Check uniqueness username earlier #489

Author: joepio

lib/src/plugins/register.rs

@@ -43,17 +43,44 @@ struct MailConfirmation {
     pub name: String,
 }
 
+#[derive(Debug, Clone)]
+struct UserName {
+    pub name: String,
+}
+
+impl UserName {
+    /// Throws error if email address is already taken
+    pub fn check_used(name: &str, store: &impl Storelike) -> AtomicResult<Self> {
+        let mut drive_url = store
+            .get_self_url()
+            .ok_or("No self url, cant check name")?
+            .clone();
+        drive_url.set_subdomain(Some(name))?;
+
+        match store.get_resource(&drive_url.to_string()) {
+            Ok(_) => Err("Name already used".into()),
+            Err(_) => Ok(Self { name: name.into() }),
+        }
+    }
+}
+
+impl std::fmt::Display for UserName {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        write!(f, "{}", self.name)
+    }
+}
+
 #[tracing::instrument(skip(store))]
 pub fn handle_register_name_and_email(
     url: url::Url,
     store: &Db,
     for_agent: Option<&str>,
 ) -> AtomicResult<Resource> {
-    let mut name_option = None;
+    let mut name_option: Option<UserName> = None;
     let mut email_option: Option<EmailAddress> = None;
     for (k, v) in url.query_pairs() {
         match k.as_ref() {
-            "name" | urls::NAME => name_option = Some(v.to_string()),
+            "name" | urls::NAME => name_option = Some(UserName::check_used(&v, store)?),
             "email" => email_option = Some(EmailAddress::new(v.to_string())?),
             _ => {}
         }
@@ -64,13 +91,14 @@ pub fn handle_register_name_and_email(
     };
 
     let name = name_option.ok_or("No name provided")?;
+    let _validate_name = Value::new(&name.to_string(), &crate::datatype::DataType::Slug)?;
     let email = email_option.ok_or("No email provided")?.check_used(store)?;
 
     // send the user an e-mail to confirm sign up
     let store_clone = store.clone();
     let confirmation_token_struct = MailConfirmation {
         email: email.clone(),
-        name: name.clone(),
+        name: name.to_string(),
     };
     let token = crate::token::sign_claim(store, confirmation_token_struct)?;
     let mut confirm_url = store

server/src/helpers.rs

@@ -57,6 +57,7 @@ fn origin(url: &str) -> String {
     )
 }
 
+/// Checks if the origin in the Cookie matches the requested subject.
 pub fn get_auth_from_cookie(
     map: &HeaderMap,
     requested_subject: &String,
@@ -93,8 +94,9 @@ pub fn get_auth_from_cookie(
     if subject_invalid {
         return Err(AtomicServerError {
             message: format!(
-                "Wrong requested subject, expected {} was {}",
-                requested_subject, auth_values.requested_subject
+                "Wrong subject origin in cookie subject, expected {} was {}",
+                origin(requested_subject),
+                auth_values.requested_subject
             ),
             error_type: AppErrorType::Unauthorized,
             error_resource: None,