Skip to content

Commit

Permalink
Prevent creation of databases with empty passwords
Browse files Browse the repository at this point in the history
  • Loading branch information
@matthias-bach-by
matthias-bach-by committed Feb 2, 2018
1 parent 0693178 commit feafb1c
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 0 deletions.
4 changes: 4 additions & 0 deletions postgraas_server/management_resources.py
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import datetime
import json
import logging

import psycopg2
Expand Down Expand Up @@ -132,6 +133,9 @@ def post(self):
parser.add_argument('db_pwd', required=True, type=str, help='pass of the db user')
args = parser.parse_args()

if not args['db_pwd']:
abort(400, msg='The password may not be empty.')

if DBInstance.query.filter_by(postgraas_instance_name=args['postgraas_instance_name']
).first():
return {
Expand Down
19 changes: 19 additions & 0 deletions tests/test_integration/test_postgras_api.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -383,3 +383,22 @@ def test_return_postgres_instance_api(self):
assert actual_data == expected

self.delete_instance_by_name(db_credentials, self.app_client)

def test_empty_password(self):
instance_name = "test_empty_password"
db_credentials = {
"postgraas_instance_name": instance_name,
"db_name": self.db_name,
"db_username": self.username,
"db_pwd": "",
}
self.delete_instance_by_name(db_credentials, self.app_client)
headers = {'Content-Type': 'application/json'}
result = self.app_client.post(
'/api/v2/postgraas_instances', headers=headers, data=json.dumps(db_credentials)
)
created_db = json.loads(result.get_data(as_text=True))

assert result.status_code == 400
print(created_db)
assert 'password may not be empty' in created_db["msg"]

0 comments on commit feafb1c

Please sign in to comment.