vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Add checks for username and passwords, move checks to model.

Browse source
This commit is contained in:
yackob03 2013-09-27 18:38:41 -04:00
parent 1574be3c07
commit 87dc3b6344
3 changed files with 27 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

11
data/model.py
View file

@ -3,6 +3,8 @@ import logging
import dateutil.parser import dateutil.parser
from database import * from database import *
from util.validation import (validate_email, validate_username,
validate_password)
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@ -14,6 +16,15 @@ class DataModelException(Exception):
def create_user(username, password, email): def create_user(username, password, email):
pw_hash = bcrypt.hashpw(password, bcrypt.gensalt()) pw_hash = bcrypt.hashpw(password, bcrypt.gensalt())
if not validate_email(email):
raise DataModelException('Invalid email address: %s' % email)
if not validate_username(username):
raise DataModelException('Invalid username: %s' % username)
if not validate_password(password):
raise DataModelException('Invalid password, password must be at least ' +
'8 characters and contain no whitespace.')
try: try:
new_user = User.create(username=username, password_hash=pw_hash, new_user = User.create(username=username, password_hash=pw_hash,
email=email) email=email)

8
endpoints/index.py
View file

@ -11,7 +11,6 @@ from app import app
from auth.auth import (process_auth, get_authenticated_user, from auth.auth import (process_auth, get_authenticated_user,
get_validated_token) get_validated_token)
from util.names import parse_namespace_repository, parse_repository_name from util.names import parse_namespace_repository, parse_repository_name
from util.validation import validate_email
from auth.permissions import (ModifyRepositoryPermission, from auth.permissions import (ModifyRepositoryPermission,
ReadRepositoryPermission, UserPermission) ReadRepositoryPermission, UserPermission)
@ -47,11 +46,8 @@ def generate_headers(f):
@app.route('/v1/users/', methods=['POST']) @app.route('/v1/users/', methods=['POST'])
def create_user(): def create_user():
user_data = request.get_json() user_data = request.get_json()
email = user_data['email'].strip() model.create_user(user_data['username'], user_data['password'],
if not validate_email(email): user_data['email'])
return make_response('Invalid email address: %s' % email, 400)
model.create_user(user_data['username'], user_data['password'], email)
return make_response('Created', 201) return make_response('Created', 201)

14
util/validation.py
View file

@ -1,7 +1,21 @@
import re import re
import urllib
def validate_email(email_address): def validate_email(email_address):
if re.match(r'[^@]+@[^@]+\.[^@]+', email_address): if re.match(r'[^@]+@[^@]+\.[^@]+', email_address):
return True return True
return False return False
def validate_username(username):
# Minimum length of 2, maximum length of 255, no url unsafe characters
return (urllib.quote(username, safe='') == username and
len(username) > 1 and
len(username) < 256)
def validate_password(password):
# No whitespace and minimum length of 8
if re.search(r'\s', password):
return False
return len(password) > 7