From 41a0871452e297e46d681b99cc7cbe26fee5796c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C4=93teris=20Caune?= Date: Mon, 30 Sep 2019 16:40:45 +0300 Subject: [PATCH] Generate usernames as uuid3(const, email). Prevents multiple accts with the same email. Prevent double-clicking the submit button in signup form. Fixes #290 --- CHANGELOG.md | 4 ++++ hc/accounts/views.py | 7 ++++++- static/js/signup.js | 2 ++ 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 849c7b8a..e9657618 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,10 @@ All notable changes to this project will be documented in this file. - Add "last_duration" attribute to the Check API resource (#257) - Upgrade to psycopg2 2.8.3 +### Bug Fixes +- Usernames now are uuid3(const, email). Prevents multiple accts with same email (#290) +- Prevent double-clicking the submit button in signup form + ## 1.9.0 - 2019-09-03 diff --git a/hc/accounts/views.py b/hc/accounts/views.py index 5c4e9a9b..73352200 100644 --- a/hc/accounts/views.py +++ b/hc/accounts/views.py @@ -43,6 +43,8 @@ NEXT_WHITELIST = ( "hc-add-pushover", ) +NAMESPACE_HC = uuid.UUID("2b25afdf-ce1a-4fa3-adf2-592e35f27fa9") + def _is_whitelisted(path): try: @@ -54,7 +56,10 @@ def _is_whitelisted(path): def _make_user(email, with_project=True): - username = str(uuid.uuid4())[:30] + # Generate username from email in a deterministic way. + # Since the database has an uniqueness constraint on username, + # this makes sure that emails also are unique. + username = str(uuid.uuid3(NAMESPACE_HC, email)) user = User(username=username, email=email) user.set_unusable_password() user.save() diff --git a/static/js/signup.js b/static/js/signup.js index a0c23136..92323863 100644 --- a/static/js/signup.js +++ b/static/js/signup.js @@ -5,6 +5,7 @@ $(function () { var email = $("#signup-email").val(); var token = $('input[name=csrfmiddlewaretoken]').val(); + $("#signup-go").prop("disabled", true); $.ajax({ url: base + "/accounts/signup/", type: "post", @@ -12,6 +13,7 @@ $(function () { data: {"identity": email}, success: function(data) { $("#signup-result").html(data).show(); + $("#signup-go").prop("disabled", false); } });