From e51eb529d7a9ee6667374fcc3331e4dfc18f196e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Chalet?= <kevinchalet@gmail.com>
Date: Sat, 17 Feb 2018 04:22:03 +0100
Subject: [PATCH] Add missing null checks in the authorization manager/store

---
 .../Managers/OpenIddictAuthorizationManager.cs | 11 ++++++++---
 .../Stores/OpenIddictAuthorizationStore.cs     |  9 +++++++--
 .../Stores/OpenIddictAuthorizationStore.cs     | 18 ++++++++++++++++--
 3 files changed, 31 insertions(+), 7 deletions(-)

diff --git a/src/OpenIddict.Core/Managers/OpenIddictAuthorizationManager.cs b/src/OpenIddict.Core/Managers/OpenIddictAuthorizationManager.cs
index 23d0dd77..b12b6916 100644
--- a/src/OpenIddict.Core/Managers/OpenIddictAuthorizationManager.cs
+++ b/src/OpenIddict.Core/Managers/OpenIddictAuthorizationManager.cs
@@ -166,6 +166,11 @@ namespace OpenIddict.Core
                 throw new ArgumentException("The client identifier cannot be null or empty.", nameof(client));
             }
 
+            if (string.IsNullOrEmpty(type))
+            {
+                throw new ArgumentException("The type cannot be null or empty.", nameof(type));
+            }
+
             var descriptor = new OpenIddictAuthorizationDescriptor
             {
                 ApplicationId = client,
@@ -260,7 +265,7 @@ namespace OpenIddict.Core
 
             if (string.IsNullOrEmpty(status))
             {
-                throw new ArgumentException("The status cannot be null or empty.", nameof(client));
+                throw new ArgumentException("The status cannot be null or empty.", nameof(status));
             }
 
             return Store.FindAsync(subject, client, status, cancellationToken);
@@ -294,12 +299,12 @@ namespace OpenIddict.Core
 
             if (string.IsNullOrEmpty(status))
             {
-                throw new ArgumentException("The status cannot be null or empty.", nameof(client));
+                throw new ArgumentException("The status cannot be null or empty.", nameof(status));
             }
 
             if (string.IsNullOrEmpty(type))
             {
-                throw new ArgumentException("The type cannot be null or empty.", nameof(client));
+                throw new ArgumentException("The type cannot be null or empty.", nameof(type));
             }
 
             return Store.FindAsync(subject, client, status, type, cancellationToken);
diff --git a/src/OpenIddict.Core/Stores/OpenIddictAuthorizationStore.cs b/src/OpenIddict.Core/Stores/OpenIddictAuthorizationStore.cs
index a85d2cce..2682edf6 100644
--- a/src/OpenIddict.Core/Stores/OpenIddictAuthorizationStore.cs
+++ b/src/OpenIddict.Core/Stores/OpenIddictAuthorizationStore.cs
@@ -154,6 +154,11 @@ namespace OpenIddict.Core
                 throw new ArgumentException("The client cannot be null or empty.", nameof(client));
             }
 
+            if (string.IsNullOrEmpty(status))
+            {
+                throw new ArgumentException("The status cannot be null or empty.", nameof(status));
+            }
+
             IQueryable<TAuthorization> Query(IQueryable<TAuthorization> authorizations, TKey key, string principal, string state)
                 => from authorization in authorizations
                    where authorization.Application != null &&
@@ -195,12 +200,12 @@ namespace OpenIddict.Core
 
             if (string.IsNullOrEmpty(status))
             {
-                throw new ArgumentException("The status cannot be null or empty.", nameof(client));
+                throw new ArgumentException("The status cannot be null or empty.", nameof(status));
             }
 
             if (string.IsNullOrEmpty(type))
             {
-                throw new ArgumentException("The type cannot be null or empty.", nameof(client));
+                throw new ArgumentException("The type cannot be null or empty.", nameof(type));
             }
 
             IQueryable<TAuthorization> Query(IQueryable<TAuthorization> authorizations,
diff --git a/src/OpenIddict.EntityFrameworkCore/Stores/OpenIddictAuthorizationStore.cs b/src/OpenIddict.EntityFrameworkCore/Stores/OpenIddictAuthorizationStore.cs
index a1321bf6..08b5c809 100644
--- a/src/OpenIddict.EntityFrameworkCore/Stores/OpenIddictAuthorizationStore.cs
+++ b/src/OpenIddict.EntityFrameworkCore/Stores/OpenIddictAuthorizationStore.cs
@@ -233,6 +233,20 @@ namespace OpenIddict.EntityFrameworkCore
             [NotNull] string subject, [NotNull] string client,
             [NotNull] string status, CancellationToken cancellationToken)
         {
+            if (string.IsNullOrEmpty(subject))
+            {
+                throw new ArgumentException("The subject cannot be null or empty.", nameof(subject));
+            }
+
+            if (string.IsNullOrEmpty(client))
+            {
+                throw new ArgumentException("The client identifier cannot be null or empty.", nameof(client));
+            }
+
+            if (string.IsNullOrEmpty(status))
+            {
+                throw new ArgumentException("The status cannot be null or empty.", nameof(status));
+            }
 
             // Note: due to a bug in Entity Framework Core's query visitor, the authorizations can't be
             // filtered using authorization.Application.Id.Equals(key). To work around this issue,
@@ -280,12 +294,12 @@ namespace OpenIddict.EntityFrameworkCore
 
             if (string.IsNullOrEmpty(status))
             {
-                throw new ArgumentException("The status cannot be null or empty.", nameof(client));
+                throw new ArgumentException("The status cannot be null or empty.", nameof(status));
             }
 
             if (string.IsNullOrEmpty(type))
             {
-                throw new ArgumentException("The type cannot be null or empty.", nameof(client));
+                throw new ArgumentException("The type cannot be null or empty.", nameof(type));
             }
 
             // Note: due to a bug in Entity Framework Core's query visitor, the authorizations can't be