Skip to content
Permalink
Browse files

fix username verification when user not authenticated

  • Loading branch information
paglias committed Oct 9, 2018
1 parent 49a275b commit eb537fc7b4327f3576168b6b2830a9a8b51aea5c
Showing with 13 additions and 6 deletions.
  1. +13 −6 website/server/controllers/api-v4/auth.js
@@ -72,9 +72,10 @@ api.updateUsername = {
api.verifyUsername = {
method: 'POST',
url: '/user/auth/verify-username',
middlewares: [authWithHeaders({
optional: true,
})],
async handler (req, res) {
const user = res.locals.user;

req.checkBody({
username: {
notEmpty: {errorMessage: res.t('missingUsername')},
@@ -84,11 +85,17 @@ api.verifyUsername = {
const validationErrors = req.validationErrors();
if (validationErrors) throw validationErrors;

const issues = verifyUsername(req.body.username, res);
const user = res.locals.user;
const chosenUsername = req.body.username;

const issues = verifyUsername(chosenUsername, res);

const existingUser = await User.findOne({
'auth.local.lowerCaseUsername': chosenUsername.toLowerCase(),
}, {auth: 1}).exec();

const existingUser = await User.findOne({ 'auth.local.lowerCaseUsername': req.body.username.toLowerCase() }, {auth: 1}).exec();
if (existingUser && existingUser._id !== user._id) {
issues.push(res.t('usernameTaken'));
if (existingUser) {
if (!user || existingUser._id !== user._id) issues.push(res.t('usernameTaken'));
}

if (issues.length > 0) {

0 comments on commit eb537fc

Please sign in to comment.
You can’t perform that action at this time.