diff --git a/src/Core/Models/Business/Tokenables/HCaptchaTokenable.cs b/src/Core/Models/Business/Tokenables/HCaptchaTokenable.cs index 4a7322ed08..0d5a1a0183 100644 --- a/src/Core/Models/Business/Tokenables/HCaptchaTokenable.cs +++ b/src/Core/Models/Business/Tokenables/HCaptchaTokenable.cs @@ -24,12 +24,17 @@ namespace Bit.Core.Models.Business.Tokenables public HCaptchaTokenable(User user) : this() { - Id = user.Id; - Email = user.Email; + Id = user?.Id ?? default; + Email = user?.Email; } public bool TokenIsValid(User user) { + if (Id == default || Email == default || user == null) + { + return false; + } + return Id == user.Id && Email.Equals(user.Email, StringComparison.InvariantCultureIgnoreCase); } diff --git a/test/Core.Test/Models/Business/Tokenables/HCaptchaTokenableTests.cs b/test/Core.Test/Models/Business/Tokenables/HCaptchaTokenableTests.cs index 3aaccfbea3..8b9c8f27f6 100644 --- a/test/Core.Test/Models/Business/Tokenables/HCaptchaTokenableTests.cs +++ b/test/Core.Test/Models/Business/Tokenables/HCaptchaTokenableTests.cs @@ -3,12 +3,44 @@ using AutoFixture.Xunit2; using Bit.Core.Entities; using Bit.Core.Models.Business.Tokenables; using Bit.Core.Tokens; +using Bit.Test.Common.AutoFixture.Attributes; using Xunit; namespace Bit.Core.Test.Models.Business.Tokenables { public class HCaptchaTokenableTests { + [Fact] + public void CanHandleNullUser() + { + var token = new HCaptchaTokenable(null); + + Assert.Equal(default, token.Id); + Assert.Equal(default, token.Email); + } + + [Fact] + public void TokenWithNullUserIsInvalid() + { + var token = new HCaptchaTokenable(null) + { + ExpirationDate = DateTime.UtcNow + TimeSpan.FromDays(1) + }; + + Assert.False(token.Valid); + } + + [Theory, BitAutoData] + public void TokenValidityCheckNullUserIdIsInvalid(User user) + { + var token = new HCaptchaTokenable(user) + { + ExpirationDate = DateTime.UtcNow + TimeSpan.FromDays(1) + }; + + Assert.False(token.TokenIsValid(null)); + } + [Theory, AutoData] public void CanUpdateExpirationToNonStandard(User user) {