better handling if account is partially signed up

tbocek · tbocek · commit e35fe7182cb4 · 2022-06-06T09:25:38.000+02:00
diff --git a/controller.go b/controller.go
@@ -317,6 +317,9 @@ func signup(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 
+	//check if user exists than was not activated yet. In that case, resend the email and don't try to insert
+	//the user, as this would fail due to constraints
+
 	err = insertUser(cred.Email, calcPw, emailToken, refreshToken, flowType, timeNow())
 	if err != nil {
 		writeErr(w, http.StatusBadRequest, "invalid_request", "blocked", "ERR-signup-07, insert user failed: %v", err)
diff --git a/db.go b/db.go
@@ -55,8 +55,11 @@ func insertUser(email string, pwRaw []byte, emailToken string, refreshToken stri
 		s1 := base32.StdEncoding.EncodeToString(pwRaw)
 		pw = &s1
 	}
-	stmt, err := db.Prepare(`INSERT INTO auth (email, password, email_token, refresh_token, flow_type, created_at) 
-								   VALUES ($1, $2, $3, $4, $5, $6)`)
+	stmt, err := db.Prepare(`INSERT INTO auth as a (email, password, email_token, refresh_token, flow_type, created_at) 
+								   VALUES ($1, $2, $3, $4, $5, $6)
+								   ON CONFLICT (email) DO
+								     UPDATE SET password=$2, email_token = $3
+								     WHERE a.email_token IS NOT NULL`)
 	if err != nil {
 		return fmt.Errorf("prepare INSERT INTO auth for %v statement failed: %v", email, err)
 	}
diff --git a/main_test.go b/main_test.go
@@ -65,25 +65,22 @@ func TestSignupWrongEmail(t *testing.T) {
 	shutdown()
 }
 
-func TestSignupTwice(t *testing.T) {
+func TestSignupTwiceWorking(t *testing.T) {
 	shutdown := mainTest(testParams...)
 	resp := doSignup("tom@test.ch", "testtest")
-	resp.Body.Close()
 	resp = doSignup("tom@test.ch", "testtest")
 
-	bodyBytes, _ := ioutil.ReadAll(resp.Body)
-	bodyString := string(bodyBytes)
-
-	assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
-	assert.True(t, strings.Index(bodyString, "ERR-signup-07") > 0)
+	assert.Equal(t, http.StatusOK, resp.StatusCode)
 
 	resp.Body.Close()
 	shutdown()
 }
 
-func TestSignupWrong(t *testing.T) {
+func TestSignupTwiceNotWorking(t *testing.T) {
 	shutdown := mainTest(testParams...)
 	resp := doSignup("tom@test.ch", "testtest")
+	token := token("tom@test.ch")
+	resp = doConfirm("tom@test.ch", token)
 	resp = doSignup("tom@test.ch", "testtest")
 
 	bodyBytes, _ := ioutil.ReadAll(resp.Body)

Original file line number	Diff line number	Diff line change
`@@ -317,6 +317,9 @@ func signup(w http.ResponseWriter, r *http.Request) {`
`317`	`317`	`}`
`318`	`318`	`}`
`319`	`319`
	`320`	`+ //check if user exists than was not activated yet. In that case, resend the email and don't try to insert`
	`321`	`+ //the user, as this would fail due to constraints`
	`322`	`+`
`320`	`323`	`err = insertUser(cred.Email, calcPw, emailToken, refreshToken, flowType, timeNow())`
`321`	`324`	`if err != nil {`
`322`	`325`	`writeErr(w, http.StatusBadRequest, "invalid_request", "blocked", "ERR-signup-07, insert user failed: %v", err)`
Original file line number	Diff line number	Diff line change
`@@ -55,8 +55,11 @@ func insertUser(email string, pwRaw []byte, emailToken string, refreshToken stri`
`55`	`55`	`s1 := base32.StdEncoding.EncodeToString(pwRaw)`
`56`	`56`	`pw = &s1`
`57`	`57`	`}`
`58`		- stmt, err := db.Prepare(`INSERT INTO auth (email, password, email_token, refresh_token, flow_type, created_at)
`59`		- VALUES ($1, $2, $3, $4, $5, $6)`)
	`58`	+ stmt, err := db.Prepare(`INSERT INTO auth as a (email, password, email_token, refresh_token, flow_type, created_at)
	`59`	`+ VALUES ($1, $2, $3, $4, $5, $6)`
	`60`	`+ ON CONFLICT (email) DO`
	`61`	`+ UPDATE SET password=$2, email_token = $3`
	`62`	+ WHERE a.email_token IS NOT NULL`)
`60`	`63`	`if err != nil {`
`61`	`64`	`return fmt.Errorf("prepare INSERT INTO auth for %v statement failed: %v", email, err)`
`62`	`65`	`}`