aboutsummaryrefslogtreecommitdiff
path: root/api
diff options
context:
space:
mode:
authorlonkaars <l.leblansch@gmail.com>2021-01-14 09:42:18 +0100
committerlonkaars <l.leblansch@gmail.com>2021-01-14 09:42:18 +0100
commitec27999881a452804da87a6190db7997ed21a9a2 (patch)
tree59fc77767ac99e92d2b01354ad2d34de3167569d /api
parent4e918ce7cbc2bb18823a233abf3dc1c6a260ecc4 (diff)
no double emails or usernames
Diffstat (limited to 'api')
-rw-r--r--api/auth/signup.py6
-rw-r--r--api/randid.py4
2 files changed, 8 insertions, 2 deletions
diff --git a/api/auth/signup.py b/api/auth/signup.py
index a568b6d..da2dc7c 100644
--- a/api/auth/signup.py
+++ b/api/auth/signup.py
@@ -20,6 +20,12 @@ def index():
not password:
return "", 400
+ if cursor.execute("select username from users where username = ?", [username]).fetchone():
+ return {"error": "username_taken"}, 403
+
+ if cursor.execute("select email from users where email = ?", [email]).fetchone():
+ return {"error": "email_taken"}, 403
+
user_id = new_uuid()
password_salt = passwords.salt()
password_hash = passwords.password_hash(password, password_salt)
diff --git a/api/randid.py b/api/randid.py
index a6ff11f..b9292b6 100644
--- a/api/randid.py
+++ b/api/randid.py
@@ -3,8 +3,8 @@ import uuid
def new_uuid():
temp_uuid = str(uuid.uuid4())
- query = cursor.execute("select user_id from users where user_id = \"{temp_uuid}\"").fetchone()
- if query:
+ # check if user_id is already taken
+ if cursor.execute("select user_id from users where user_id = ?", [temp_uuid]).fetchone():
return new_uuid()
else:
return temp_uuid