Fix user was added on sign-up even if password didn't match confirmation

nativeauthenticator/handlers.py

@@ -168,12 +168,14 @@ async def post(self):
             user_info = {
                 "username": self.get_body_argument("username", strip=False),
                 "password": self.get_body_argument("signup_password", strip=False),
+		"password_confirmation": self.get_body_argument("signup_password_confirmation", strip=False),
                 "email": self.get_body_argument("email", "", strip=False),
                 "has_2fa": bool(self.get_body_argument("2fa", "", strip=False)),
             }
             username_already_taken = self.authenticator.user_exists(
                 user_info["username"]
             )
+
             user = self.authenticator.create_user(**user_info)
         else:
             username_already_taken = False

nativeauthenticator/nativeauthenticator.py

@@ -291,12 +291,15 @@ def get_authed_users(self):
     def user_exists(self, username):
         return self.get_user(username) is not None
 
-    def create_user(self, username, password, **kwargs):
+    def create_user(self, username, password, password_confirmation, **kwargs):
         username = self.normalize_username(username)
 
         if self.user_exists(username) or not self.validate_username(username):
             return
 
+        if not password == password_confirmation:
+            return
+
         if not self.is_password_strong(password):
             return
 
@@ -429,7 +432,7 @@ def add_data_from_firstuse(self):
         with dbm.open(self.firstuse_db_path, "c", 0o600) as db:
             for user in db.keys():
                 password = db[user].decode()
-                new_user = self.create_user(user.decode(), password)
+                new_user = self.create_user(user.decode(), password, password)
                 if not new_user:
                     error = (
                         f"User {user} was not created. Check password "