Prevent registration race condition

2013-11-05 22:39:51 -06:00 · 2013-11-05 22:39:51 -06:00 · 22ba96b9fd
commit 22ba96b9fd
parent 33d1075d44
3 changed files with 23 additions and 0 deletions
--- a/lib/database.js
+++ b/lib/database.js
@ -738,6 +738,7 @@ Database.prototype.isUsernameTaken = function (name, callback) {
    });
 };

+var regInProgress = {};
 Database.prototype.registerUser = function (name, pw, callback) {
    var self = this;
    if(typeof callback !== "function")
@ -748,37 +749,50 @@ Database.prototype.registerUser = function (name, pw, callback) {
        return;
    }

+    if (regInProgress[name]) {
+        callback("Registration is already in progress", null);
+        return;
+    }
+
+    regInProgress[name] = true;
+
    var postRegister = function (err, res) {
        if(err) {
+            delete regInProgress[name];
            callback(err, null);
            return;
        }

        self.createLoginSession(name, function (err, hash) {
            if(err) {
+                delete regInProgress[name];
                // Don't confuse people into thinking the registration
                // failed when it was the session that failed
                callback(null, "");
                return;
            }

+            delete regInProgress[name];
            callback(null, hash);
        });
    };

    self.isUsernameTaken(name, function (err, taken) {
        if(err) {
+            delete regInProgress[name];
            callback(err, null);
            return;
        }

        if(taken) {
+            delete regInProgress[name];
            callback("Username already taken", null);
            return;
        }

        bcrypt.hash(pw, 10, function (err, hash) {
            if(err) {
+                delete regInProgress[name];
                callback(err, null);
                return;
            }