moon
/
sync
mirror of https://github.com/calzoneman/sync.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Prevent registration race condition

This commit is contained in:
calzoneman 2013-11-05 22:39:51 -06:00
parent 33d1075d44
commit 22ba96b9fd
3 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
changelog
View File

@ -1,3 +1,9 @@
Tue Nov 05 22:38 2013 CDT
* lib/database.js: Add a check for registrations-in-progress to prevent
duplicate queries by an impatient user
* www/assets/js/account.js: Disable the registration button while the
registration is being processed
Mon Nov 04 16:15 2013 CDT Mon Nov 04 16:15 2013 CDT
* lib/xss.js, tests/xss.js: Merge work-in-progress XSS filter * lib/xss.js, tests/xss.js: Merge work-in-progress XSS filter
from xss branch from xss branch

14
lib/database.js
View File

@ -738,6 +738,7 @@ Database.prototype.isUsernameTaken = function (name, callback) {
}); });
}; };
var regInProgress = {};
Database.prototype.registerUser = function (name, pw, callback) { Database.prototype.registerUser = function (name, pw, callback) {
var self = this; var self = this;
if(typeof callback !== "function") if(typeof callback !== "function")
@ -748,37 +749,50 @@ Database.prototype.registerUser = function (name, pw, callback) {
return; return;
} }
if (regInProgress[name]) {
callback("Registration is already in progress", null);
return;
}
regInProgress[name] = true;
var postRegister = function (err, res) { var postRegister = function (err, res) {
if(err) { if(err) {
delete regInProgress[name];
callback(err, null); callback(err, null);
return; return;
} }
self.createLoginSession(name, function (err, hash) { self.createLoginSession(name, function (err, hash) {
if(err) { if(err) {
delete regInProgress[name];
// Don't confuse people into thinking the registration // Don't confuse people into thinking the registration
// failed when it was the session that failed // failed when it was the session that failed
callback(null, ""); callback(null, "");
return; return;
} }
delete regInProgress[name];
callback(null, hash); callback(null, hash);
}); });
}; };
self.isUsernameTaken(name, function (err, taken) { self.isUsernameTaken(name, function (err, taken) {
if(err) { if(err) {
delete regInProgress[name];
callback(err, null); callback(err, null);
return; return;
} }
if(taken) { if(taken) {
delete regInProgress[name];
callback("Username already taken", null); callback("Username already taken", null);
return; return;
} }
bcrypt.hash(pw, 10, function (err, hash) { bcrypt.hash(pw, 10, function (err, hash) {
if(err) { if(err) {
delete regInProgress[name];
callback(err, null); callback(err, null);
return; return;
} }

3
www/assets/js/account.js
View File

@ -161,6 +161,8 @@ $("#registerbtn").click(function() {
return; return;
} }
$("#registerbtn").attr("disabled", true);
// Input valid, try registering // Input valid, try registering
var data = { var data = {
name: name, name: name,
@ -168,6 +170,7 @@ $("#registerbtn").click(function() {
}; };
postJSON(WEB_URL + "/api/register?callback=?", data, function (data) { postJSON(WEB_URL + "/api/register?callback=?", data, function (data) {
$("#registerbtn").attr("disabled", false);
if(data.success) { if(data.success) {
uname = name; uname = name;
session = data.session; session = data.session;