fix: prevent nre in user controllers (#1628)

* fix: prevent nre in user controllers

* fix: prevent nre in user controllers

Intersect.Server/Web/RestApi/Routes/V1/UserController.cs

@@ -159,7 +159,7 @@ public object RegisterUser([FromBody] UserInfo user)
                 }
                 else
                 {
-                    DbInterface.CreateAccount(null, user.Username, user.Password.ToUpper().Trim(), user.Email);
+                    DbInterface.CreateAccount(null, user.Username, user.Password?.ToUpperInvariant()?.Trim(), user.Email);
 
                     return new
                     {
@@ -575,7 +575,7 @@ public object UserChangeEmailByName(string userName, [FromBody] AuthorizedChange
                 return Request.CreateErrorResponse(HttpStatusCode.NotFound, $@"No user with name '{userName}'.");
             }
 
-            if (!user.IsPasswordValid(authorizedChange.Authorization.ToUpper().Trim()))
+            if (!user.IsPasswordValid(authorizedChange.Authorization?.ToUpperInvariant()?.Trim()))
             {
                 return Request.CreateErrorResponse(HttpStatusCode.Forbidden, @"Invalid credentials.");
             }
@@ -619,7 +619,7 @@ public object UserChangeEmailById(Guid userId, [FromBody] AuthorizedChange autho
                 return Request.CreateErrorResponse(HttpStatusCode.NotFound, $@"No user with id '{userId}'.");
             }
 
-            if (!user.IsPasswordValid(authorizedChange.Authorization.ToUpper().Trim()))
+            if (!user.IsPasswordValid(authorizedChange.Authorization?.ToUpperInvariant()?.Trim()))
             {
                 return Request.CreateErrorResponse(HttpStatusCode.Forbidden, @"Invalid credentials.");
             }
@@ -653,7 +653,7 @@ public object UserValidatePasswordByName(string userName, [FromBody] PasswordVal
                 return Request.CreateErrorResponse(HttpStatusCode.BadRequest, @"No password provided.");
             }
 
-            if (!Regex.IsMatch(data.Password.ToUpper().Trim(), "^[0-9A-Fa-f]{64}$", RegexOptions.Compiled))
+            if (!Regex.IsMatch(data.Password?.ToUpperInvariant()?.Trim(), "^[0-9A-Fa-f]{64}$", RegexOptions.Compiled))
             {
                 return Request.CreateErrorResponse(HttpStatusCode.BadRequest, @"Did not receive a valid password.");
             }
@@ -665,7 +665,7 @@ public object UserValidatePasswordByName(string userName, [FromBody] PasswordVal
                 return Request.CreateErrorResponse(HttpStatusCode.NotFound, $@"No user with name '{userName}'.");
             }
 
-            if (user.IsPasswordValid(data.Password.ToUpper().Trim()))
+            if (user.IsPasswordValid(data.Password?.ToUpperInvariant()?.Trim()))
             {
                 return Request.CreateMessageResponse(HttpStatusCode.OK, "Password Correct");
             }
@@ -687,7 +687,7 @@ public object UserValidatePasswordById(Guid userId, [FromBody] PasswordValidatio
                 return Request.CreateErrorResponse(HttpStatusCode.BadRequest, @"No password provided.");
             }
 
-            if (!Regex.IsMatch(data.Password.ToUpper().Trim(), "^[0-9A-Fa-f]{64}$", RegexOptions.Compiled))
+            if (!Regex.IsMatch(data.Password?.ToUpperInvariant()?.Trim(), "^[0-9A-Fa-f]{64}$", RegexOptions.Compiled))
             {
                 return Request.CreateErrorResponse(HttpStatusCode.BadRequest, @"Did not receive a valid password.");
             }
@@ -699,7 +699,7 @@ public object UserValidatePasswordById(Guid userId, [FromBody] PasswordValidatio
                 return Request.CreateErrorResponse(HttpStatusCode.NotFound, $@"No user with name '{userId}'.");
             }
 
-            if (user.IsPasswordValid(data.Password.ToUpper().Trim()))
+            if (user.IsPasswordValid(data.Password?.ToUpperInvariant()?.Trim()))
             {
                 return Request.CreateMessageResponse(HttpStatusCode.OK, "Password Correct");
             }
@@ -733,7 +733,7 @@ public object UserChangePassword(string userName, [FromBody] AdminChange authori
                 return Request.CreateErrorResponse(HttpStatusCode.NotFound, $@"No user with name '{userName}'.");
             }
 
-            if (!user.TrySetPassword(authorizedChange.New.ToUpper().Trim()))
+            if (!user.TrySetPassword(authorizedChange.New?.ToUpperInvariant()?.Trim()))
             {
                 return Request.CreateErrorResponse(HttpStatusCode.Forbidden, @"Failed to update password.");
             }
@@ -765,7 +765,7 @@ public object UserChangePassword(Guid userId, [FromBody] AdminChange authorizedC
                 return Request.CreateErrorResponse(HttpStatusCode.NotFound, $@"No user with name '{userId}'.");
             }
 
-            if (!user.TrySetPassword(authorizedChange.New.ToUpper().Trim()))
+            if (!user.TrySetPassword(authorizedChange.New?.ToUpperInvariant()?.Trim()))
             {
                 return Request.CreateErrorResponse(HttpStatusCode.Forbidden, @"Failed to update password.");
             }
@@ -797,7 +797,7 @@ public object UserChangePassword(string userName, [FromBody] AuthorizedChange au
             }
 
             if (!user.TryChangePassword(
-                authorizedChange.Authorization.ToUpper().Trim(), authorizedChange.New.ToUpper().Trim()
+                authorizedChange.Authorization?.ToUpperInvariant()?.Trim(), authorizedChange.New?.ToUpperInvariant()?.Trim()
             ))
             {
                 return Request.CreateErrorResponse(HttpStatusCode.Forbidden, @"Invalid credentials.");
@@ -830,7 +830,7 @@ public object UserChangePassword(Guid userId, [FromBody] AuthorizedChange author
             }
 
             if (!user.TryChangePassword(
-                authorizedChange.Authorization.ToUpper().Trim(), authorizedChange.New.ToUpper().Trim()
+                authorizedChange.Authorization?.ToUpperInvariant()?.Trim(), authorizedChange.New?.ToUpperInvariant()?.Trim()
             ))
             {
                 return Request.CreateErrorResponse(HttpStatusCode.Forbidden, @"Invalid credentials.");