refactor(backend): don't create local user if password is too weak

This prevents the previous problem that the backend created a user that was then not correctly removed again

Signed-off-by: Philip Molares <philip.molares@udo.edu>

backend/src/api/private/auth/auth.controller.ts

@@ -58,6 +58,7 @@ export class AuthController {
     @Req() request: RequestWithSession,
     @Body() registerDto: RegisterDto,
   ): Promise<void> {
+    await this.identityService.checkPasswordStrength(registerDto.password);
     const user = await this.usersService.createUser(
       registerDto.username,
       registerDto.displayName,

backend/src/identity/identity.service.ts

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2022 The HedgeDoc developers (see AUTHORS file)
+ * SPDX-FileCopyrightText: 2023 The HedgeDoc developers (see AUTHORS file)
  *
  * SPDX-License-Identifier: AGPL-3.0-only
  */
@@ -197,7 +197,7 @@ export class IdentityService {
    * @param {string} password - the password to check
    * @throws {PasswordTooWeakError} the password is too weak
    */
-  private async checkPasswordStrength(password: string): Promise<void> {
+  async checkPasswordStrength(password: string): Promise<void> {
     const result = await zxcvbnAsync(password);
     if (result.score < this.authConfig.local.minimalPasswordStrength) {
       throw new PasswordTooWeakError();