Harden auth validation against null request fields

2026-02-08 21:48:07 +01:00
parent acffbc199d
commit d2ab8a676f
5 changed files with 36 additions and 10 deletions
--- a/GameList.Tests/AuthTests.cs
+++ b/GameList.Tests/AuthTests.cs
@@ -212,6 +212,29 @@ public class AuthTests
        Assert.Equal(HttpStatusCode.BadRequest, badKey.StatusCode);
    }

+    [Fact]
+    public async Task Register_and_login_with_null_fields_return_bad_request()
+    {
+        await using var factory = new TestWebApplicationFactory();
+        var client = factory.CreateClientWithCookies();
+
+        var register = await client.PostAsJsonAsync("/api/auth/register", new
+        {
+            Username = (string?)null,
+            Password = (string?)null,
+            DisplayName = (string?)null,
+            AdminKey = (string?)null
+        });
+        Assert.Equal(HttpStatusCode.BadRequest, register.StatusCode);
+
+        var login = await client.PostAsJsonAsync("/api/auth/login", new
+        {
+            Username = (string?)null,
+            Password = (string?)null
+        });
+        Assert.Equal(HttpStatusCode.BadRequest, login.StatusCode);
+    }
+
    [Fact]
    public async Task Non_admin_cannot_access_admin_routes()
    {