set min username length to 4

Author: Matthew Fisher

api/exceptions.py

@@ -8,29 +8,38 @@
 from rest_framework import status
 
 
-class BuildNodeError(APIException):
+class AbstractDeisException(APIException):
     """
-    Indicates a problem in building or bootstrapping a node.
+    Abstract class in which all Deis Exceptions and Errors should extend.
 
-    This exception is subclassed from rest_framework's APIException so it
-    isn't reported as "500 SERVER ERROR."
+    This exception is subclassed from rest_framework's APIException so that
+    subclasses can change the status code to something different than
+    "500 SERVER ERROR."
     """
 
-    status_code = status.HTTP_401_UNAUTHORIZED
-
     def __init__(self, detail=None):
         self.detail = detail
 
+    class Meta:
+        abstract = True
 
-class BuildFormationError(APIException):
-    """
-    Indicates a problem in creating a formation.
 
-    This exception is subclassed from rest_framework's APIException so it
-    isn't reported as "500 SERVER ERROR."
+class BuildNodeError(AbstractDeisException):
     """
+    Indicates a problem in building or bootstrapping a node.
+    """
+    status_code = status.HTTP_401_UNAUTHORIZED
+
 
+class BuildFormationError(AbstractDeisException):
+    """
+    Indicates a problem in creating a formation.
+    """
     status_code = status.HTTP_400_BAD_REQUEST
 
-    def __init__(self, detail=None):
-        self.detail = detail
+
+class UserRegistrationException(AbstractDeisException):
+    """
+    Indicates that there was a problem registering the user.
+    """
+    status_code = status.HTTP_400_BAD_REQUEST

api/tests/test_auth.py

@@ -56,6 +56,10 @@ def test_auth(self):
         self.assertFalse(response.data['is_staff'])
         self.assertTrue(
             self.client.login(username=username, password=password))
+        # test with len(username) < 4
+        submit['username'] = 'new'
+        response = self.client.post(url, json.dumps(submit), content_type='application/json')
+        self.assertEqual(response.status_code, 400)
         # test for default objects
         url = '/api/providers'
         response = self.client.get(url)

api/tests/test_perm.py

@@ -70,7 +70,7 @@ def test_list(self):
 
     def test_create(self):
         submit = {
-            'username': 'one',
+            'username': 'first',
             'password': 'password',
             'email': 'autotest@deis.io',
         }
@@ -79,7 +79,7 @@ def test_create(self):
         self.assertEqual(response.status_code, 201)
         self.assertTrue(response.data['is_superuser'])
         submit = {
-            'username': 'two',
+            'username': 'second',
             'password': 'password',
             'email': 'autotest@deis.io',
         }
@@ -88,20 +88,20 @@ def test_create(self):
         self.assertEqual(response.status_code, 201)
         self.assertFalse(response.data['is_superuser'])
         self.assertTrue(
-            self.client.login(username='one', password='password'))
+            self.client.login(username='first', password='password'))
         # grant user 2 the superuser perm
         url = '/api/admin/perms'
-        body = {'username': 'two'}
+        body = {'username': 'second'}
         response = self.client.post(url, json.dumps(body), content_type='application/json')
         self.assertEqual(response.status_code, 201)
         response = self.client.get(url)
         self.assertEqual(response.status_code, 200)
         self.assertEqual(len(response.data['results']), 2)
-        self.assertIn('two', str(response.data['results']))
+        self.assertIn('second', str(response.data['results']))
 
     def test_delete(self):
         submit = {
-            'username': 'uno',
+            'username': 'first',
             'password': 'password',
             'email': 'autotest@deis.io',
         }
@@ -110,7 +110,7 @@ def test_delete(self):
         self.assertEqual(response.status_code, 201)
         self.assertTrue(response.data['is_superuser'])
         submit = {
-            'username': 'dos',
+            'username': 'second',
             'password': 'password',
             'email': 'autotest@deis.io',
         }
@@ -119,14 +119,14 @@ def test_delete(self):
         self.assertEqual(response.status_code, 201)
         self.assertFalse(response.data['is_superuser'])
         self.assertTrue(
-            self.client.login(username='uno', password='password'))
+            self.client.login(username='first', password='password'))
         # grant user 2 the superuser perm
         url = '/api/admin/perms'
-        body = {'username': 'dos'}
+        body = {'username': 'second'}
         response = self.client.post(url, json.dumps(body), content_type='application/json')
         self.assertEqual(response.status_code, 201)
         # revoke the superuser perm
-        response = self.client.delete(url + '/dos')
+        response = self.client.delete(url + '/second')
         self.assertEqual(response.status_code, 204)
         response = self.client.get(url)
         self.assertEqual(response.status_code, 200)

api/views.py

@@ -24,7 +24,7 @@
 from rest_framework.response import Response
 
 from api import docker, models, serializers
-from .exceptions import BuildFormationError
+from .exceptions import BuildFormationError, UserRegistrationException
 
 from deis import settings
 
@@ -149,6 +149,9 @@ def pre_save(self, obj):
         obj.is_active = True
         obj.email = User.objects.normalize_email(obj.email)
         obj.set_password(obj.password)
+        # FIXME: move this business logic to the model
+        if len(obj.username) < 4:
+            raise UserRegistrationException('username must be > 4 characters in length')
         # Make this first signup an admin / superuser
         if not User.objects.filter(is_superuser=True).exists():
             obj.is_superuser = obj.is_staff = True