Registration endpoint

[Dalet]

Functionality

Endpoint: POST /account/register

The server may impose a limit on how often a client can call this endpoint. If the client calls this endpoint too many times within a given timespan, the server may respond with a 429 TOO MANY REQUESTS status code.

Request body fields:

• username: string

• email: string

• password: string

• [x] If the client does not provide a username, email, password in the request body, the server must respond with 422 UNPROCESSABLE ENTITY.

• [x] Upon successful user registration, the server must respond with a 201 CREATED status code , along with a User object in the response body corresponding to the newly created user account.

• [x] If the supplied username is not valid, the server must respond with a 422 UNPROCESSABLE CONTENT status code and error codes. (error code: UsernameFormat)

  • [x] A valid username must not contain fewer than 2 characters.
  • [x] A valid username must not contain greater than 25 characters.
  • [x] A valid username must not contain any single character that is not alphanumeric, a hyphen, an underscore, or an apostrophe.
  • [x] A valid username must not contain any hyphens, underscores, or apostrophes that are not immediately and individually preceded and followed by one or more alphanumeric characters.

• [x] If the supplied email address is not a valid email address, the server must respond with a 422 UNPROCESSABLE CONTENT status code and a EmailValidator error for the Email field in the body.

• [x] If the supplied password is not valid, the server must respond with a 422 UNPROCESSABLE CONTENT status code and an error code for the Password field in the body. (error code: PasswordFormat)

  • [x] A valid password must not contain fewer than 8 characters.
  • [x] A valid password must not contain greater than 80 characters.
  • [x] A valid password must contain one or more uppercase letters.
  • [x] A valid password must contain one or more lowercase letters.
  • [x] A valid passowrd must contain one or more numeric digits.

• [x] If a user with the supplied username already exists in the database, the server must respond with a 409 CONFLICT status code and the UsernameTaken error code for the Username field in the body

• [x] If a user with the supplied email address already exists in the database, the server must respond with a 409 CONFLICT status code and the EmailAlreadyUsed error code for the Email field in the body.

Procedure

This is what happens when the server receives a valid user registration request.

Inputs:

• new user object

• [x] A new user record must be created in the database.

  • [x] The new user's username must be the username supplied.
  • [x] The new user's email address must be the email address supplied.
  • [x] The password supplied must be hashed and salted and stored in the newly created user record.
  • [x] The new user's unencrypted password must not be stored, logged, or otherwise recorded in any way, or be recoverable in any way, even by an administrative user or someone with direct database access.

• [ ] The server must generate a new confirmation link. (blocked by https://github.com/leaderboardsgg/leaderboard-backend/issues/153)

Other related issues

https://github.com/leaderboardsgg/leaderboard-site/issues/563

[Dalet]

150 implemented everything in this issue except sending the confirmation link.

[TheTedder]

Is this task complete?

[Dalet]

The only thing missing is sending the confirmation email after registration