don't accept empty usernames.

exports.sh

@@ -4,7 +4,7 @@ cd `dirname $0`
 
 export GOPATH=`pwd`
 
-if [ "x$GOROOT" == 'x' -a -d $HOME/go ]; then
+if [ "x$GOROOT" = 'x' -a -d $HOME/go ]; then
     export GOROOT=$HOME/go
 fi
 
@@ -33,7 +33,7 @@ elif [ "x$CC" == "x" -a `uname -v | cut -d' ' -f4` = "13.0.0:" ]; then
     export CC=gcc-4.2
 fi
 
-if [ "x$PYTHONPATH" == x -a $on_linux != yes ]; then
+if [ "x$PYTHONPATH" = x -a $on_linux != yes ]; then
     PYTHONPATH=/usr/local/lib/python2.7/site-packages/:$PYTHONPATH
 fi
 

src/api/http/api.go

@@ -544,6 +544,11 @@ func (self *HttpServer) createClusterAdmin(w libhttp.ResponseWriter, r *libhttp.
 
 	self.tryAsClusterAdmin(w, r, func(u common.User) (int, interface{}) {
 		if err := self.userManager.CreateClusterAdminUser(u, newUser.Name); err != nil {
+			errorStr := err.Error()
+			if strings.Contains(errorStr, "empty") {
+				return libhttp.StatusBadRequest, errorStr
+			}
+
 			return libhttp.StatusUnauthorized, err.Error()
 		}
 		if err := self.userManager.ChangeClusterAdminPassword(u, newUser.Name, newUser.Password); err != nil {
@@ -664,7 +669,12 @@ func (self *HttpServer) createDbUser(w libhttp.ResponseWriter, r *libhttp.Reques
 
 	self.tryAsDbUserAndClusterAdmin(w, r, func(u common.User) (int, interface{}) {
 		if err := self.userManager.CreateDbUser(u, db, newUser.Name); err != nil {
-			return libhttp.StatusUnauthorized, err.Error()
+			errorStr := err.Error()
+			if strings.Contains(errorStr, "empty") {
+				return libhttp.StatusBadRequest, errorStr
+			}
+
+			return libhttp.StatusUnauthorized, errorStr
 		}
 		if err := self.userManager.ChangeDbUserPassword(u, db, newUser.Name, newUser.Password); err != nil {
 			return libhttp.StatusUnauthorized, err.Error()

src/api/http/api_test.go

@@ -384,7 +384,13 @@ func (self *ApiSuite) TestDropDatabase(c *C) {
 
 func (self *ApiSuite) TestClusterAdminOperations(c *C) {
 	url := self.formatUrl("/cluster_admins?u=root&p=root")
-	resp, err := libhttp.Post(url, "", bytes.NewBufferString(`{"username":"new_user", "password": "new_pass"}`))
+	resp, err := libhttp.Post(url, "", bytes.NewBufferString(`{"username":"", "password": "new_pass"}`))
+	c.Assert(err, IsNil)
+	defer resp.Body.Close()
+	c.Assert(resp.StatusCode, Equals, libhttp.StatusBadRequest)
+
+	url = self.formatUrl("/cluster_admins?u=root&p=root")
+	resp, err = libhttp.Post(url, "", bytes.NewBufferString(`{"username":"new_user", "password": "new_pass"}`))
 	c.Assert(err, IsNil)
 	defer resp.Body.Close()
 	c.Assert(resp.StatusCode, Equals, libhttp.StatusOK)
@@ -407,7 +413,6 @@ func (self *ApiSuite) TestClusterAdminOperations(c *C) {
 	c.Assert(self.manager.ops[0].password, Equals, "new_password")
 	self.manager.ops = nil
 
