Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix user was added on sign-up even if password didn't match confirmation #275

Merged
merged 4 commits into from
Sep 17, 2024
Merged

Fix user was added on sign-up even if password didn't match confirmation #275

merged 4 commits into from
Sep 17, 2024

Conversation

consideRatio
Copy link
Member

@consideRatio consideRatio commented Sep 17, 2024
edited
Loading

Rebased version of #271 where I failed to push a commit with fixes needed as seen by @manics.

Thank you @paolocarinci for spotting this and initializing the work to fix it!!

@consideRatio consideRatio changed the title Ensure user creation is done only if user is allowed Ensure user creation happens only for allowed users Sep 17, 2024
@consideRatio consideRatio changed the title Ensure user creation happens only for allowed users Fix user was added on sign-up even if password didn't match confirmation Sep 17, 2024
consideRatio
consideRatio commented Sep 17, 2024
View reviewed changes
nativeauthenticator/handlers.py
password = self.get_body_argument("signup_password", strip=False)
confirmation = self.get_body_argument(
"signup_password_confirmation", strip=False
)
confirmation_matches = password == confirmation
user_is_admin = user_info["username"] in self.authenticator.admin_users
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

user_info wasn't set before if re-captcha had failed (assume_user_is_human=False), so this is fixed now as well.

consideRatio
consideRatio commented Sep 17, 2024
View reviewed changes
nativeauthenticator/handlers.py
Comment on lines -174 to -176
username_already_taken = self.authenticator.user_exists(
user_info["username"]
)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This check is now always done which I think is perfectly fine in this case.

@consideRatio consideRatio added the bug Something isn't working label Sep 17, 2024
@consideRatio consideRatio mentioned this pull request Sep 17, 2024
Closed
31 tasks
@consideRatio consideRatio merged commit 7f901a1 into jupyterhub:main Sep 17, 2024
8 checks passed
@consideRatio consideRatio mentioned this pull request Sep 17, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@minrk minrk minrk approved these changes

Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@consideRatio @minrk @paolocarinci