Harden auth validation against null request fields

Endpoints/AuthValidator.cs

@@ -12,7 +12,7 @@ internal static class AuthValidator
 
     public static bool TryValidateRegistration(RegisterRequest request, out ValidatedRegistration validated, out string error)
     {
-        var username = (request.Username).Trim();
+        var username = (request.Username ?? string.Empty).Trim();
         if (string.IsNullOrWhiteSpace(username) || username.Length > MaxUsernameLength)
         {
             validated = default;
@@ -61,14 +61,14 @@ internal static class AuthValidator
         }
 
         var adminKey = EndpointHelpers.TrimTo(request.AdminKey, MaxAdminKeyLength);
-        validated = new ValidatedRegistration(username, username.ToLowerInvariant(), displayName, adminKey);
+        validated = new ValidatedRegistration(username, username.ToLowerInvariant(), password, displayName, adminKey);
         error = string.Empty;
         return true;
     }
 
     public static bool TryValidateLogin(LoginRequest request, out string username, out string normalizedUsername, out string error)
     {
-        username = (request.Username).Trim();
+        username = (request.Username ?? string.Empty).Trim();
         normalizedUsername = string.Empty;
 
         if (string.IsNullOrWhiteSpace(username) || string.IsNullOrWhiteSpace(request.Password))
@@ -94,5 +94,5 @@ internal static class AuthValidator
         return true;
     }
 
-    public readonly record struct ValidatedRegistration(string Username, string NormalizedUsername, string DisplayName, string? AdminKey);
+    public readonly record struct ValidatedRegistration(string Username, string NormalizedUsername, string Password, string DisplayName, string? AdminKey);
 }