From 38fc3db341f19a390037a8d685936dacda2cb41a Mon Sep 17 00:00:00 2001 From: Sander Vocke Date: Fri, 13 Nov 2020 13:56:27 +0100 Subject: [PATCH] Prevent duplicate registrations. --- client/src/components/tables/ResultsTable.tsx | 2 +- client/src/lib/useAuth.tsx | 2 +- server/endpoints/RegisterUser.ts | 12 ++++++++++-- server/migrations/20201110170100_add_users.ts | 1 - server/test/integration/flows/AuthFlow.js | 13 +++++++++++++ 5 files changed, 25 insertions(+), 5 deletions(-) diff --git a/client/src/components/tables/ResultsTable.tsx b/client/src/components/tables/ResultsTable.tsx index 1bdce75..e79fb37 100644 --- a/client/src/components/tables/ResultsTable.tsx +++ b/client/src/components/tables/ResultsTable.tsx @@ -46,7 +46,7 @@ export default function SongTable(props: { {props.songs.map((song: any) => { const title = props.songGetters.getTitle(song); - // TODO / FIXME: display artists and albums separately! + // TODO: display artists and albums separately! const artistNames = props.songGetters.getArtistNames(song); const artist = stringifyList(artistNames); const mainArtistId = props.songGetters.getArtistIds(song)[0]; diff --git a/client/src/lib/useAuth.tsx b/client/src/lib/useAuth.tsx index 6f4f0b9..d6b4995 100644 --- a/client/src/lib/useAuth.tsx +++ b/client/src/lib/useAuth.tsx @@ -41,7 +41,7 @@ export const useAuth = () => { function useProvideAuth() { const [user, setUser] = useState(null); - // FIXME: password shouldn't be encoded into the URL. + // TODO: password maybe shouldn't be encoded into the URL. const signin = (email: string, password: string) => { return (async () => { const urlBase = (process.env.REACT_APP_BACKEND || "") + serverApi.LoginEndpoint; diff --git a/server/endpoints/RegisterUser.ts b/server/endpoints/RegisterUser.ts index ac9699c..0782d90 100644 --- a/server/endpoints/RegisterUser.ts +++ b/server/endpoints/RegisterUser.ts @@ -18,8 +18,16 @@ export const RegisterUserEndpointHandler: EndpointHandler = async (req: any, res await knex.transaction(async (trx) => { try { - // FIXME check if the user already exists - + // check if the user already exists + const user = (await trx + .select('id') + .from('users') + .where({ email: reqObject.email }))[0]; + if(user) { + res.status(400).send(); + return; + } + // Create the new user. const passwordHash = sha512(reqObject.password); const userId = (await trx('users') diff --git a/server/migrations/20201110170100_add_users.ts b/server/migrations/20201110170100_add_users.ts index 5384bc8..6b75776 100644 --- a/server/migrations/20201110170100_add_users.ts +++ b/server/migrations/20201110170100_add_users.ts @@ -14,7 +14,6 @@ export async function up(knex: Knex): Promise { ) // Add user column to other object tables. - // FIXME: figure out what happens in practice with pre-existing objects. await knex.schema.alterTable( 'songs', (table: any) => { diff --git a/server/test/integration/flows/AuthFlow.js b/server/test/integration/flows/AuthFlow.js index f8270d7..61f751d 100644 --- a/server/test/integration/flows/AuthFlow.js +++ b/server/test/integration/flows/AuthFlow.js @@ -35,6 +35,19 @@ describe('Auth registration password and email constraints', () => { }); }); +describe('Attempting to register an already registered user', () => { + it('should fail', async done => { + let req = await init(); + try { + await helpers.createUser(req, "someone@email.com", "password1A!", 200); + await helpers.createUser(req, "someone@email.com", "password1A!", 400); + } finally { + req.close(); + done(); + } + }); +}); + describe('Auth login access for users', () => { it('is correctly enforced', async done => { let req = await init();