diff --git a/SnapMD.ConnectedCare.Sdk/ApiCall.cs b/SnapMD.ConnectedCare.Sdk/ApiCall.cs index 6b5f9e7e..cdf927d6 100644 --- a/SnapMD.ConnectedCare.Sdk/ApiCall.cs +++ b/SnapMD.ConnectedCare.Sdk/ApiCall.cs @@ -35,7 +35,15 @@ public ApiCall(string baseUrl, string apiKey = null) { _baseUri = new Uri(baseUrl); + + if (bearerToken == string.Empty) + { + // Prevent users from bypassing null checks by setting empty strings instead. + throw new ArgumentException("Invalid value supplied for bearer token.", "bearerToken"); + } + _bearerToken = bearerToken; + _developerId = developerId; _apiKey = apiKey; RequiresAuthentication = true; @@ -108,7 +116,7 @@ protected JObject MakeCall(Func executeFunc) private void SetHeaders(IWebClient wc) { - if (RequiresAuthentication || _bearerToken != null) + if (RequiresAuthentication || !string.IsNullOrEmpty(_bearerToken)) { AddHeader(wc, "Authorization", "Bearer " + _bearerToken); } diff --git a/SnapMD.ConnectedCare.Sdk/UserApi.cs b/SnapMD.ConnectedCare.Sdk/UserApi.cs index e1ba90f7..1ff9d4bf 100644 --- a/SnapMD.ConnectedCare.Sdk/UserApi.cs +++ b/SnapMD.ConnectedCare.Sdk/UserApi.cs @@ -26,6 +26,10 @@ public UserApi(string baseUrl, string bearerToken, string developerId, string ap { var response = MakeCall("v2/account/user"); + if (response == null) + { + return null; + } var dataEnumerator = response.ToObject>(); if (dataEnumerator.Data != null)