Island: Prevent user from registering with empty password

monkey/monkey_island/cc/services/authentication/authentication_service.py

@@ -1,6 +1,10 @@
 import bcrypt
 
-from common.utils.exceptions import IncorrectCredentialsError, UnknownUserError
+from common.utils.exceptions import (
+    IncorrectCredentialsError,
+    InvalidRegistrationCredentialsError,
+    UnknownUserError,
+)
 from monkey_island.cc.server_utils.encryption import (
     reset_datastore_encryptor,
     unlock_datastore_encryptor,
@@ -29,6 +33,9 @@ class AuthenticationService:
 
     @classmethod
     def register_new_user(cls, username: str, password: str):
+        if not username or not password:
+            raise InvalidRegistrationCredentialsError("Username or password can not be empty.")
+
         credentials = UserCreds(username, _hash_password(password))
         cls.user_datastore.add_user(credentials)
         cls._reset_datastore_encryptor(username, password)

monkey/tests/unit_tests/monkey_island/cc/services/authentication/test_authentication_service.py

@@ -101,6 +101,21 @@ def test_register_new_user__fails(
     mock_reset_database.assert_not_called()
 
 
+def test_register_new_user__empty_password_fails(
+    tmp_path, mock_reset_datastore_encryptor, mock_reset_database
+):
+    mock_user_datastore = MockUserDatastore(lambda: False, None, None)
+
+    a_s = AuthenticationService()
+    a_s.initialize(tmp_path, mock_user_datastore)
+
+    with pytest.raises(InvalidRegistrationCredentialsError):
+        a_s.register_new_user(USERNAME, "")
+
+    mock_reset_datastore_encryptor.assert_not_called()
+    mock_reset_database.assert_not_called()
+
+
 def test_register_new_user(tmp_path, mock_reset_datastore_encryptor, mock_reset_database):
     mock_add_user = MagicMock()
     mock_user_datastore = MockUserDatastore(lambda: False, mock_add_user, None)