Do not create user if username or password is empty (#3650)
This commit is contained in:
Wissam Abirached
committed by
Florent Vilmart
Florent Vilmart
parent
ea94ae73f6
commit
2533a8cdb3
@@ -1,5 +1,7 @@
|
|||||||
const ParseServerRESTController = require('../src/ParseServerRESTController').ParseServerRESTController;
|
const ParseServerRESTController = require('../src/ParseServerRESTController').ParseServerRESTController;
|
||||||
const ParseServer = require('../src/ParseServer').default;
|
const ParseServer = require('../src/ParseServer').default;
|
||||||
|
const Parse = require('parse/node').Parse;
|
||||||
|
|
||||||
let RESTController;
|
let RESTController;
|
||||||
|
|
||||||
describe('ParseServerRESTController', () => {
|
describe('ParseServerRESTController', () => {
|
||||||
@@ -103,6 +105,28 @@ describe('ParseServerRESTController', () => {
|
|||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it('ensures no user is created when passing an empty username', (done) => {
|
||||||
|
RESTController.request("POST", "/classes/_User", {username: "", password: "world"}).then(() => {
|
||||||
|
jfail(new Error('Success callback should not be called when passing an empty username.'));
|
||||||
|
done();
|
||||||
|
}, (err) => {
|
||||||
|
expect(err.code).toBe(Parse.Error.USERNAME_MISSING);
|
||||||
|
expect(err.message).toBe('bad or missing username');
|
||||||
|
done();
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
|
it('ensures no user is created when passing an empty password', (done) => {
|
||||||
|
RESTController.request("POST", "/classes/_User", {username: "hello", password: ""}).then(() => {
|
||||||
|
jfail(new Error('Success callback should not be called when passing an empty password.'));
|
||||||
|
done();
|
||||||
|
}, (err) => {
|
||||||
|
expect(err.code).toBe(Parse.Error.PASSWORD_MISSING);
|
||||||
|
expect(err.message).toBe('password is required');
|
||||||
|
done();
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
it('ensures no session token is created on creating users', (done) => {
|
it('ensures no session token is created on creating users', (done) => {
|
||||||
RESTController.request("POST", "/classes/_User", {username: "hello", password: "world"}).then((user) => {
|
RESTController.request("POST", "/classes/_User", {username: "hello", password: "world"}).then((user) => {
|
||||||
expect(user.sessionToken).toBeUndefined();
|
expect(user.sessionToken).toBeUndefined();
|
||||||
|
|||||||
@@ -204,11 +204,11 @@ RestWrite.prototype.validateAuthData = function() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (!this.query && !this.data.authData) {
|
if (!this.query && !this.data.authData) {
|
||||||
if (typeof this.data.username !== 'string') {
|
if (typeof this.data.username !== 'string' || _.isEmpty(this.data.username)) {
|
||||||
throw new Parse.Error(Parse.Error.USERNAME_MISSING,
|
throw new Parse.Error(Parse.Error.USERNAME_MISSING,
|
||||||
'bad or missing username');
|
'bad or missing username');
|
||||||
}
|
}
|
||||||
if (typeof this.data.password !== 'string') {
|
if (typeof this.data.password !== 'string' || _.isEmpty(this.data.password)) {
|
||||||
throw new Parse.Error(Parse.Error.PASSWORD_MISSING,
|
throw new Parse.Error(Parse.Error.PASSWORD_MISSING,
|
||||||
'password is required');
|
'password is required');
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user