diff options
| -rw-r--r-- | api/auth/signup.py | 6 | ||||
| -rw-r--r-- | api/randid.py | 4 |
2 files changed, 8 insertions, 2 deletions
diff --git a/api/auth/signup.py b/api/auth/signup.py index a568b6d..da2dc7c 100644 --- a/api/auth/signup.py +++ b/api/auth/signup.py @@ -20,6 +20,12 @@ def index(): not password: return "", 400 + if cursor.execute("select username from users where username = ?", [username]).fetchone(): + return {"error": "username_taken"}, 403 + + if cursor.execute("select email from users where email = ?", [email]).fetchone(): + return {"error": "email_taken"}, 403 + user_id = new_uuid() password_salt = passwords.salt() password_hash = passwords.password_hash(password, password_salt) diff --git a/api/randid.py b/api/randid.py index a6ff11f..b9292b6 100644 --- a/api/randid.py +++ b/api/randid.py @@ -3,8 +3,8 @@ import uuid def new_uuid(): temp_uuid = str(uuid.uuid4()) - query = cursor.execute("select user_id from users where user_id = \"{temp_uuid}\"").fetchone() - if query: + # check if user_id is already taken + if cursor.execute("select user_id from users where user_id = ?", [temp_uuid]).fetchone(): return new_uuid() else: return temp_uuid |