Fix: Add Password Validation to Account Creation (#25382)

2025-09-09 21:58:39 -03:00 · 2025-09-09 21:58:39 -03:00 · 6574e9f0b2
parent cce13750ad
commit 6574e9f0b2
2 changed files with 24 additions and 0 deletions
--- a/api/services/account_service.py
+++ b/api/services/account_service.py
@ -246,6 +246,8 @@ class AccountService:
        account.name = name

        if password:
+            valid_password(password)
+
            # generate password salt
            salt = secrets.token_bytes(16)
            base64_salt = base64.b64encode(salt).decode()
--- a/api/tests/test_containers_integration_tests/services/test_account_service.py
+++ b/api/tests/test_containers_integration_tests/services/test_account_service.py
@ -91,6 +91,28 @@ class TestAccountService:
        assert account.password is None
        assert account.password_salt is None

+    def test_create_account_password_invalid_new_password(
+        self, db_session_with_containers, mock_external_service_dependencies
+    ):
+        """
+        Test account create with invalid new password format.
+        """
+        fake = Faker()
+        email = fake.email()
+        name = fake.name()
+        # Setup mocks
+        mock_external_service_dependencies["feature_service"].get_system_features.return_value.is_allow_register = True
+        mock_external_service_dependencies["billing_service"].is_email_in_freeze.return_value = False
+
+        # Test with too short password (assuming minimum length validation)
+        with pytest.raises(ValueError):  # Password validation error
+            AccountService.create_account(
+                email=email,
+                name=name,
+                interface_language="en-US",
+                password="invalid_new_password",
+            )
+
    def test_create_account_registration_disabled(self, db_session_with_containers, mock_external_service_dependencies):
        """
        Test account creation when registration is disabled.