Island: Prevent user from registering with empty password
This commit is contained in:
parent
796ae84be1
commit
d0eaf2c923
|
@ -1,6 +1,10 @@
|
|||
import bcrypt
|
||||
|
||||
from common.utils.exceptions import IncorrectCredentialsError, UnknownUserError
|
||||
from common.utils.exceptions import (
|
||||
IncorrectCredentialsError,
|
||||
InvalidRegistrationCredentialsError,
|
||||
UnknownUserError,
|
||||
)
|
||||
from monkey_island.cc.server_utils.encryption import (
|
||||
reset_datastore_encryptor,
|
||||
unlock_datastore_encryptor,
|
||||
|
@ -29,6 +33,9 @@ class AuthenticationService:
|
|||
|
||||
@classmethod
|
||||
def register_new_user(cls, username: str, password: str):
|
||||
if not username or not password:
|
||||
raise InvalidRegistrationCredentialsError("Username or password can not be empty.")
|
||||
|
||||
credentials = UserCreds(username, _hash_password(password))
|
||||
cls.user_datastore.add_user(credentials)
|
||||
cls._reset_datastore_encryptor(username, password)
|
||||
|
|
|
@ -101,6 +101,21 @@ def test_register_new_user__fails(
|
|||
mock_reset_database.assert_not_called()
|
||||
|
||||
|
||||
def test_register_new_user__empty_password_fails(
|
||||
tmp_path, mock_reset_datastore_encryptor, mock_reset_database
|
||||
):
|
||||
mock_user_datastore = MockUserDatastore(lambda: False, None, None)
|
||||
|
||||
a_s = AuthenticationService()
|
||||
a_s.initialize(tmp_path, mock_user_datastore)
|
||||
|
||||
with pytest.raises(InvalidRegistrationCredentialsError):
|
||||
a_s.register_new_user(USERNAME, "")
|
||||
|
||||
mock_reset_datastore_encryptor.assert_not_called()
|
||||
mock_reset_database.assert_not_called()
|
||||
|
||||
|
||||
def test_register_new_user(tmp_path, mock_reset_datastore_encryptor, mock_reset_database):
|
||||
mock_add_user = MagicMock()
|
||||
mock_user_datastore = MockUserDatastore(lambda: False, mock_add_user, None)
|
||||
|
|
Loading…
Reference in New Issue