server: ignore username case when signing up and in

This commit is contained in:
Max Leiter 2022-03-09 16:22:52 -08:00
parent cad10fb1fa
commit 61f7888f1b
No known key found for this signature in database
GPG key ID: A3512F2F2F17EBDA

View file

@ -54,14 +54,16 @@ users.post('/signup', async (req, res, next) => {
throw new Error("Please provide a username and password") throw new Error("Please provide a username and password")
} }
const existingUser = await User.findOne({ where: { username: req.body.username } }) const username = req.body.username.toLowerCase();
const existingUser = await User.findOne({ where: { username: username } })
if (existingUser) { if (existingUser) {
throw new Error("Username already exists") throw new Error("Username already exists")
} }
const salt = await genSalt(10) const salt = await genSalt(10)
const user = { const user = {
username: req.body.username as string, username: username as string,
password: await hash(req.body.password, salt) password: await hash(req.body.password, salt)
} }
@ -81,7 +83,8 @@ users.post('/login', async (req, res, next) => {
throw new Error("Missing username or password") throw new Error("Missing username or password")
} }
const user = await User.findOne({ where: { username: req.body.username } }); const username = req.body.username.toLowerCase();
const user = await User.findOne({ where: { username: username } });
if (!user) { if (!user) {
throw new Error("User does not exist"); throw new Error("User does not exist");
} }