Skip to content

Commit

Permalink
forbid empty password on user creation
Browse files Browse the repository at this point in the history
  • Loading branch information
@kobergj
kobergj committed Oct 21, 2021
1 parent 5268b8e commit d08623f
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 3 deletions.
5 changes: 5 additions & 0 deletions changelog/unreleased/empty-password-user.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
Bugfix: Don't allow empty password

It was allowed to create users with empty or spaces-only password. This is fixed

https://github.com/owncloud/product/issues/197
5 changes: 5 additions & 0 deletions ocs/pkg/service/v0/users.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -179,6 +179,11 @@ func (o Ocs) AddUser(w http.ResponseWriter, r *http.Request) {
return
}
}
if strings.TrimSpace(password) == "" {
mustNotFail(render.Render(w, r, response.ErrRender(data.MetaBadRequest.StatusCode, "empty password not allowed")))
o.logger.Error().Err(err).Str("userid", userid).Msg("empty password not allowed")
return
}

// fallbacks
/* TODO decide if we want to make these fallbacks. Keep in mind:
Expand Down
3 changes: 0 additions & 3 deletions tests/acceptance/expected-failures-API-on-OCIS-storage.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -916,9 +916,6 @@ special character username not valid
- [apiProvisioning-v2/addUser.feature:40](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiProvisioning-v2/addUser.feature#L40)
- [apiProvisioning-v2/addUser.feature:47](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiProvisioning-v2/addUser.feature#L47)

#### [Password can be set to empty](https://github.com/owncloud/product/issues/197)
- [apiProvisioning-v2/addUser.feature:83](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiProvisioning-v2/addUser.feature#L83)

#### [Username is case sensitive](https://github.com/owncloud/ocis-accounts/issues/128)
- [apiProvisioning-v2/addUser.feature:116](https://github.com/owncloud/core/blob/master/tests/acceptance/features/apiProvisioning-v2/addUser.feature#L116)

Expand Down

0 comments on commit d08623f

Please sign in to comment.