From 6640e6487652d6f3a326dbc3270f971c84e53182 Mon Sep 17 00:00:00 2001
From: Kyle Spearrin <kyle.spearrin@gmail.com>
Date: Sat, 27 Jul 2019 12:29:20 -0400
Subject: [PATCH] HaveIBeenPwned API key not set.

---
 src/Api/Controllers/HibpController.cs | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/Api/Controllers/HibpController.cs b/src/Api/Controllers/HibpController.cs
index 6ec80913c5..2bf9222b75 100644
--- a/src/Api/Controllers/HibpController.cs
+++ b/src/Api/Controllers/HibpController.cs
@@ -9,6 +9,7 @@ using Bit.Core;
 using System.Net;
 using Bit.Core.Exceptions;
 using System.Linq;
+using Bit.Core.Utilities;
 
 namespace Bit.Api.Controllers
 {
@@ -49,11 +50,12 @@ namespace Bit.Api.Controllers
 
         private async Task<IActionResult> SendAsync(string username, bool retry)
         {
-            var request = new HttpRequestMessage(HttpMethod.Get, string.Format(HibpBreachApi, username));
-            if(!string.IsNullOrWhiteSpace(_globalSettings.HibpApiKey))
+            if(!CoreHelpers.SettingHasValue(_globalSettings.HibpApiKey))
             {
-                request.Headers.Add("hibp-api-key", _globalSettings.HibpApiKey);
+                throw new BadRequestException("HaveIBeenPwned API key not set.");
             }
+            var request = new HttpRequestMessage(HttpMethod.Get, string.Format(HibpBreachApi, username));
+            request.Headers.Add("hibp-api-key", _globalSettings.HibpApiKey);
             request.Headers.Add("hibp-client-id", GetClientId());
             request.Headers.Add("User-Agent", _userAgent);
             var response = await _httpClient.SendAsync(request);