Accounts/RegisterVerificationEmailClickedRequestModel.cs
+++ b/src/Core/Auth/Models/Api/Request/Accounts/RegisterVerificationEmailClickedRequestModel.cs
@ -6,12 +6,10 @@ namespace Bit.Core.Auth.Models.Api.Request.Accounts;

 public class RegisterVerificationEmailClickedRequestModel
 {
-    [Required]
    [StrictEmailAddress]
    [StringLength(256)]
-    public string Email { get; set; }
+    public required string Email { get; set; }

-    [Required]
-    public string EmailVerificationToken { get; set; }
+    public required string EmailVerificationToken { get; set; }

 }
--- a/src/Core/Auth/Services/Implementations/AuthRequestService.cs
+++ b/src/Core/Auth/Services/Implementations/AuthRequestService.cs
@ -122,6 +122,7 @@ public class AuthRequestService : IAuthRequestService
                throw new BadRequestException("User does not belong to any organizations.");
            }

+            Debug.Assert(user is not null, "user should have been validated to be non-null and thrown if it's not.");
            // A user event will automatically create logs for each organization/provider this user belongs to.
            await _eventService.LogUserEventAsync(user.Id, EventType.User_RequestedDeviceApproval);

@ -136,6 +137,7 @@ public class AuthRequestService : IAuthRequestService
            return firstAuthRequest!;
        }

+        Debug.Assert(user is not null, "user should have been validated to be non-null and thrown if it's not.");
        var authRequest = await CreateAuthRequestAsync(model, user, organizationId: null);
        await _pushNotificationService.PushAuthRequestAsync(authRequest);
        return authRequest;
--- a/src/Identity/IdentityServer/CustomTokenRequestValidator.cs
+++ b/src/Identity/IdentityServer/CustomTokenRequestValidator.cs
@ -1,4 +1,5 @@
-using System.Security.Claims;
+using System.Diagnostics;
+using System.Security.Claims;
 using Bit.Core.AdminConsole.Services;
 using Bit.Core.Auth.Identity;
 using Bit.Core.Auth.Models.Api.Response;
@ -58,6 +59,7 @@ public class CustomTokenRequestValidator : BaseRequestValidator<CustomTokenReque

    public async Task ValidateAsync(CustomTokenRequestValidationContext context)
    {
+        Debug.Assert(context.Result is not null);
        if (context.Result.ValidatedRequest.GrantType == "refresh_token")
        {
            // Force legacy users to the web for migration
@ -93,6 +95,7 @@ public class CustomTokenRequestValidator : BaseRequestValidator<CustomTokenReque
    protected async override Task<bool> ValidateContextAsync(CustomTokenRequestValidationContext context,
        CustomValidatorRequestContext validatorContext)
    {
+        Debug.Assert(context.Result is not null);
        var email = context.Result.ValidatedRequest.Subject?.GetDisplayName()
                    ?? context.Result.ValidatedRequest.ClientClaims
                        ?.FirstOrDefault(claim => claim.Type == JwtClaimTypes.Email)?.Value;
@ -107,6 +110,7 @@ public class CustomTokenRequestValidator : BaseRequestValidator<CustomTokenReque
    protected override Task SetSuccessResult(CustomTokenRequestValidationContext context, User user,
        List<Claim> claims, Dictionary<string, object> customResponse)
    {
+        Debug.Assert(context.Result is not null);
        context.Result.CustomResponse = customResponse;
        if (claims?.Any() ?? false)
        {
@ -156,14 +160,16 @@ public class CustomTokenRequestValidator : BaseRequestValidator<CustomTokenReque
        return Task.CompletedTask;
    }

-    protected override ClaimsPrincipal GetSubject(CustomTokenRequestValidationContext context)
+    protected override ClaimsPrincipal? GetSubject(CustomTokenRequestValidationContext context)
    {
+        Debug.Assert(context.Result is not null);
        return context.Result.ValidatedRequest.Subject;
    }

    protected override void SetTwoFactorResult(CustomTokenRequestValidationContext context,
        Dictionary<string, object> customResponse)
    {
+        Debug.Assert(context.Result is not null);
        context.Result.Error = "invalid_grant";
        context.Result.ErrorDescription = "Two factor required.";
        context.Result.IsError = true;
@ -173,6 +179,7 @@ public class CustomTokenRequestValidator : BaseRequestValidator<CustomTokenReque
    protected override void SetSsoResult(CustomTokenRequestValidationContext context,
        Dictionary<string, object> customResponse)
    {
+        Debug.Assert(context.Result is not null);
        context.Result.Error = "invalid_grant";
        context.Result.ErrorDescription = "Single Sign on required.";
        context.Result.IsError = true;
@ -182,6 +189,7 @@ public class CustomTokenRequestValidator : BaseRequestValidator<CustomTokenReque
    protected override void SetErrorResult(CustomTokenRequestValidationContext context,
        Dictionary<string, object> customResponse)
    {
+        Debug.Assert(context.Result is not null);
        context.Result.Error = "invalid_grant";
        context.Result.IsError = true;
        context.Result.CustomResponse = customResponse;
--- a/src/Identity/IdentityServer/ResourceOwnerPasswordValidator.cs
+++ b/src/Identity/IdentityServer/ResourceOwnerPasswordValidator.cs
@ -22,7 +22,6 @@ public class ResourceOwnerPasswordValidator : BaseRequestValidator<ResourceOwner
    IResourceOwnerPasswordValidator
 {
    private UserManager<User> _userManager;
-    private readonly IUserService _userService;
    private readonly ICurrentContext _currentContext;
    private readonly ICaptchaValidationService _captchaValidationService;
    private readonly IAuthRequestRepository _authRequestRepository;
@ -55,7 +54,6 @@ public class ResourceOwnerPasswordValidator : BaseRequestValidator<ResourceOwner
              tokenDataFactory, featureService, ssoConfigRepository, userDecryptionOptionsBuilder)
    {
        _userManager = userManager;
-        _userService = userService;
        _currentContext = currentContext;
        _captchaValidationService = captchaValidationService;
        _authRequestRepository = authRequestRepository;