fix: Username check for sign-up with invitation in org context (#10375)

2023-07-25 13:54:49 -03:00 · 2023-07-25 13:54:49 -03:00 · 6a16366941
parent 5a9ee2047f
commit 6a16366941
2 changed files with 43 additions and 33 deletions
--- a/apps/web/pages/api/auth/signup.ts
+++ b/apps/web/pages/api/auth/signup.ts
@ -42,37 +42,6 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
    return;
  }

-  // There is an existingUser if the username matches
-  // OR if the email matches AND either the email is verified
-  // or both username and password are set
-  const existingUser = await prisma.user.findFirst({
-    where: {
-      OR: [
-        { username },
-        {
-          AND: [
-            { email: userEmail },
-            {
-              OR: [
-                { emailVerified: { not: null } },
-                {
-                  AND: [{ password: { not: null } }, { username: { not: null } }],
-                },
-              ],
-            },
-          ],
-        },
-      ],
-    },
-  });
-
-  if (existingUser) {
-    const message: string =
-      existingUser.email !== userEmail ? "Username already taken" : "Email address is already registered";
-
-    return res.status(409).json({ message });
-  }
-
  let foundToken: { id: number; teamId: number | null; expires: Date } | null = null;
  if (token) {
    foundToken = await prisma.verificationToken.findFirst({
@ -100,6 +69,36 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
        return res.status(409).json({ message: "Username already taken" });
      }
    }
+  } else {
+    // There is an existingUser if the username matches
+    // OR if the email matches AND either the email is verified
+    // or both username and password are set
+    const existingUser = await prisma.user.findFirst({
+      where: {
+        OR: [
+          { username },
+          {
+            AND: [
+              { email: userEmail },
+              {
+                OR: [
+                  { emailVerified: { not: null } },
+                  {
+                    AND: [{ password: { not: null } }, { username: { not: null } }],
+                  },
+                ],
+              },
+            ],
+          },
+        ],
+      },
+    });
+    if (existingUser) {
+      const message: string =
+        existingUser.email !== userEmail ? "Username already taken" : "Email address is already registered";
+
+      return res.status(409).json({ message });
+    }
  }

  const hashedPassword = await hashPassword(password);
--- a/packages/lib/validateUsernameInOrg.ts
+++ b/packages/lib/validateUsernameInOrg.ts
@ -21,6 +21,17 @@ export const validateUsernameInOrg = async (usernameSlug: string, teamId: number
      },
    });

+    const usersFound = await prisma.user.findMany({
+      where: {
+        organizationId: teamId,
+      },
+      select: {
+        username: true,
+      },
+    });
+
+    takenSlugs = usersFound.map((user) => user.username);
+
    // If only one team is found and it has a parent, then it's an child team
    // and we can use the parent id to find all the teams that belong to this org
    if (teamsFound && teamsFound.length === 1 && teamsFound[0].parentId) {
@ -34,9 +45,9 @@ export const validateUsernameInOrg = async (usernameSlug: string, teamId: number
          slug: true,
        },
      });
-      takenSlugs = childTeams.map((team) => team.slug);
+      takenSlugs = takenSlugs.concat(childTeams.map((team) => team.slug));
    } else {
-      takenSlugs = teamsFound.map((team) => team.slug);
+      takenSlugs = takenSlugs.concat(teamsFound.map((team) => team.slug));
    }

    return !takenSlugs.includes(slugify(usernameSlug));