[PM-2740] Add null check on base64-encoded values on knowndevice query (#3586)

* Added null check on header-based knowndevice call to match query-string implementation.

* Updated to use model binding instead of individual inputs.

* Linting.

src/Api/Controllers/DevicesController.cs

@@ -1,4 +1,5 @@
-using Bit.Api.Auth.Models.Request;
+using Api.Models.Request;
+using Bit.Api.Auth.Models.Request;
 using Bit.Api.Auth.Models.Request.Accounts;
 using Bit.Api.Models.Request;
 using Bit.Api.Models.Response;
@@ -206,10 +207,8 @@ public class DevicesController : Controller
 
     [AllowAnonymous]
     [HttpGet("knowndevice")]
-    public async Task<bool> GetByIdentifierQuery(
+    public async Task<bool> GetByIdentifierQuery([FromHeader] KnownDeviceRequestModel request)
-        [FromHeader(Name = "X-Request-Email")] string email,
+        => await GetByIdentifier(CoreHelpers.Base64UrlDecodeString(request.Email), request.DeviceIdentifier);
-        [FromHeader(Name = "X-Device-Identifier")] string deviceIdentifier)
-        => await GetByIdentifier(CoreHelpers.Base64UrlDecodeString(email), deviceIdentifier);
 
     [Obsolete("Path is deprecated due to encoding issues, use /knowndevice instead.")]
     [AllowAnonymous]

src/Api/Models/Request/KnownDeviceRequestModel.cs

@@ -0,0 +1,16 @@
+using System.ComponentModel.DataAnnotations;
+using Microsoft.AspNetCore.Mvc;
+
+namespace Api.Models.Request;
+
+public class KnownDeviceRequestModel
+{
+    [Required]
+    [FromHeader(Name = "X-Request-Email")]
+    public string Email { get; set; }
+
+    [Required]
+    [FromHeader(Name = "X-Device-Identifier")]
+    public string DeviceIdentifier { get; set; }
+
+}