diff --git a/CHANGES.rst b/CHANGES.rst index cd2d8b9..c3ad32a 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -2,6 +2,11 @@ Changelog ========= +v2.0.1 (UNRLEASED) +================== + +- prevent creation of databases with an empty password as those cannot be removed. + v2.0.0 ====== diff --git a/postgraas_server/management_resources.py b/postgraas_server/management_resources.py index cfa2537..90ae720 100644 --- a/postgraas_server/management_resources.py +++ b/postgraas_server/management_resources.py @@ -1,4 +1,5 @@ import datetime +import json import logging import psycopg2 @@ -132,6 +133,9 @@ def post(self): parser.add_argument('db_pwd', required=True, type=str, help='pass of the db user') args = parser.parse_args() + if not args['db_pwd']: + abort(400, msg='The password may not be empty.') + if DBInstance.query.filter_by(postgraas_instance_name=args['postgraas_instance_name'] ).first(): return { diff --git a/tests/test_integration/test_postgras_api.py b/tests/test_integration/test_postgras_api.py index ca29730..8883d9e 100644 --- a/tests/test_integration/test_postgras_api.py +++ b/tests/test_integration/test_postgras_api.py @@ -383,3 +383,22 @@ def test_return_postgres_instance_api(self): assert actual_data == expected self.delete_instance_by_name(db_credentials, self.app_client) + + def test_empty_password(self): + instance_name = "test_empty_password" + db_credentials = { + "postgraas_instance_name": instance_name, + "db_name": self.db_name, + "db_username": self.username, + "db_pwd": "", + } + self.delete_instance_by_name(db_credentials, self.app_client) + headers = {'Content-Type': 'application/json'} + result = self.app_client.post( + '/api/v2/postgraas_instances', headers=headers, data=json.dumps(db_credentials) + ) + created_db = json.loads(result.get_data(as_text=True)) + + assert result.status_code == 400 + print(created_db) + assert 'password may not be empty' in created_db["msg"]