feat: auth service logic for purging expired unverified accounts upon registration, new sql queries for this purpose
This commit is contained in:
@@ -58,30 +58,58 @@ func NewAuthService(_log *zap.Logger, _dbctx database.DbContext, _redis *redis.C
|
||||
|
||||
func (a *authServiceImpl) RegistrationBegin(request models.RegistrationBeginRequest) (bool, error) {
|
||||
|
||||
var occupationStatus database.CheckUserRegistrationAvailabilityRow
|
||||
var user database.User
|
||||
var generatedCode string
|
||||
var generatedCodeHash string
|
||||
var passwordHash string
|
||||
var err error
|
||||
|
||||
helper, db, _ := database.NewDbHelperTransaction(a.dbctx)
|
||||
defer helper.Rollback()
|
||||
|
||||
var err error
|
||||
if occupationStatus, err = db.TXQueries.CheckUserRegistrationAvailability(db.CTX, database.CheckUserRegistrationAvailabilityParams{
|
||||
Email: request.Email,
|
||||
Username: request.Username,
|
||||
}); err != nil {
|
||||
a.log.Error(
|
||||
"Failed to check credentials availability for registration",
|
||||
zap.String("username", request.Username),
|
||||
zap.String("email", request.Email),
|
||||
zap.Error(err))
|
||||
return false, errs.ErrServerError
|
||||
}
|
||||
|
||||
// TODO: get user if it exists. If not verified and no valid code exists, delete
|
||||
// and recreate
|
||||
if occupationStatus.UsernameBusy {
|
||||
a.log.Warn(
|
||||
"Attempted registration for a taken username",
|
||||
zap.String("email", request.Email),
|
||||
zap.String("username", request.Username))
|
||||
return false, errs.ErrUsernameTaken
|
||||
|
||||
} else if occupationStatus.EmailBusy {
|
||||
// Falsely confirm in order to avoid disclosing registered email addresses
|
||||
a.log.Warn(
|
||||
"Attempted registration for a taken email",
|
||||
zap.String("email", request.Email),
|
||||
zap.String("username", request.Username))
|
||||
return true, nil
|
||||
|
||||
} else {
|
||||
if _, err := db.TXQueries.DeleteUnverifiedAccountsHavingUsernameOrEmail(db.CTX, database.DeleteUnverifiedAccountsHavingUsernameOrEmailParams{
|
||||
Username: request.Username,
|
||||
Email: request.Email,
|
||||
}); err != nil {
|
||||
a.log.Error(
|
||||
"Failed to purge unverified accounts as part of registration",
|
||||
zap.String("email", request.Email),
|
||||
zap.String("username", request.Username),
|
||||
zap.Error(err))
|
||||
return false, errs.ErrServerError
|
||||
}
|
||||
}
|
||||
|
||||
if user, err = db.TXQueries.CreateUser(db.CTX, request.Username); err != nil {
|
||||
|
||||
if errs.MatchPgError(err, pgerrcode.UniqueViolation) {
|
||||
a.log.Warn(
|
||||
"Attempted registration for a taken username",
|
||||
zap.String("username", request.Username),
|
||||
zap.Error(err))
|
||||
|
||||
return false, errs.ErrUsernameTaken
|
||||
}
|
||||
|
||||
a.log.Error("Failed to add user to database", zap.Error(err))
|
||||
return false, errs.ErrServerError
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user