Return 401 if empty credentials are supplied #6

ral-facilities · Jan 18, 2024 · 6684e68 · 6684e68
1 parent 048af8a
commit 6684e68
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 6 deletions.
diff --git a/ldap_jwt_auth/auth/authentication.py b/ldap_jwt_auth/auth/authentication.py
@@ -22,13 +22,17 @@ def authenticate(self, user_credentials: UserCredentials) -> None:
         """
         Authenticate a user against an LDAP server based on the provided user credentials.
         :param user_credentials: The credentials of the user.
-        :raises InvalidCredentialsError: If the user credentials are invalid.
+        :raises InvalidCredentialsError: If the user credentials are empty or invalid.
         :raises LDAPServerError: If there is a problem with the LDAP server.
         """
         username = user_credentials.username
+        password = user_credentials.password
         logger.info("Authenticating a user")
         logger.debug("Username provided is '%s'", username)
 
+        if not username or not password:
+            raise InvalidCredentialsError("Empty username or password")
+
         try:
             connection = ldap.initialize(config.ldap_server.url)
             ldap.set_option(ldap.OPT_PROTOCOL_VERSION, 3)

diff --git a/ldap_jwt_auth/core/models.py b/ldap_jwt_auth/core/models.py
@@ -2,13 +2,13 @@
 Model for defining the API schema models.
 """
 
-from pydantic import BaseModel, Field
+from pydantic import BaseModel
 
 
 class UserCredentials(BaseModel):
     """
     Model for the user credentials.
     """
 
-    username: str = Field(min_length=1)
-    password: str = Field(min_length=1)
+    username: str
+    password: str
diff --git a/ldap_jwt_auth/routers/login.py b/ldap_jwt_auth/routers/login.py
@@ -47,9 +47,11 @@ def login(
         return response
     except InvalidCredentialsError as exc:
         message = "Invalid credentials provided"
+        logger.exception(message)
         raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail=message) from exc
     except LDAPServerError as exc:
-        raise HTTPException(status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, detail="Something went wrong") from exc
+        message = "Something went wrong"
+        raise HTTPException(status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, detail=message) from exc
     except Exception as exc:
         logger.exception(exc)
         raise exc
diff --git a/test/unit/auth/test_authentication.py b/test/unit/auth/test_authentication.py
@@ -35,8 +35,20 @@ def test_authenticate(ldap_initialize_mock):
     ldap_obj_mock.unbind.assert_called_once()
 
 
+def test_authenticate_with_empty_credentials():
+    """
+    Test LDAP authentication with empty credentials.
+    """
+    authentication = Authentication()
+    user_credentials = UserCredentials(username="", password="")
+
+    with pytest.raises(InvalidCredentialsError) as exc:
+        authentication.authenticate(user_credentials)
+    assert str(exc.value) == "Empty username or password"
+
+
 @patch("ldap_jwt_auth.auth.authentication.ldap.initialize")
-def test_authenticate_invalid_credentials(ldap_initialize_mock):
+def test_authenticate_with_invalid_credentials(ldap_initialize_mock):
     """
     Test LDAP authentication with invalid credentials.
     """