Generate usernames as uuid3(const, email). Prevents multiple accts with the same email. Prevent double-clicking the submit button in signup form. Fixes #290

CHANGELOG.md

@@ -8,6 +8,10 @@ All notable changes to this project will be documented in this file.
 - Add "last_duration" attribute to the Check API resource (#257)
 - Upgrade to psycopg2 2.8.3
 
+### Bug Fixes
+- Usernames now are uuid3(const, email). Prevents multiple accts with same email (#290)
+- Prevent double-clicking the submit button in signup form
+
 
 ## 1.9.0 - 2019-09-03
 

hc/accounts/views.py

@@ -43,6 +43,8 @@ NEXT_WHITELIST = (
     "hc-add-pushover",
 )
 
+NAMESPACE_HC = uuid.UUID("2b25afdf-ce1a-4fa3-adf2-592e35f27fa9")
+
 
 def _is_whitelisted(path):
     try:
@@ -54,7 +56,10 @@ def _is_whitelisted(path):
 
 
 def _make_user(email, with_project=True):
-    username = str(uuid.uuid4())[:30]
+    # Generate username from email in a deterministic way.
+    # Since the database has an uniqueness constraint on username,
+    # this makes sure that emails also are unique.
+    username = str(uuid.uuid3(NAMESPACE_HC, email))
     user = User(username=username, email=email)
     user.set_unusable_password()
     user.save()

static/js/signup.js

@@ -5,6 +5,7 @@ $(function () {
         var email = $("#signup-email").val();
         var token = $('input[name=csrfmiddlewaretoken]').val();
 
+        $("#signup-go").prop("disabled", true);
         $.ajax({
             url: base + "/accounts/signup/",
             type: "post",
@@ -12,6 +13,7 @@ $(function () {
             data: {"identity": email},
             success: function(data) {
                 $("#signup-result").html(data).show();
+                $("#signup-go").prop("disabled", false);
             }
         });