diff --git a/master/api/user/user.go b/master/api/user/user.go index 4493180..72e696a 100644 --- a/master/api/user/user.go +++ b/master/api/user/user.go @@ -157,6 +157,15 @@ func CreateUser(c *gin.Context) { }) return } + if len(user.Password) < 8 || len(user.Password) > 16 { + c.JSON(http.StatusBadRequest, api.ErrorResponse{ + Succeed: false, + Error: "Password length should be between 8 and 16", + Message: "Password length should be between 8 and 16", + TraceID: traceID, + }) + return + } userService, err := userservice.GetService(c) if err != nil { c.JSON(http.StatusInternalServerError, api.ErrorResponse{ diff --git a/master/test/data/auth_test_data.yml b/master/test/data/auth_test_data.yml index 6a600be..92f2aff 100644 --- a/master/test/data/auth_test_data.yml +++ b/master/test/data/auth_test_data.yml @@ -1,12 +1,13 @@ test_login: - - ["user exist", "testuser1",'123456','nil'] - - ["user not exist", "testuser2",'123456','Wrong Username or Password'] + - ["user exist", "testuser1",'12345678','nil'] + - ["user not exist", "testuser2",'12345678','Wrong Username or Password'] - ['user with wrong password','testuser1','wrongpassword','Wrong Username or Password'] test_register: - - ["user not exist", "registeruser1",'123456','nil'] - - ["user exist", "testuser1",'123456','failed create user'] + - ["user not exist", "registeruser1",'12345678','nil'] + - ["user exist", "testuser1",'12345678','failed create user'] - ["user with None username",'','','Username or Password is empty'] + - ["user with too short password","shortpwduser","123456","Password length should be between 8 and 16"] test_token: - ["user with token",'1'] diff --git a/master/test/testcase/test_auth_api.py b/master/test/testcase/test_auth_api.py index 624dcb1..9b801b4 100644 --- a/master/test/testcase/test_auth_api.py +++ b/master/test/testcase/test_auth_api.py @@ -12,9 +12,9 @@ def setup_class(self): self.root_url = "http://localhost:9333/api/v1/" self.req_session = requests.Session() # 添加测试用户 - rep0 = self.req_session.post(self.root_url + 'register', json={"username": 'testuser1', "password": '123456'}) + rep0 = self.req_session.post(self.root_url + 'register', json={"username": 'testuser1', "password": '12345678'}) # 获取token - rep = self.req_session.post(self.root_url + 'login', json={"username": 'testuser1', "password": '123456'}) + rep = self.req_session.post(self.root_url + 'login', json={"username": 'testuser1', "password": '12345678'}) self.token = rep.json()['token'] @allure.story("登录")