From b67f554df6bae9b506181ed54ae201c14c3dbac3 Mon Sep 17 00:00:00 2001 From: lodicolo Date: Sun, 16 Oct 2022 15:08:30 -0400 Subject: [PATCH] fix: prevent nre in user controllers (#1628) * fix: prevent nre in user controllers * fix: prevent nre in user controllers --- .../Web/RestApi/Routes/V1/UserController.cs | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/Intersect.Server/Web/RestApi/Routes/V1/UserController.cs b/Intersect.Server/Web/RestApi/Routes/V1/UserController.cs index 848ff6aebf..a19cd43103 100644 --- a/Intersect.Server/Web/RestApi/Routes/V1/UserController.cs +++ b/Intersect.Server/Web/RestApi/Routes/V1/UserController.cs @@ -159,7 +159,7 @@ public object RegisterUser([FromBody] UserInfo user) } else { - DbInterface.CreateAccount(null, user.Username, user.Password.ToUpper().Trim(), user.Email); + DbInterface.CreateAccount(null, user.Username, user.Password?.ToUpperInvariant()?.Trim(), user.Email); return new { @@ -575,7 +575,7 @@ public object UserChangeEmailByName(string userName, [FromBody] AuthorizedChange return Request.CreateErrorResponse(HttpStatusCode.NotFound, $@"No user with name '{userName}'."); } - if (!user.IsPasswordValid(authorizedChange.Authorization.ToUpper().Trim())) + if (!user.IsPasswordValid(authorizedChange.Authorization?.ToUpperInvariant()?.Trim())) { return Request.CreateErrorResponse(HttpStatusCode.Forbidden, @"Invalid credentials."); } @@ -619,7 +619,7 @@ public object UserChangeEmailById(Guid userId, [FromBody] AuthorizedChange autho return Request.CreateErrorResponse(HttpStatusCode.NotFound, $@"No user with id '{userId}'."); } - if (!user.IsPasswordValid(authorizedChange.Authorization.ToUpper().Trim())) + if (!user.IsPasswordValid(authorizedChange.Authorization?.ToUpperInvariant()?.Trim())) { return Request.CreateErrorResponse(HttpStatusCode.Forbidden, @"Invalid credentials."); } @@ -653,7 +653,7 @@ public object UserValidatePasswordByName(string userName, [FromBody] PasswordVal return Request.CreateErrorResponse(HttpStatusCode.BadRequest, @"No password provided."); } - if (!Regex.IsMatch(data.Password.ToUpper().Trim(), "^[0-9A-Fa-f]{64}$", RegexOptions.Compiled)) + if (!Regex.IsMatch(data.Password?.ToUpperInvariant()?.Trim(), "^[0-9A-Fa-f]{64}$", RegexOptions.Compiled)) { return Request.CreateErrorResponse(HttpStatusCode.BadRequest, @"Did not receive a valid password."); } @@ -665,7 +665,7 @@ public object UserValidatePasswordByName(string userName, [FromBody] PasswordVal return Request.CreateErrorResponse(HttpStatusCode.NotFound, $@"No user with name '{userName}'."); } - if (user.IsPasswordValid(data.Password.ToUpper().Trim())) + if (user.IsPasswordValid(data.Password?.ToUpperInvariant()?.Trim())) { return Request.CreateMessageResponse(HttpStatusCode.OK, "Password Correct"); } @@ -687,7 +687,7 @@ public object UserValidatePasswordById(Guid userId, [FromBody] PasswordValidatio return Request.CreateErrorResponse(HttpStatusCode.BadRequest, @"No password provided."); } - if (!Regex.IsMatch(data.Password.ToUpper().Trim(), "^[0-9A-Fa-f]{64}$", RegexOptions.Compiled)) + if (!Regex.IsMatch(data.Password?.ToUpperInvariant()?.Trim(), "^[0-9A-Fa-f]{64}$", RegexOptions.Compiled)) { return Request.CreateErrorResponse(HttpStatusCode.BadRequest, @"Did not receive a valid password."); } @@ -699,7 +699,7 @@ public object UserValidatePasswordById(Guid userId, [FromBody] PasswordValidatio return Request.CreateErrorResponse(HttpStatusCode.NotFound, $@"No user with name '{userId}'."); } - if (user.IsPasswordValid(data.Password.ToUpper().Trim())) + if (user.IsPasswordValid(data.Password?.ToUpperInvariant()?.Trim())) { return Request.CreateMessageResponse(HttpStatusCode.OK, "Password Correct"); } @@ -733,7 +733,7 @@ public object UserChangePassword(string userName, [FromBody] AdminChange authori return Request.CreateErrorResponse(HttpStatusCode.NotFound, $@"No user with name '{userName}'."); } - if (!user.TrySetPassword(authorizedChange.New.ToUpper().Trim())) + if (!user.TrySetPassword(authorizedChange.New?.ToUpperInvariant()?.Trim())) { return Request.CreateErrorResponse(HttpStatusCode.Forbidden, @"Failed to update password."); } @@ -765,7 +765,7 @@ public object UserChangePassword(Guid userId, [FromBody] AdminChange authorizedC return Request.CreateErrorResponse(HttpStatusCode.NotFound, $@"No user with name '{userId}'."); } - if (!user.TrySetPassword(authorizedChange.New.ToUpper().Trim())) + if (!user.TrySetPassword(authorizedChange.New?.ToUpperInvariant()?.Trim())) { return Request.CreateErrorResponse(HttpStatusCode.Forbidden, @"Failed to update password."); } @@ -797,7 +797,7 @@ public object UserChangePassword(string userName, [FromBody] AuthorizedChange au } if (!user.TryChangePassword( - authorizedChange.Authorization.ToUpper().Trim(), authorizedChange.New.ToUpper().Trim() + authorizedChange.Authorization?.ToUpperInvariant()?.Trim(), authorizedChange.New?.ToUpperInvariant()?.Trim() )) { return Request.CreateErrorResponse(HttpStatusCode.Forbidden, @"Invalid credentials."); @@ -830,7 +830,7 @@ public object UserChangePassword(Guid userId, [FromBody] AuthorizedChange author } if (!user.TryChangePassword( - authorizedChange.Authorization.ToUpper().Trim(), authorizedChange.New.ToUpper().Trim() + authorizedChange.Authorization?.ToUpperInvariant()?.Trim(), authorizedChange.New?.ToUpperInvariant()?.Trim() )) { return Request.CreateErrorResponse(HttpStatusCode.Forbidden, @"Invalid credentials.");