-	url = self.formatUrl("/cluster_admins/new_user?u=root&p=root")
 	req, _ := libhttp.NewRequest("DELETE", url, nil)
 	resp, err = libhttp.DefaultClient.Do(req)
 	c.Assert(err, IsNil)
@@ -443,6 +448,12 @@ func (self *ApiSuite) TestDbUSerOperations(c *C) {
 	c.Assert(self.manager.ops[0].password, Equals, "new_password")
 	self.manager.ops = nil
 
+	url = self.formatUrl("/db/db1/users?u=root&p=root")
+	resp, err = libhttp.Post(url, "", bytes.NewBufferString(`{"username":"", "password": "new_pass"}`))
+	c.Assert(err, IsNil)
+	defer resp.Body.Close()
+	c.Assert(resp.StatusCode, Equals, libhttp.StatusBadRequest)
+
 	// set and unset the db admin flag
 	url = self.formatUrl("/db/db1/admins/new_user?u=root&p=root")
 	resp, err = libhttp.Post(url, "", nil)

src/api/http/mock_user_manager_test.go

@@ -31,6 +31,10 @@ func (self *MockUserManager) AuthenticateClusterAdmin(username, password string)
 	return nil, nil
 }
 func (self *MockUserManager) CreateClusterAdminUser(request common.User, username string) error {
+	if username == "" {
+		return fmt.Errorf("Invalid empty username")
+	}
+
 	self.ops = append(self.ops, &Operation{"cluster_admin_add", username, "", false})
 	return nil
 }
@@ -43,6 +47,10 @@ func (self *MockUserManager) ChangeClusterAdminPassword(requester common.User, u
 	return nil
 }
 func (self *MockUserManager) CreateDbUser(request common.User, db, username string) error {
+	if username == "" {
+		return fmt.Errorf("Invalid empty username")
+	}
+
 	self.ops = append(self.ops, &Operation{"db_user_add", username, "", false})
 	return nil
 }

src/coordinator/coordinator.go

@@ -119,6 +119,10 @@ func (self *CoordinatorImpl) CreateClusterAdminUser(requester common.User, usern
 		return fmt.Errorf("Insufficient permissions")
 	}
 
+	if username == "" {
+		return fmt.Errorf("Username cannot be empty")
+	}
+
 	if self.clusterConfiguration.clusterAdmins[username] != nil {
 		return fmt.Errorf("User %s already exists", username)
 	}
@@ -159,6 +163,10 @@ func (self *CoordinatorImpl) CreateDbUser(requester common.User, db, username st
 		return fmt.Errorf("Insufficient permissions")
 	}
 
+	if username == "" {
+		return fmt.Errorf("Username cannot be empty")
+	}
+
 	self.clusterConfiguration.CreateDatabase(db) // ignore the error since the db may exist
 	dbUsers := self.clusterConfiguration.dbUsers[db]
 	if dbUsers != nil && dbUsers[username] != nil {

src/coordinator/coordinator_test.go

@@ -295,6 +295,7 @@ func (self *CoordinatorSuite) TestAdminOperations(c *C) {
 
 	// Can create other cluster admin
 	c.Assert(coordinator.CreateClusterAdminUser(root, "another_cluster_admin"), IsNil)
+	c.Assert(coordinator.CreateClusterAdminUser(root, ""), NotNil)
 	c.Assert(coordinator.ChangeClusterAdminPassword(root, "another_cluster_admin", "pass"), IsNil)
 	u, err := coordinator.AuthenticateClusterAdmin("another_cluster_admin", "pass")
 	c.Assert(err, IsNil)
@@ -307,6 +308,7 @@ func (self *CoordinatorSuite) TestAdminOperations(c *C) {
 
 	// can create db users
 	c.Assert(coordinator.CreateDbUser(root, "db1", "db_user"), IsNil)
+	c.Assert(coordinator.CreateDbUser(root, "db1", ""), NotNil)
 	c.Assert(coordinator.ChangeDbUserPassword(root, "db1", "db_user", "db_pass"), IsNil)
 	u, err = coordinator.AuthenticateDbUser("db1", "db_user", "db_pass")
 	c.Assert(err, IsNil)