aboutsummaryrefslogtreecommitdiff
path: root/gn3/auth
diff options
context:
space:
mode:
authorFrederick Muriuki Muriithi2023-01-19 11:51:52 +0300
committerFrederick Muriuki Muriithi2023-01-19 11:51:52 +0300
commit88070363558aa8c8f55021d8db1c410007d8854b (patch)
treee00a4165d7435bb7532c44cc4a37908f73f3c7bf /gn3/auth
parentbf7a51087acfb3cf6706e18c028cc7ada5cebac9 (diff)
downloadgenenetwork3-88070363558aa8c8f55021d8db1c410007d8854b.tar.gz
auth: Fix user registration
The code checking for errors was buggy and would let empty values through. The sqlite3.IntegrityError exception was not being handled correctly, and would cause a failure in the application. This commit fixes the issues noted above. * gn3/auth/authorisation/roles.py: fix bug in generating query params * gn3/auth/authorisation/views.py: fix error checking code. Raise exception if email is already registered.
Diffstat (limited to 'gn3/auth')
-rw-r--r--gn3/auth/authorisation/roles.py4
-rw-r--r--gn3/auth/authorisation/views.py41
2 files changed, 27 insertions, 18 deletions
diff --git a/gn3/auth/authorisation/roles.py b/gn3/auth/authorisation/roles.py
index 606403e..9e2e83e 100644
--- a/gn3/auth/authorisation/roles.py
+++ b/gn3/auth/authorisation/roles.py
@@ -91,8 +91,8 @@ def assign_default_roles(cursor: db.DbCursor, user: User):
'("group-creator")')
role_ids = cursor.fetchall()
str_user_id = str(user.user_id)
- params = (
- {"user_id": str_user_id, "role_id": role_id} for role_id in role_ids)
+ params = tuple(
+ {"user_id": str_user_id, "role_id": row["role_id"]} for row in role_ids)
cursor.executemany(
("INSERT INTO user_roles VALUES (:user_id, :role_id)"),
params)
diff --git a/gn3/auth/authorisation/views.py b/gn3/auth/authorisation/views.py
index 2c47bd9..1c59ed1 100644
--- a/gn3/auth/authorisation/views.py
+++ b/gn3/auth/authorisation/views.py
@@ -1,5 +1,8 @@
"""Endpoints for the authorisation stuff."""
+import traceback
from typing import Tuple, Optional
+
+import sqlite3
from flask import request, jsonify, current_app
from gn3.auth import db
@@ -80,28 +83,34 @@ def register_user():
__assert_not_logged_in__(conn)
form = request.form
- email = form.get("email", "")
- password = form.get("password", "")
- user_name = form.get("user_name", "")
+ email = form.get("email", "").strip()
+ password = form.get("password", "").strip()
+ user_name = form.get("user_name", "").strip()
errors = tuple(
- error[1] for error in
+ error for valid,error in
[__email_valid__(email),
- __password_valid__(password, form.get("confirm_password", "")),
+ __password_valid__(
+ password, form.get("confirm_password", "").strip()),
__user_name_valid__(user_name)]
- if error[0])
+ if not valid)
if len(errors) > 0:
raise UserRegistrationError(*errors)
- with db.cursor(conn) as cursor:
- user, _hashed_password = set_user_password(
- cursor, save_user(cursor, email, user_name), password)
- assign_default_roles(cursor, user)
- return jsonify(
- {
- "user_id": user.user_id,
- "email": user.email,
- "name": user.name
- }), 200
+ try:
+ with db.cursor(conn) as cursor:
+ user, _hashed_password = set_user_password(
+ cursor, save_user(cursor, email, user_name), password)
+ assign_default_roles(cursor, user)
+ return jsonify(
+ {
+ "user_id": user.user_id,
+ "email": user.email,
+ "name": user.name
+ }), 200
+ except sqlite3.IntegrityError as sq3ie:
+ current_app.logger.debug(traceback.format_exc())
+ raise UserRegistrationError(
+ "A user with that email already exists") from sq3ie
raise Exception(
"unknown_error", "The system experienced an unexpected error.")