From d0eaf2c9235d36459d364dc9d1d43ad660e90b35 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Thu, 18 Nov 2021 14:50:30 -0500 Subject: [PATCH] Island: Prevent user from registering with empty password --- .../authentication/authentication_service.py | 9 ++++++++- .../authentication/test_authentication_service.py | 15 +++++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/monkey/monkey_island/cc/services/authentication/authentication_service.py b/monkey/monkey_island/cc/services/authentication/authentication_service.py index f164bde1e..ddb096215 100644 --- a/monkey/monkey_island/cc/services/authentication/authentication_service.py +++ b/monkey/monkey_island/cc/services/authentication/authentication_service.py @@ -1,6 +1,10 @@ import bcrypt -from common.utils.exceptions import IncorrectCredentialsError, UnknownUserError +from common.utils.exceptions import ( + IncorrectCredentialsError, + InvalidRegistrationCredentialsError, + UnknownUserError, +) from monkey_island.cc.server_utils.encryption import ( reset_datastore_encryptor, unlock_datastore_encryptor, @@ -29,6 +33,9 @@ class AuthenticationService: @classmethod def register_new_user(cls, username: str, password: str): + if not username or not password: + raise InvalidRegistrationCredentialsError("Username or password can not be empty.") + credentials = UserCreds(username, _hash_password(password)) cls.user_datastore.add_user(credentials) cls._reset_datastore_encryptor(username, password) diff --git a/monkey/tests/unit_tests/monkey_island/cc/services/authentication/test_authentication_service.py b/monkey/tests/unit_tests/monkey_island/cc/services/authentication/test_authentication_service.py index 491845865..766871133 100644 --- a/monkey/tests/unit_tests/monkey_island/cc/services/authentication/test_authentication_service.py +++ b/monkey/tests/unit_tests/monkey_island/cc/services/authentication/test_authentication_service.py @@ -101,6 +101,21 @@ def test_register_new_user__fails( mock_reset_database.assert_not_called() +def test_register_new_user__empty_password_fails( + tmp_path, mock_reset_datastore_encryptor, mock_reset_database +): + mock_user_datastore = MockUserDatastore(lambda: False, None, None) + + a_s = AuthenticationService() + a_s.initialize(tmp_path, mock_user_datastore) + + with pytest.raises(InvalidRegistrationCredentialsError): + a_s.register_new_user(USERNAME, "") + + mock_reset_datastore_encryptor.assert_not_called() + mock_reset_database.assert_not_called() + + def test_register_new_user(tmp_path, mock_reset_datastore_encryptor, mock_reset_database): mock_add_user = MagicMock() mock_user_datastore = MockUserDatastore(lambda: False, mock_add_user, None)