Skip to content

Commit 126d401

Browse files
corgiboygsjcorgiboygsj
authored
auth: check username/password is empty string (#1402)
* auth: check username/password is empty string * auth: modifiy userinfo verification on create/update
1 parent ee742fa commit 126d401

File tree

2 files changed

+12
-6
lines changed

2 files changed

+12
-6
lines changed

hugegraph-api/src/main/java/com/baidu/hugegraph/api/auth/UserAPI.java

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,7 @@
3434
import javax.ws.rs.QueryParam;
3535
import javax.ws.rs.core.Context;
3636

37+
import org.apache.commons.lang3.StringUtils;
3738
import org.slf4j.Logger;
3839

3940
import com.baidu.hugegraph.HugeGraph;
@@ -208,15 +209,15 @@ public HugeUser build() {
208209

209210
@Override
210211
public void checkCreate(boolean isBatch) {
211-
E.checkArgumentNotNull(this.name,
212-
"The name of user can't be null");
213-
E.checkArgumentNotNull(this.password,
214-
"The password of user can't be null");
212+
E.checkArgument(!StringUtils.isEmpty(this.name),
213+
"The name of user can't be null");
214+
E.checkArgument(!StringUtils.isEmpty(this.password),
215+
"The password of user can't be null");
215216
}
216217

217218
@Override
218219
public void checkUpdate() {
219-
E.checkArgument(this.password != null ||
220+
E.checkArgument(!StringUtils.isEmpty(this.password) ||
220221
this.phone != null ||
221222
this.email != null ||
222223
this.avatar != null,

hugegraph-api/src/main/java/com/baidu/hugegraph/api/filter/AuthenticationFilter.java

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,7 @@
3737
import javax.ws.rs.ext.Provider;
3838
import javax.xml.bind.DatatypeConverter;
3939

40+
import org.apache.commons.lang3.StringUtils;
4041
import org.apache.tinkerpop.gremlin.server.auth.AuthenticationException;
4142
import org.glassfish.grizzly.http.server.Request;
4243
import org.glassfish.grizzly.utils.Charsets;
@@ -113,7 +114,11 @@ protected User authenticate(ContainerRequestContext context) {
113114

114115
final String username = values[0];
115116
final String password = values[1];
116-
assert username != null && password != null;
117+
118+
if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) {
119+
throw new BadRequestException(
120+
"Invalid syntax for username and password");
121+
}
117122

118123
// Validate the extracted credentials
119124
try {

0 commit comments

Comments
 (0)