diff options
author | Frederick Muriuki Muriithi | 2023-01-19 11:51:52 +0300 |
---|---|---|
committer | Frederick Muriuki Muriithi | 2023-01-19 11:51:52 +0300 |
commit | 88070363558aa8c8f55021d8db1c410007d8854b (patch) | |
tree | e00a4165d7435bb7532c44cc4a37908f73f3c7bf | |
parent | bf7a51087acfb3cf6706e18c028cc7ada5cebac9 (diff) | |
download | genenetwork3-88070363558aa8c8f55021d8db1c410007d8854b.tar.gz |
auth: Fix user registration
The code checking for errors was buggy and would let empty values through.
The sqlite3.IntegrityError exception was not being handled correctly, and
would cause a failure in the application.
This commit fixes the issues noted above.
* gn3/auth/authorisation/roles.py: fix bug in generating query params
* gn3/auth/authorisation/views.py: fix error checking code. Raise exception if
email is already registered.
-rw-r--r-- | gn3/auth/authorisation/roles.py | 4 | ||||
-rw-r--r-- | gn3/auth/authorisation/views.py | 41 |
2 files changed, 27 insertions, 18 deletions
diff --git a/gn3/auth/authorisation/roles.py b/gn3/auth/authorisation/roles.py index 606403e..9e2e83e 100644 --- a/gn3/auth/authorisation/roles.py +++ b/gn3/auth/authorisation/roles.py @@ -91,8 +91,8 @@ def assign_default_roles(cursor: db.DbCursor, user: User): '("group-creator")') role_ids = cursor.fetchall() str_user_id = str(user.user_id) - params = ( - {"user_id": str_user_id, "role_id": role_id} for role_id in role_ids) + params = tuple( + {"user_id": str_user_id, "role_id": row["role_id"]} for row in role_ids) cursor.executemany( ("INSERT INTO user_roles VALUES (:user_id, :role_id)"), params) diff --git a/gn3/auth/authorisation/views.py b/gn3/auth/authorisation/views.py index 2c47bd9..1c59ed1 100644 --- a/gn3/auth/authorisation/views.py +++ b/gn3/auth/authorisation/views.py @@ -1,5 +1,8 @@ """Endpoints for the authorisation stuff.""" +import traceback from typing import Tuple, Optional + +import sqlite3 from flask import request, jsonify, current_app from gn3.auth import db @@ -80,28 +83,34 @@ def register_user(): __assert_not_logged_in__(conn) form = request.form - email = form.get("email", "") - password = form.get("password", "") - user_name = form.get("user_name", "") + email = form.get("email", "").strip() + password = form.get("password", "").strip() + user_name = form.get("user_name", "").strip() errors = tuple( - error[1] for error in + error for valid,error in [__email_valid__(email), - __password_valid__(password, form.get("confirm_password", "")), + __password_valid__( + password, form.get("confirm_password", "").strip()), __user_name_valid__(user_name)] - if error[0]) + if not valid) if len(errors) > 0: raise UserRegistrationError(*errors) - with db.cursor(conn) as cursor: - user, _hashed_password = set_user_password( - cursor, save_user(cursor, email, user_name), password) - assign_default_roles(cursor, user) - return jsonify( - { - "user_id": user.user_id, - "email": user.email, - "name": user.name - }), 200 + try: + with db.cursor(conn) as cursor: + user, _hashed_password = set_user_password( + cursor, save_user(cursor, email, user_name), password) + assign_default_roles(cursor, user) + return jsonify( + { + "user_id": user.user_id, + "email": user.email, + "name": user.name + }), 200 + except sqlite3.IntegrityError as sq3ie: + current_app.logger.debug(traceback.format_exc()) + raise UserRegistrationError( + "A user with that email already exists") from sq3ie raise Exception( "unknown_error", "The system experienced an unexpected error.") |