From 6a163669413deeb32b15ff7653a05189cce99f8d Mon Sep 17 00:00:00 2001 From: Leo Giovanetti Date: Tue, 25 Jul 2023 13:54:49 -0300 Subject: [PATCH] fix: Username check for sign-up with invitation in org context (#10375) --- apps/web/pages/api/auth/signup.ts | 61 +++++++++++++-------------- packages/lib/validateUsernameInOrg.ts | 15 ++++++- 2 files changed, 43 insertions(+), 33 deletions(-) diff --git a/apps/web/pages/api/auth/signup.ts b/apps/web/pages/api/auth/signup.ts index 803d00bbfc..6f25c21551 100644 --- a/apps/web/pages/api/auth/signup.ts +++ b/apps/web/pages/api/auth/signup.ts @@ -42,37 +42,6 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse) return; } - // There is an existingUser if the username matches - // OR if the email matches AND either the email is verified - // or both username and password are set - const existingUser = await prisma.user.findFirst({ - where: { - OR: [ - { username }, - { - AND: [ - { email: userEmail }, - { - OR: [ - { emailVerified: { not: null } }, - { - AND: [{ password: { not: null } }, { username: { not: null } }], - }, - ], - }, - ], - }, - ], - }, - }); - - if (existingUser) { - const message: string = - existingUser.email !== userEmail ? "Username already taken" : "Email address is already registered"; - - return res.status(409).json({ message }); - } - let foundToken: { id: number; teamId: number | null; expires: Date } | null = null; if (token) { foundToken = await prisma.verificationToken.findFirst({ @@ -100,6 +69,36 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse) return res.status(409).json({ message: "Username already taken" }); } } + } else { + // There is an existingUser if the username matches + // OR if the email matches AND either the email is verified + // or both username and password are set + const existingUser = await prisma.user.findFirst({ + where: { + OR: [ + { username }, + { + AND: [ + { email: userEmail }, + { + OR: [ + { emailVerified: { not: null } }, + { + AND: [{ password: { not: null } }, { username: { not: null } }], + }, + ], + }, + ], + }, + ], + }, + }); + if (existingUser) { + const message: string = + existingUser.email !== userEmail ? "Username already taken" : "Email address is already registered"; + + return res.status(409).json({ message }); + } } const hashedPassword = await hashPassword(password); diff --git a/packages/lib/validateUsernameInOrg.ts b/packages/lib/validateUsernameInOrg.ts index d628a194a2..7505b3ba2a 100644 --- a/packages/lib/validateUsernameInOrg.ts +++ b/packages/lib/validateUsernameInOrg.ts @@ -21,6 +21,17 @@ export const validateUsernameInOrg = async (usernameSlug: string, teamId: number }, }); + const usersFound = await prisma.user.findMany({ + where: { + organizationId: teamId, + }, + select: { + username: true, + }, + }); + + takenSlugs = usersFound.map((user) => user.username); + // If only one team is found and it has a parent, then it's an child team // and we can use the parent id to find all the teams that belong to this org if (teamsFound && teamsFound.length === 1 && teamsFound[0].parentId) { @@ -34,9 +45,9 @@ export const validateUsernameInOrg = async (usernameSlug: string, teamId: number slug: true, }, }); - takenSlugs = childTeams.map((team) => team.slug); + takenSlugs = takenSlugs.concat(childTeams.map((team) => team.slug)); } else { - takenSlugs = teamsFound.map((team) => team.slug); + takenSlugs = takenSlugs.concat(teamsFound.map((team) => team.slug)); } return !takenSlugs.includes(slugify(usernameSlug));