From 215ca0371c8f84c537071cb08ce9f014ff781c36 Mon Sep 17 00:00:00 2001 From: Matteo Pagliazzi Date: Thu, 15 Oct 2015 19:52:21 +0200 Subject: [PATCH] fix(signup): correct email checks --- website/src/controllers/auth.js | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/website/src/controllers/auth.js b/website/src/controllers/auth.js index 0bc39ebc80..120e935511 100644 --- a/website/src/controllers/auth.js +++ b/website/src/controllers/auth.js @@ -68,6 +68,7 @@ api.authWithUrl = function(req, res, next) { api.registerUser = function(req, res, next) { var regUname = RegexEscape(req.body.username); + var email = req.body.email && req.body.email.toLowerCase(); async.auto({ validate: function(cb) { if (!(req.body.username && req.body.password && req.body.email)) @@ -79,14 +80,14 @@ api.registerUser = function(req, res, next) { cb(); }, findReg: function(cb) { - User.findOne({$or:[{'auth.local.email': req.body.email}, {'auth.local.username': regUname}]}, {'auth.local':1}, cb); + User.findOne({$or:[{'auth.local.email': email}, {'auth.local.username': regUname}]}, {'auth.local':1}, cb); }, findFacebook: function(cb){ User.findOne({_id: req.headers['x-api-user'], apiToken: req.headers['x-api-key']}, {auth:1}, cb); }, register: ['validate', 'findReg', 'findFacebook', function(cb, data) { if (data.findReg) { - if (req.body.email === data.findReg.auth.local.email) return cb({code:401, err:"Email already taken"}); + if (email === data.findReg.auth.local.email) return cb({code:401, err:"Email already taken"}); if (regUname.test(data.findReg.auth.local.username)) return cb({code:401, err:"Username already taken"}); } var salt = utils.makeSalt(); @@ -94,7 +95,7 @@ api.registerUser = function(req, res, next) { auth: { local: { username: req.body.username, - email: req.body.email.toLowerCase(), + email: email, salt: salt, hashed_password: utils.encryptPassword(req.body.password, salt) },