Skip to content

Commit

Permalink
Merge pull request #275 from consideRatio/pr/fix-create-user
Browse files Browse the repository at this point in the history
Fix user was added on sign-up even if password didn't match confirmation
  • Loading branch information
consideRatio authored Sep 17, 2024
2 parents c003e37 + c4d38f5 commit 7f901a1
Showing 1 changed file with 17 additions and 17 deletions.
34 changes: 17 additions & 17 deletions nativeauthenticator/handlers.py
Original file line number Diff line number Diff line change
Expand Up @@ -164,28 +164,28 @@ async def post(self):
else:
self.authenticator.log.error("Failed reCaptcha")

if assume_user_is_human:
user_info = {
"username": self.get_body_argument("username", strip=False),
"password": self.get_body_argument("signup_password", strip=False),
"email": self.get_body_argument("email", "", strip=False),
"has_2fa": bool(self.get_body_argument("2fa", "", strip=False)),
}
username_already_taken = self.authenticator.user_exists(
user_info["username"]
)
user = self.authenticator.create_user(**user_info)
else:
username_already_taken = False
user = None

# Collect various information for precise (error) messages.
# initialize user_info
user_info = {
"username": self.get_body_argument("username", strip=False),
"password": self.get_body_argument("signup_password", strip=False),
"email": self.get_body_argument("email", "", strip=False),
"has_2fa": bool(self.get_body_argument("2fa", "", strip=False)),
}
username = user_info["username"]

# summarize info
password = self.get_body_argument("signup_password", strip=False)
confirmation = self.get_body_argument(
"signup_password_confirmation", strip=False
)
confirmation_matches = password == confirmation
user_is_admin = user_info["username"] in self.authenticator.admin_users
user_is_admin = username in self.authenticator.admin_users
username_already_taken = self.authenticator.user_exists(username)

# if everything seems ok, create a user
user = None
if assume_user_is_human and not username_already_taken and confirmation_matches:
user = self.authenticator.create_user(**user_info)

# Call helper function from above for precise alert-level and message.
alert, message = self.get_result_message(
Expand Down

0 comments on commit 7f901a1

Please sign in to comment.