From ec27999881a452804da87a6190db7997ed21a9a2 Mon Sep 17 00:00:00 2001
From: lonkaars <l.leblansch@gmail.com>
Date: Thu, 14 Jan 2021 09:42:18 +0100
Subject: no double emails or usernames

---
 api/auth/signup.py | 6 ++++++
 api/randid.py      | 4 ++--
 2 files changed, 8 insertions(+), 2 deletions(-)

(limited to 'api')

diff --git a/api/auth/signup.py b/api/auth/signup.py
index a568b6d..da2dc7c 100644
--- a/api/auth/signup.py
+++ b/api/auth/signup.py
@@ -20,6 +20,12 @@ def index():
        not password:
            return "", 400
 
+    if cursor.execute("select username from users where username = ?", [username]).fetchone():
+        return {"error": "username_taken"}, 403
+
+    if cursor.execute("select email from users where email = ?", [email]).fetchone():
+        return {"error": "email_taken"}, 403
+
     user_id = new_uuid()
     password_salt = passwords.salt()
     password_hash = passwords.password_hash(password, password_salt)
diff --git a/api/randid.py b/api/randid.py
index a6ff11f..b9292b6 100644
--- a/api/randid.py
+++ b/api/randid.py
@@ -3,8 +3,8 @@ import uuid
 
 def new_uuid():
     temp_uuid = str(uuid.uuid4())
-    query = cursor.execute("select user_id from users where user_id = \"{temp_uuid}\"").fetchone()
-    if query:
+    # check if user_id is already taken
+    if cursor.execute("select user_id from users where user_id = ?", [temp_uuid]).fetchone():
         return new_uuid()
     else:
         return temp_uuid
-- 
cgit v1.2.3