Add empty string check for recovery code #61926
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…covery code # Add empty string check for recovery code If an empty string gets passed as the recovery code to `UserStoreBase.RedeemCodeAsync(TUser user, string code, CancellationToken ct)`, the method returns `true`, incorrectly indicating a valid recovery code. This PR resolves the issue by validating that the `code` argument is not an empty string. ## Description The `RedeemCodeAsync()` method already validates that `code` is non-null. This PR: * Extends the logic in this method to handle the empty string (`""`) case * Adds tests validating that an exception gets thrown when `code` is `null` or `""` ---- #### AI description (iteration 1) #### PR Classification Bug fix #### PR Summary This pull request adds a check for empty strings in recovery codes to prevent null or empty values from being processed. - `src/Shared/ThrowHelpers/ArgumentNullThrowHelper.cs`: Added `ThrowIfNullOrEmpty` method to validate strings as non-null and non-empty. - `src/Identity/EntityFrameworkCore/test/EF.Test/UserStoreTest.cs`: Added tests to ensure `RedeemCodeAsync` throws exceptions for null or empty codes. - `src/Identity/Extensions.Stores/src/UserStoreBase.cs`: Updated `ThrowIfNull` to `ThrowIfNullOrEmpty` for code validation in `RedeemCodeAsync`. <!-- GitOpsUserAgent=GitOps.Apps.Server.pullrequestcopilot --> ---- #### AI description (iteration 1) #### PR Classification Bug fix #### PR Summary This pull request adds a check for empty strings in recovery code validation to prevent errors. - `src/Shared/ThrowHelpers/ArgumentNullThrowHelper.cs`: Added `ThrowIfNullOrEmpty` method to validate non-null and non-empty strings. - `src/Identity/EntityFrameworkCore/test/EF.Test/UserStoreTest.cs`: Added tests for null and empty recovery code validation. - `src/Identity/Extensions.Stores/src/UserStoreBase.cs`: Updated recovery code validation to use `ThrowIfNullOrEmpty`.
MackinnonBuck
approved these changes
May 13, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
If an empty string gets passed as the recovery code to
UserStoreBase.RedeemCodeAsync(TUser user, string code, CancellationToken ct), the method returnstrue, incorrectly indicating a valid recovery code. This PR resolves the issue by validating that thecodeargument is not an empty string.