Fix for Nullreference exception when public api authenticate endpoint…

… called with invalid username. (dotnet-architecture#482)
chazjn · Nov 14, 2020 · 2502e01 · 2502e01
1 parent c2fe05d
commit 2502e01
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/src/PublicApi/AuthEndpoints/Authenticate.cs b/src/PublicApi/AuthEndpoints/Authenticate.cs
@@ -42,7 +42,11 @@ public override async Task<ActionResult<AuthenticateResponse>> HandleAsync(Authe
             response.IsNotAllowed = result.IsNotAllowed;
             response.RequiresTwoFactor = result.RequiresTwoFactor;
             response.Username = request.Username;
-            response.Token = await _tokenClaimsService.GetTokenAsync(request.Username);
+
+            if (result.Succeeded)
+            {
+                response.Token = await _tokenClaimsService.GetTokenAsync(request.Username);
+            }
 
             return response;
         }

diff --git a/tests/FunctionalTests/PublicApi/AuthEndpoints/AuthenticateEndpoint.cs b/tests/FunctionalTests/PublicApi/AuthEndpoints/AuthenticateEndpoint.cs
@@ -24,6 +24,7 @@ public AuthenticateEndpoint(ApiTestFixture factory)
         [Theory]
         [InlineData("demouser@microsoft.com", AuthorizationConstants.DEFAULT_PASSWORD, true)]
         [InlineData("demouser@microsoft.com", "badpassword", false)]
+        [InlineData("baduser@microsoft.com", "badpassword", false)]
         public async Task ReturnsExpectedResultGivenCredentials(string testUsername, string testPassword, bool expectedResult)
         {
             var request = new AuthenticateRequest() 
@@ -38,6 +39,6 @@ public async Task ReturnsExpectedResultGivenCredentials(string testUsername, str
             var model = stringResponse.FromJson<AuthenticateResponse>();
 
             Assert.Equal(expectedResult, model.Result);
-        }
+        }        
     }
 }