Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unhandled exception in FlowAuth backend when adding a user with empty password #1637

Closed
jc-harrison opened this issue Dec 2, 2019 · 0 comments · Fixed by #1644
Closed

Unhandled exception in FlowAuth backend when adding a user with empty password #1637

jc-harrison opened this issue Dec 2, 2019 · 0 comments · Fixed by #1644
Labels
bug Something isn't working FlowAuth Issues related to FlowAuth

Comments

@jc-harrison
Copy link
Member

Describe the bug
FlowAuth admin add_user fails with the following exception when json["password"] is an empty string:

Traceback (most recent call last):
  File "/usr/local/lib/python3.6/site-packages/flask/app.py", line 2446, in wsgi_app
    response = self.full_dispatch_request()
  File "/usr/local/lib/python3.6/site-packages/flask/app.py", line 1951, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/usr/local/lib/python3.6/site-packages/flask/app.py", line 1820, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/usr/local/lib/python3.6/site-packages/flask/_compat.py", line 39, in reraise
    raise value
  File "/usr/local/lib/python3.6/site-packages/flask/app.py", line 1949, in full_dispatch_request
    rv = self.dispatch_request()
  File "/usr/local/lib/python3.6/site-packages/flask/app.py", line 1935, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/usr/local/lib/python3.6/site-packages/flask_login/utils.py", line 261, in decorated_view
    return func(*args, **kwargs)
  File "/usr/local/lib/python3.6/site-packages/flask_principal.py", line 199, in _decorated
    rv = f(*args, **kw)
  File "/usr/local/lib/python3.6/site-packages/flowauth/admin.py", line 639, in add_user
    if zxcvbn(json["password"])["score"] > 3:
  File "/usr/local/lib/python3.6/site-packages/zxcvbn/__init__.py", line 28, in zxcvbn
    result = scoring.most_guessable_match_sequence(password, matches)
  File "/usr/local/lib/python3.6/site-packages/zxcvbn/scoring.py", line 204, in most_guessable_match_sequence
    optimal_match_sequence = unwind(n)
  File "/usr/local/lib/python3.6/site-packages/zxcvbn/scoring.py", line 181, in unwind
    for candidate_l, candidate_g in optimal['g'][k].items():
IndexError: list index out of range

Expected behaviour here should be to raise

InvalidUsage(
    "Password not long enough.", payload={"bad_field": "password"}
)

or similar.
@jc-harrison jc-harrison added bug Something isn't working FlowAuth Issues related to FlowAuth labels Dec 2, 2019
@jc-harrison jc-harrison mentioned this issue Dec 3, 2019
Merged
8 tasks
@mergify mergify bot closed this as completed in #1644 Dec 4, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working FlowAuth Issues related to FlowAuth
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix FlowAuth bugs Flowminder/FlowKit
1 participant
@jc-harrison