Prevent registration race condition
This commit is contained in:
parent
33d1075d44
commit
22ba96b9fd
|
@ -1,3 +1,9 @@
|
|||
Tue Nov 05 22:38 2013 CDT
|
||||
* lib/database.js: Add a check for registrations-in-progress to prevent
|
||||
duplicate queries by an impatient user
|
||||
* www/assets/js/account.js: Disable the registration button while the
|
||||
registration is being processed
|
||||
|
||||
Mon Nov 04 16:15 2013 CDT
|
||||
* lib/xss.js, tests/xss.js: Merge work-in-progress XSS filter
|
||||
from xss branch
|
||||
|
|
|
@ -738,6 +738,7 @@ Database.prototype.isUsernameTaken = function (name, callback) {
|
|||
});
|
||||
};
|
||||
|
||||
var regInProgress = {};
|
||||
Database.prototype.registerUser = function (name, pw, callback) {
|
||||
var self = this;
|
||||
if(typeof callback !== "function")
|
||||
|
@ -748,37 +749,50 @@ Database.prototype.registerUser = function (name, pw, callback) {
|
|||
return;
|
||||
}
|
||||
|
||||
if (regInProgress[name]) {
|
||||
callback("Registration is already in progress", null);
|
||||
return;
|
||||
}
|
||||
|
||||
regInProgress[name] = true;
|
||||
|
||||
var postRegister = function (err, res) {
|
||||
if(err) {
|
||||
delete regInProgress[name];
|
||||
callback(err, null);
|
||||
return;
|
||||
}
|
||||
|
||||
self.createLoginSession(name, function (err, hash) {
|
||||
if(err) {
|
||||
delete regInProgress[name];
|
||||
// Don't confuse people into thinking the registration
|
||||
// failed when it was the session that failed
|
||||
callback(null, "");
|
||||
return;
|
||||
}
|
||||
|
||||
delete regInProgress[name];
|
||||
callback(null, hash);
|
||||
});
|
||||
};
|
||||
|
||||
self.isUsernameTaken(name, function (err, taken) {
|
||||
if(err) {
|
||||
delete regInProgress[name];
|
||||
callback(err, null);
|
||||
return;
|
||||
}
|
||||
|
||||
if(taken) {
|
||||
delete regInProgress[name];
|
||||
callback("Username already taken", null);
|
||||
return;
|
||||
}
|
||||
|
||||
bcrypt.hash(pw, 10, function (err, hash) {
|
||||
if(err) {
|
||||
delete regInProgress[name];
|
||||
callback(err, null);
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -161,6 +161,8 @@ $("#registerbtn").click(function() {
|
|||
return;
|
||||
}
|
||||
|
||||
$("#registerbtn").attr("disabled", true);
|
||||
|
||||
// Input valid, try registering
|
||||
var data = {
|
||||
name: name,
|
||||
|
@ -168,6 +170,7 @@ $("#registerbtn").click(function() {
|
|||
};
|
||||
|
||||
postJSON(WEB_URL + "/api/register?callback=?", data, function (data) {
|
||||
$("#registerbtn").attr("disabled", false);
|
||||
if(data.success) {
|
||||
uname = name;
|
||||
session = data.session;
|
||||
|
|
Loading…
Reference in a new issue