Open AdamsBlack opened 2 years ago
There's nothing directly preventing a user to register with the same email other than the "unique" attribute in the database.
at Query.run (C:\Users\adam\Documents\Retropilot\public\retropilot-server\node_modules\sequelize\lib\dialects\postgres\query.js:50:25) at C:\Users\adam\Documents\Retropilot\public\retropilot-server\node_modules\sequelize\lib\sequelize.js:313:28 at processTicksAndRejections (internal/process/task_queues.js:95:5) at async PostgresQueryInterface.insert (C:\Users\adam\Documents\Retropilot\public\retropilot-server\node_modules\sequelize\lib\dialects\abstract\query-interface.js:297:21) at async model.save (C:\Users\adam\Documents\Retropilot\public\retropilot-server\node_modules\sequelize\lib\model.js:2417:35) at async Function.create (C:\Users\adam\Documents\Retropilot\public\retropilot-server\node_modules\sequelize\lib\model.js:1329:12) at async C:\Users\adam\Documents\Retropilot\public\retropilot-server\dist\server\router\useradmin.js:174:16 { name: 'SequelizeUniqueConstraintError', errors: [ ValidationErrorItem { message: 'email must be unique', type: 'unique violation', path: 'email', value: 'email@email.com', origin: 'DB', instance: [accounts], validatorKey: 'not_unique', validatorName: null, validatorArgs: [] } ], parent: error: duplicate key value violates unique constraint "accounts_un" at Parser.parseErrorMessage (C:\Users\adam\Documents\Retropilot\public\retropilot-server\node_modules\pg-protocol\dist\parser.js:287:98) at Parser.handlePacket (C:\Users\adam\Documents\Retropilot\public\retropilot-server\node_modules\pg-protocol\dist\parser.js:126:29) at Parser.parse (C:\Users\adam\Documents\Retropilot\public\retropilot-server\node_modules\pg-protocol\dist\parser.js:39:38) at Socket.<anonymous> (C:\Users\adam\Documents\Retropilot\public\retropilot-server\node_modules\pg-protocol\dist\index.js:11:42) at Socket.emit (events.js:400:28) at addChunk (internal/streams/readable.js:293:12) at readableAddChunk (internal/streams/readable.js:267:9) at Socket.Readable.push (internal/streams/readable.js:206:10) at TCP.onStreamRead (internal/stream_base_commons.js:188:23) { length: 204, severity: 'ERROR', code: '23505', detail: 'Key (email)=(email@email.com) already exists.', hint: undefined, position: undefined, internalPosition: undefined, internalQuery: undefined, where: undefined, schema: 'public', table: 'accounts', column: undefined, dataType: undefined, constraint: 'accounts_un', file: 'nbtinsert.c', line: '670', routine: '_bt_check_unique', sql: 'INSERT INTO "accounts" ("id","email","password","created","admin") VALUES (DEFAULT,$1,$2,$3,$4) RETURNING "id","email","password","created","last_ping","2fa_token","admin","email_verify_token","g_oauth_sub","two_factor_enabled";', parameters: [ 'email@email.com', 'password_hash***', 1651328540828, false ] }, original: error: duplicate key value violates unique constraint "accounts_un" at Parser.parseErrorMessage (C:\Users\adam\Documents\Retropilot\public\retropilot-server\node_modules\pg-protocol\dist\parser.js:287:98) at Parser.handlePacket (C:\Users\adam\Documents\Retropilot\public\retropilot-server\node_modules\pg-protocol\dist\parser.js:126:29) at Parser.parse (C:\Users\adam\Documents\Retropilot\public\retropilot-server\node_modules\pg-protocol\dist\parser.js:39:38) at Socket.<anonymous> (C:\Users\adam\Documents\Retropilot\public\retropilot-server\node_modules\pg-protocol\dist\index.js:11:42) at Socket.emit (events.js:400:28) at addChunk (internal/streams/readable.js:293:12) at readableAddChunk (internal/streams/readable.js:267:9) at Socket.Readable.push (internal/streams/readable.js:206:10) at TCP.onStreamRead (internal/stream_base_commons.js:188:23) { length: 204, severity: 'ERROR', code: '23505', detail: 'Key (email)=(email@email.com) already exists.', hint: undefined, position: undefined, internalPosition: undefined, internalQuery: undefined, where: undefined, schema: 'public', table: 'accounts', column: undefined, dataType: undefined, constraint: 'accounts_un', file: 'nbtinsert.c', line: '670', routine: '_bt_check_unique', sql: 'INSERT INTO "accounts" ("id","email","password","created","admin") VALUES (DEFAULT,$1,$2,$3,$4) RETURNING "id","email","password","created","last_ping","2fa_token","admin","email_verify_token","g_oauth_sub","two_factor_enabled";', parameters: [ 'email@email.com', 'password_hash*****', 1651328540828, false ] }, fields: { email: 'email@email.com' }, sql: 'INSERT INTO "accounts" ("id","email","password","created","admin") VALUES (DEFAULT,$1,$2,$3,$4) RETURNING "id","email","password","created","last_ping","2fa_token","admin","email_verify_token","g_oauth_sub","two_factor_enabled";' } TypeError: Cannot read property 'dataValues' of undefined at C:\Users\adam\Documents\Retropilot\public\retropilot-server\dist\server\router\useradmin.js:181:16 at processTicksAndRejections (internal/process/task_queues.js:95:5)```
this isn't really a security issue, since the database takes care of preventing duplicates but it's not great.
There's nothing directly preventing a user to register with the same email other than the "unique" attribute in the database.