[FIX] users.register endpoint to not create an user if username already being used (#12297)

7 years ago · 88dc99ec6e
parent 183a64bf1c
commit 88dc99ec6e
2 changed files with 44 additions and 1 deletions
--- a/packages/rocketchat-api/server/v1/users.js
+++ b/packages/rocketchat-api/server/v1/users.js
@ -166,6 +166,10 @@ RocketChat.API.v1.addRoute('users.register', { authRequired: false }, {
 			username: String,
 		}));

+		if (!RocketChat.checkUsernameAvailability(this.bodyParams.username)) {
+			return RocketChat.API.v1.failure('Username is already in use');
+		}
+
 		// Register the user
 		const userId = Meteor.call('registerUser', this.bodyParams);

--- a/tests/end-to-end/api/01-users.js
+++ b/tests/end-to-end/api/01-users.js
@ -136,6 +136,45 @@ describe('[Users]', function() {
 		});
 	});

+	describe('[/users.register]', () => {
+		const email = `email@email${ Date.now() }.com`;
+		const username = `myusername${ Date.now() }`;
+		it('should register new user', (done) => {
+			request.post(api('users.register'))
+				.send({
+					email,
+					name: 'name',
+					username,
+					pass: 'test',
+				})
+				.expect('Content-Type', 'application/json')
+				.expect(200)
+				.expect((res) => {
+					expect(res.body).to.have.property('success', true);
+					expect(res.body).to.have.nested.property('user.username', username);
+					expect(res.body).to.have.nested.property('user.emails[0].address', email);
+					expect(res.body).to.have.nested.property('user.active', true);
+					expect(res.body).to.have.nested.property('user.name', 'name');
+				})
+				.end(done);
+		});
+		it('should return an error when trying register new user with an existing username', (done) => {
+			request.post(api('users.register'))
+				.send({
+					email,
+					name: 'name',
+					username,
+				})
+				.expect('Content-Type', 'application/json')
+				.expect(400)
+				.expect((res) => {
+					expect(res.body).to.have.property('success', false);
+					expect(res.body).to.have.property('error').and.to.be.equal('Username is already in use');
+				})
+				.end(done);
+		});
+	});
+
 	describe('[/users.info]', () => {
 		it('should query information about a user by userId', (done) => {
 			request.get(api('users.info'))
@ -998,7 +1037,7 @@ describe('[Users]', function() {
 				})
 				.end(resolve);
 		});
-		const testUsername = `testuser${ +new Date() }`;
+		const testUsername = `testuserdelete${ +new Date() }`;
 		let targetUser;
 		it('register a new user...', (done) => {
 			request.post(api('users.register'))