Add checks for username and passwords, move checks to model.

2013-09-27 18:38:41 -04:00 · 2013-09-27 18:38:41 -04:00 · 87dc3b6344
commit 87dc3b6344
parent 1574be3c07
3 changed files with 27 additions and 6 deletions
--- a/data/model.py
+++ b/data/model.py
@ -3,6 +3,8 @@ import logging
 import dateutil.parser

 from database import *
+from util.validation import (validate_email, validate_username,
+                             validate_password)


 logger = logging.getLogger(__name__)
@ -14,6 +16,15 @@ class DataModelException(Exception):

 def create_user(username, password, email):
  pw_hash = bcrypt.hashpw(password, bcrypt.gensalt())
+
+  if not validate_email(email):
+    raise DataModelException('Invalid email address: %s' % email)
+  if not validate_username(username):
+    raise DataModelException('Invalid username: %s' % username)
+  if not validate_password(password):
+    raise DataModelException('Invalid password, password must be at least ' +
+                             '8 characters and contain no whitespace.')
+
  try:
    new_user = User.create(username=username, password_hash=pw_hash,
                           email=email)
--- a/endpoints/index.py
+++ b/endpoints/index.py
@ -11,7 +11,6 @@ from app import app
 from auth.auth import (process_auth, get_authenticated_user,
                       get_validated_token)
 from util.names import parse_namespace_repository, parse_repository_name
-from util.validation import validate_email
 from auth.permissions import (ModifyRepositoryPermission,
                              ReadRepositoryPermission, UserPermission)

@ -47,11 +46,8 @@ def generate_headers(f):
@app.route('/v1/users/', methods=['POST'])
 def create_user():
  user_data = request.get_json()
-  email = user_data['email'].strip()
-  if not validate_email(email):
-    return make_response('Invalid email address: %s' % email, 400)
-
-  model.create_user(user_data['username'], user_data['password'], email)
+  model.create_user(user_data['username'], user_data['password'],
+                    user_data['email'])
  return make_response('Created', 201)


--- a/util/validation.py
+++ b/util/validation.py
@ -1,7 +1,21 @@
 import re
+import urllib


 def validate_email(email_address):
  if re.match(r'[^@]+@[^@]+\.[^@]+', email_address):
    return True
  return False
+
+
+def validate_username(username):
+  # Minimum length of 2, maximum length of 255, no url unsafe characters
+  return (urllib.quote(username, safe='') == username and
+          len(username) > 1 and
+          len(username) < 256)
+
+def validate_password(password):
+  # No whitespace and minimum length of 8
+  if re.search(r'\s', password):
+    return False
+  return len(password) > 7