From 52fbb8f899693246123283076af16587bfbd963d Mon Sep 17 00:00:00 2001 From: Phillip Thelen Date: Fri, 5 Oct 2018 21:51:21 +0200 Subject: [PATCH] Verify username as valid if user is re-checking their current name (#10737) * Verify username as valid if user is re-checking their current name * Fix lint error and existingUser check. --- website/server/controllers/api-v4/auth.js | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/website/server/controllers/api-v4/auth.js b/website/server/controllers/api-v4/auth.js index a34e774ac4..4b5b328c6b 100644 --- a/website/server/controllers/api-v4/auth.js +++ b/website/server/controllers/api-v4/auth.js @@ -73,6 +73,8 @@ api.verifyUsername = { method: 'POST', url: '/user/auth/verify-username', async handler (req, res) { + const user = res.locals.user; + req.checkBody({ username: { notEmpty: {errorMessage: res.t('missingUsername')}, @@ -84,8 +86,10 @@ api.verifyUsername = { const issues = verifyUsername(req.body.username, res); - const count = await User.count({ 'auth.local.lowerCaseUsername': req.body.username.toLowerCase() }); - if (count > 0) issues.push(res.t('usernameTaken')); + const existingUser = await User.findOne({ 'auth.local.lowerCaseUsername': req.body.username.toLowerCase() }, {auth: 1}).exec(); + if (existingUser && existingUser._id !== user._id) { + issues.push(res.t('usernameTaken')); + } if (issues.length > 0) { res.respond(200, { isUsable: false, issues });