Make RefreshToken method handle nullable requests

Vadim Belov · Vadim Belov · commit 9ec1c5e977bc · 2025-12-03T14:36:48.000-08:00
Updated the `RefreshToken` method to support nullable `request`
parameters, ensuring robustness when the request object is not
provided. Improved null safety by using the null-conditional
operator (`?.`) for accessing `RefreshToken`. Added logic to
create a new `RefreshTokenRequestDto` when `request` is null
and a cookie is available. Enhanced validation to prevent
potential `NullReferenceException` errors.
diff --git a/Sources/EasyExtensions.AspNetCore.Authorization/Controllers/BaseAuthController.cs b/Sources/EasyExtensions.AspNetCore.Authorization/Controllers/BaseAuthController.cs
@@ -71,18 +71,20 @@ public async Task<IActionResult> ChangePassword([FromBody] ChangePasswordRequest
         /// <returns>An <see cref="IActionResult"/> containing the new access token if the refresh token is valid; otherwise, a
         /// 404 Not Found result if the token is invalid or revoked.</returns>
         [HttpPost("refresh")]
-        public async Task<IActionResult> RefreshToken([FromBody] RefreshTokenRequestDto request)
+        public async Task<IActionResult> RefreshToken([FromBody] RefreshTokenRequestDto? request)
         {
-            bool useCookie = string.IsNullOrWhiteSpace(request.RefreshToken);
+            bool useCookie = string.IsNullOrWhiteSpace(request?.RefreshToken);
             if (useCookie)
             {
                 if (Request.Cookies.TryGetValue("refresh_token", out string? cookieRefreshToken))
                 {
-                    request = request with { RefreshToken = cookieRefreshToken };
+                    request = request is not null
+                        ? request with { RefreshToken = cookieRefreshToken }
+                        : new RefreshTokenRequestDto { RefreshToken = cookieRefreshToken };
                 }
             }
 
-            if (string.IsNullOrWhiteSpace(request.RefreshToken))
+            if (string.IsNullOrWhiteSpace(request?.RefreshToken))
             {
                 return this.ApiNotFound("Refresh token was not found");
             }
diff --git a/Sources/EasyExtensions.AspNetCore.Authorization/Models/Dto/RefreshTokenRequestDto.cs b/Sources/EasyExtensions.AspNetCore.Authorization/Models/Dto/RefreshTokenRequestDto.cs
@@ -1,6 +1,4 @@
-﻿using System.ComponentModel.DataAnnotations;
-
-namespace EasyExtensions.AspNetCore.Authorization.Models.Dto
+﻿namespace EasyExtensions.AspNetCore.Authorization.Models.Dto
 {
     /// <summary>
     /// Represents a request to refresh an authentication token using the current password.
@@ -10,7 +8,6 @@ public record RefreshTokenRequestDto
         /// <summary>
         /// Gets or sets the refresh token used to obtain a new access token when the current one expires.
         /// </summary>
-        [Required(AllowEmptyStrings = true)]
         public string? RefreshToken { get; set; }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -71,18 +71,20 @@ public async Task<IActionResult> ChangePassword([FromBody] ChangePasswordRequest`
`71`	`71`	`/// <returns>An <see cref="IActionResult"/> containing the new access token if the refresh token is valid; otherwise, a`
`72`	`72`	`/// 404 Not Found result if the token is invalid or revoked.</returns>`
`73`	`73`	`[HttpPost("refresh")]`
`74`		`- public async Task<IActionResult> RefreshToken([FromBody] RefreshTokenRequestDto request)`
	`74`	`+ public async Task<IActionResult> RefreshToken([FromBody] RefreshTokenRequestDto? request)`
`75`	`75`	`{`
`76`		`- bool useCookie = string.IsNullOrWhiteSpace(request.RefreshToken);`
	`76`	`+ bool useCookie = string.IsNullOrWhiteSpace(request?.RefreshToken);`
`77`	`77`	`if (useCookie)`
`78`	`78`	`{`
`79`	`79`	`if (Request.Cookies.TryGetValue("refresh_token", out string? cookieRefreshToken))`
`80`	`80`	`{`
`81`		`- request = request with { RefreshToken = cookieRefreshToken };`
	`81`	`+ request = request is not null`
	`82`	`+ ? request with { RefreshToken = cookieRefreshToken }`
	`83`	`+ : new RefreshTokenRequestDto { RefreshToken = cookieRefreshToken };`
`82`	`84`	`}`
`83`	`85`	`}`
`84`	`86`
`85`		`- if (string.IsNullOrWhiteSpace(request.RefreshToken))`
	`87`	`+ if (string.IsNullOrWhiteSpace(request?.RefreshToken))`
`86`	`88`	`{`
`87`	`89`	`return this.ApiNotFound("Refresh token was not found");`
`88`	`90`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,4 @@`
`1`		`-using System.ComponentModel.DataAnnotations;`
`2`		`-`
`3`		`-namespace EasyExtensions.AspNetCore.Authorization.Models.Dto`
	`1`	`+namespace EasyExtensions.AspNetCore.Authorization.Models.Dto`
`4`	`2`	`{`
`5`	`3`	`/// <summary>`
`6`	`4`	`/// Represents a request to refresh an authentication token using the current password.`
`@@ -10,7 +8,6 @@ public record RefreshTokenRequestDto`
`10`	`8`	`/// <summary>`
`11`	`9`	`/// Gets or sets the refresh token used to obtain a new access token when the current one expires.`
`12`	`10`	`/// </summary>`
`13`		`- [Required(AllowEmptyStrings = true)]`
`14`	`11`	`public string? RefreshToken { get; set; }`
`15`	`12`	`}`
`16`	`13`	`}`