Add missing null checks in the authorization manager/store

8 years ago · e51eb529d7
3 changed files with 31 additions and 7 deletions
--- a/src/OpenIddict.Core/Managers/OpenIddictAuthorizationManager.cs
+++ b/src/OpenIddict.Core/Managers/OpenIddictAuthorizationManager.cs
@ -166,6 +166,11 @@ namespace OpenIddict.Core
                throw new ArgumentException("The client identifier cannot be null or empty.", nameof(client));
            }

+            if (string.IsNullOrEmpty(type))
+            {
+                throw new ArgumentException("The type cannot be null or empty.", nameof(type));
+            }
+
            var descriptor = new OpenIddictAuthorizationDescriptor
            {
                ApplicationId = client,
@ -260,7 +265,7 @@ namespace OpenIddict.Core

            if (string.IsNullOrEmpty(status))
            {
-                throw new ArgumentException("The status cannot be null or empty.", nameof(client));
+                throw new ArgumentException("The status cannot be null or empty.", nameof(status));
            }

            return Store.FindAsync(subject, client, status, cancellationToken);
@ -294,12 +299,12 @@ namespace OpenIddict.Core

            if (string.IsNullOrEmpty(status))
            {
-                throw new ArgumentException("The status cannot be null or empty.", nameof(client));
+                throw new ArgumentException("The status cannot be null or empty.", nameof(status));
            }

            if (string.IsNullOrEmpty(type))
            {
-                throw new ArgumentException("The type cannot be null or empty.", nameof(client));
+                throw new ArgumentException("The type cannot be null or empty.", nameof(type));
            }

            return Store.FindAsync(subject, client, status, type, cancellationToken);
--- a/src/OpenIddict.Core/Stores/OpenIddictAuthorizationStore.cs
+++ b/src/OpenIddict.Core/Stores/OpenIddictAuthorizationStore.cs
@ -154,6 +154,11 @@ namespace OpenIddict.Core
                throw new ArgumentException("The client cannot be null or empty.", nameof(client));
            }

+            if (string.IsNullOrEmpty(status))
+            {
+                throw new ArgumentException("The status cannot be null or empty.", nameof(status));
+            }
+
            IQueryable<TAuthorization> Query(IQueryable<TAuthorization> authorizations, TKey key, string principal, string state)
                => from authorization in authorizations
                   where authorization.Application != null &&
@ -195,12 +200,12 @@ namespace OpenIddict.Core

            if (string.IsNullOrEmpty(status))
            {
-                throw new ArgumentException("The status cannot be null or empty.", nameof(client));
+                throw new ArgumentException("The status cannot be null or empty.", nameof(status));
            }

            if (string.IsNullOrEmpty(type))
            {
-                throw new ArgumentException("The type cannot be null or empty.", nameof(client));
+                throw new ArgumentException("The type cannot be null or empty.", nameof(type));
            }

            IQueryable<TAuthorization> Query(IQueryable<TAuthorization> authorizations,
--- a/src/OpenIddict.EntityFrameworkCore/Stores/OpenIddictAuthorizationStore.cs
+++ b/src/OpenIddict.EntityFrameworkCore/Stores/OpenIddictAuthorizationStore.cs
@ -233,6 +233,20 @@ namespace OpenIddict.EntityFrameworkCore
            [NotNull] string subject, [NotNull] string client,
            [NotNull] string status, CancellationToken cancellationToken)
        {
+            if (string.IsNullOrEmpty(subject))
+            {
+                throw new ArgumentException("The subject cannot be null or empty.", nameof(subject));
+            }
+
+            if (string.IsNullOrEmpty(client))
+            {
+                throw new ArgumentException("The client identifier cannot be null or empty.", nameof(client));
+            }
+
+            if (string.IsNullOrEmpty(status))
+            {
+                throw new ArgumentException("The status cannot be null or empty.", nameof(status));
+            }

            // Note: due to a bug in Entity Framework Core's query visitor, the authorizations can't be
            // filtered using authorization.Application.Id.Equals(key). To work around this issue,
@ -280,12 +294,12 @@ namespace OpenIddict.EntityFrameworkCore

            if (string.IsNullOrEmpty(status))
            {
-                throw new ArgumentException("The status cannot be null or empty.", nameof(client));
+                throw new ArgumentException("The status cannot be null or empty.", nameof(status));
            }

            if (string.IsNullOrEmpty(type))
            {
-                throw new ArgumentException("The type cannot be null or empty.", nameof(client));
+                throw new ArgumentException("The type cannot be null or empty.", nameof(type));
            }

            // Note: due to a bug in Entity Framework Core's query visitor, the authorizations can't be