refactor(backend): don't create local user if password is too weak

This prevents the previous problem that the backend created a user that was then not correctly removed again

Signed-off-by: Philip Molares <philip.molares@udo.edu>
This commit is contained in:
Philip Molares 2023-01-08 20:45:07 +01:00 committed by David Mehren
parent 45e70434c4
commit 47d1765b12
2 changed files with 3 additions and 2 deletions

View file

@ -58,6 +58,7 @@ export class AuthController {
@Req() request: RequestWithSession,
@Body() registerDto: RegisterDto,
): Promise<void> {
await this.identityService.checkPasswordStrength(registerDto.password);
const user = await this.usersService.createUser(
registerDto.username,
registerDto.displayName,

View file

@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file)
* SPDX-FileCopyrightText: 2023 The HedgeDoc developers (see AUTHORS file)
*
* SPDX-License-Identifier: AGPL-3.0-only
*/
@ -197,7 +197,7 @@ export class IdentityService {
* @param {string} password - the password to check
* @throws {PasswordTooWeakError} the password is too weak
*/
private async checkPasswordStrength(password: string): Promise<void> {
async checkPasswordStrength(password: string): Promise<void> {
const result = await zxcvbnAsync(password);
if (result.score < this.authConfig.local.minimalPasswordStrength) {
throw new PasswordTooWeakError();