use static equals method to avoid exception

DuendeSoftware / IdentityServer

The most flexible and standards-compliant OpenID Connect and OAuth 2.x framework for ASP.NET Core

https://duendesoftware.com/products/identityserver

Other

1.45k stars 337 forks source link

use static equals method to avoid exception #1583

Open testfirstcoder opened 1 month ago

testfirstcoder commented 1 month ago

user.Password could be null.

josephdecock commented 1 month ago

Is it actually possible to create a TestUser instance without a password, or to submit the QuickStart ui's login page without entering a password? If so, maybe we should prevent that. Ultimately the TestUserStore isn't meant for production, so we should just make the developer experience as good as possible.

testfirstcoder commented 1 month ago

The previous line checks explicit the possible null value for user password.

if (string.IsNullOrWhiteSpace(user.Password)

Right. The type is for testing purpose only.

Nevertheless we could use Object.Equals or String.Equals methods to make a safer comparision and avoid a possible System.NullReferenceException.