public-offering
/
cal.pub0.org
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: Username check for sign-up with invitation in org context (#10375)

fix/reduce-team-list-payload
Leo Giovanetti 2023-07-25 13:54:49 -03:00 committed by GitHub
parent 5a9ee2047f
commit 6a16366941
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 43 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
apps/web/pages/api/auth/signup.ts
View File

@ -42,37 +42,6 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
return; return;
} }
// There is an existingUser if the username matches
// OR if the email matches AND either the email is verified
// or both username and password are set
const existingUser = await prisma.user.findFirst({
where: {
OR: [
{ username },
{
AND: [
{ email: userEmail },
{
OR: [
{ emailVerified: { not: null } },
{
AND: [{ password: { not: null } }, { username: { not: null } }],
},
],
},
],
},
],
},
});
if (existingUser) {
const message: string =
existingUser.email !== userEmail ? "Username already taken" : "Email address is already registered";
return res.status(409).json({ message });
}
let foundToken: { id: number; teamId: number | null; expires: Date } | null = null; let foundToken: { id: number; teamId: number | null; expires: Date } | null = null;
if (token) { if (token) {
foundToken = await prisma.verificationToken.findFirst({ foundToken = await prisma.verificationToken.findFirst({
@ -100,6 +69,36 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
return res.status(409).json({ message: "Username already taken" }); return res.status(409).json({ message: "Username already taken" });
} }
} }
} else {
// There is an existingUser if the username matches
// OR if the email matches AND either the email is verified
// or both username and password are set
const existingUser = await prisma.user.findFirst({
where: {
OR: [
{ username },
{
AND: [
{ email: userEmail },
{
OR: [
{ emailVerified: { not: null } },
{
AND: [{ password: { not: null } }, { username: { not: null } }],
},
],
},
],
},
],
},
});
if (existingUser) {
const message: string =
existingUser.email !== userEmail ? "Username already taken" : "Email address is already registered";
return res.status(409).json({ message });
}
} }
const hashedPassword = await hashPassword(password); const hashedPassword = await hashPassword(password);

15
packages/lib/validateUsernameInOrg.ts
View File

@ -21,6 +21,17 @@ export const validateUsernameInOrg = async (usernameSlug: string, teamId: number
}, },
}); });
const usersFound = await prisma.user.findMany({
where: {
organizationId: teamId,
},
select: {
username: true,
},
});
takenSlugs = usersFound.map((user) => user.username);
// If only one team is found and it has a parent, then it's an child team // If only one team is found and it has a parent, then it's an child team
// and we can use the parent id to find all the teams that belong to this org // and we can use the parent id to find all the teams that belong to this org
if (teamsFound && teamsFound.length === 1 && teamsFound[0].parentId) { if (teamsFound && teamsFound.length === 1 && teamsFound[0].parentId) {
@ -34,9 +45,9 @@ export const validateUsernameInOrg = async (usernameSlug: string, teamId: number
slug: true, slug: true,
}, },
}); });
takenSlugs = childTeams.map((team) => team.slug); takenSlugs = takenSlugs.concat(childTeams.map((team) => team.slug));
} else { } else {
takenSlugs = teamsFound.map((team) => team.slug); takenSlugs = takenSlugs.concat(teamsFound.map((team) => team.slug));
} }
return !takenSlugs.includes(slugify(usernameSlug)); return !takenSlugs.includes(slugify(usernameSlug));