refactor(backend): don't create local user if password is too weak

This prevents the previous problem that the backend created a user that was then not correctly removed again Signed-off-by: Philip Molares <philip.molares@udo.edu>
2024-10-18 13:20:16 -04:00 · 2023-01-08 20:45:07 +01:00 · 2023-01-08 20:45:07 +01:00 · 47d1765b12
commit 47d1765b12
parent 45e70434c4
2 changed files with 3 additions and 2 deletions
--- a/backend/src/api/private/auth/auth.controller.ts
+++ b/backend/src/api/private/auth/auth.controller.ts
@ -58,6 +58,7 @@ export class AuthController {
    @Req() request: RequestWithSession,
    @Body() registerDto: RegisterDto,
  ): Promise<void> {
+    await this.identityService.checkPasswordStrength(registerDto.password);
    const user = await this.usersService.createUser(
      registerDto.username,
      registerDto.displayName,
--- a/backend/src/identity/identity.service.ts
+++ b/backend/src/identity/identity.service.ts
@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file)
+ * SPDX-FileCopyrightText: 2023 The HedgeDoc developers (see AUTHORS file)
 *
 * SPDX-License-Identifier: AGPL-3.0-only
 */
@ -197,7 +197,7 @@ export class IdentityService {
   * @param {string} password - the password to check
   * @throws {PasswordTooWeakError} the password is too weak
   */
-  private async checkPasswordStrength(password: string): Promise<void> {
+  async checkPasswordStrength(password: string): Promise<void> {
    const result = await zxcvbnAsync(password);
    if (result.score < this.authConfig.local.minimalPasswordStrength) {
      throw new PasswordTooWeakError();