From 9ad30e102e25e3904f084ac905883151b7aa092a Mon Sep 17 00:00:00 2001 From: Adolfo Reyna Date: Tue, 4 Feb 2025 23:21:53 -0500 Subject: [PATCH] Check for invitations which were used already --- index.js | 4 ++++ routes/profile.js | 2 ++ 2 files changed, 6 insertions(+) diff --git a/index.js b/index.js index ba0438c..b57ead3 100644 --- a/index.js +++ b/index.js @@ -116,6 +116,8 @@ DB.getDB.then((DB) => { if(!email) return res.json({status: "provide valid email"}); let r = await DB.getInvitation(email); if(!r) return res.json({status: "no invitation found with that email"}); + let isUserAlreadyRegistered = await DB.getUser(email); + if(isUserAlreadyRegistered && isUserAlreadyRegistered._id) return res.json({status: "This user is already registered"}); return res.json({status: "ok", ... r}); }); @@ -131,6 +133,8 @@ DB.getDB.then((DB) => { // Check if the new user has an invitation. // TODO: Alert admin of signup attempts via email. if (!await DB.getInvitation(email)) return res.json({ status: "Not invitation found!" }); + let isUserAlreadyRegistered = await DB.getUser(email); + if(isUserAlreadyRegistered && isUserAlreadyRegistered._id) return res.json({status: "This user is already registered"}); // Hash password to be stored on the DB. // TODO: I think this is missing a Salt factor to improve security const hashedPassword = await bcrypt.hash(password, 10); diff --git a/routes/profile.js b/routes/profile.js index 1e5478b..128838c 100644 --- a/routes/profile.js +++ b/routes/profile.js @@ -84,6 +84,8 @@ DB.getDB.then((DB)=>{ if(!email) return res.json({status: "provide valid email"}); let r = await DB.getInvitation(email); if(!r) return res.json({status: "no invitation found with that email"}); + let isUserAlreadyRegistered = await DB.getUser(email); + if(isUserAlreadyRegistered && isUserAlreadyRegistered._id) return res.json({status: "This user is already registered"}); return res.json({status: "ok", ... r}); });