Improve security
This commit is contained in:
@@ -2,7 +2,7 @@ use crate::database::establish_connection;
|
||||
use crate::diesel;
|
||||
use crate::error::AppError;
|
||||
use crate::json_serialization::new_user::NewUserSchema;
|
||||
use crate::models::user::new_user::NewUser;
|
||||
use crate::models::user::new_user::{validate_password, NewUser};
|
||||
use crate::schema::users;
|
||||
use actix_web::{web, HttpResponse};
|
||||
use diesel::prelude::*;
|
||||
@@ -13,6 +13,10 @@ pub async fn create(new_user: web::Json<NewUserSchema>) -> Result<HttpResponse,
|
||||
let email: String = new_user.email.clone();
|
||||
let new_password: String = new_user.password.clone();
|
||||
|
||||
if let Err(message) = validate_password(&new_password) {
|
||||
return Ok(HttpResponse::BadRequest().body(message));
|
||||
}
|
||||
|
||||
let new_user = NewUser::new(name, email, new_password)?;
|
||||
|
||||
let insert_result = diesel::insert_into(users::table)
|
||||
@@ -61,6 +65,24 @@ mod tests {
|
||||
.ok();
|
||||
}
|
||||
|
||||
#[actix_web::test]
|
||||
async fn create_fails_for_short_password() {
|
||||
let suffix = unique_suffix();
|
||||
|
||||
let app = test::init_service(App::new().route("/create", web::post().to(create))).await;
|
||||
let req = test::TestRequest::post()
|
||||
.uri("/create")
|
||||
.set_json(serde_json::json!({
|
||||
"name": format!("short_pw_{suffix}"),
|
||||
"email": format!("short_{suffix}@example.test"),
|
||||
"password": "abc"
|
||||
}))
|
||||
.to_request();
|
||||
let resp = test::call_service(&app, req).await;
|
||||
|
||||
assert_eq!(StatusCode::BAD_REQUEST, resp.status());
|
||||
}
|
||||
|
||||
#[actix_web::test]
|
||||
async fn create_fails_for_duplicate_user() {
|
||||
let mut connection = establish_connection();
|
||||
|
||||
Reference in New Issue
Block a user