Open chia7 opened 7 years ago
The second user would not know the first user's password, so would that really be an issue? You can add input filtration and validation for stronger passwords. i.e.
Is this answering your question?
In the User model, you could add {unique: true} to your username, this would not allow a duplicate username and would throw and error. Just handle the error after that.
I created the solution below to prevent this from happening. In short, I created a Mongoose query to see if that username has been taken, and if it has display a flash message. Otherwise it will just run the code to create a new user like it would normally.
// check to make this user hasnt registered
var testThisName = username;
var queryforUsername = {};
queryforUsername["username"] = testThisName;
User.find(queryforUsername, function(error,item) {
if(error) throw error;
if(item.length > 0) {
req.flash('warning', 'That username is taken!')
// then redirect to user register page to try again
res.redirect('/users/register');
} else if (item.length == 0) {
//add the code to create a new user `here`
console.log("Creating an account with the free username");
})
})
There would be a problem that multiple users share the same username, but we're able to login with the one who first registered. Is there any ways to prevent it happen like what we did to validate those required inputs to be not empty?