How can i avoid that a user can "signup" twice with the same email address?
At the moment, it's possible for users to sign up with the same email address and still get this confirmation message on the signup page:
You've signed up successfully! Check your email for the confirmation link.
In the database, nothing changes if the email address already exists but how can I check upfront as part of the sign up process if the email address already exists?
3 Replies
Hi @mb23. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:
----------------------
In Wasp, you can customize the sign-up action to check if an email already exists in the database before proceeding with the sign-up process. This can be done by using the
findAuthIdentity
function which checks if an authentication identity already exists for a given provider ID.
Here is a sample code snippet from the Wasp documentation that shows how to do this:
In the above code, findAuthIdentity
is used to check if an authentication identity already exists for the provided email. If it does (existingAuthIdentity
is not null), you can return a custom message indicating that the email is already in use. If it doesn't, the code proceeds to create a new user.
Please note that this is just a basic example. You might need to adjust the code to fit your specific needs. For more information, you can refer to the Wasp documentation on creating a custom sign-up action (https://wasp-lang.dev/docs/auth/email#creating-a-custom-sign-up-action).
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
Sorry @mb23, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:
Perhaps try again in 15mins?We consider the user registered only after they confirm their email. Until then, the email is considered free. Imagine if somebody signed up with someone's email and now that person can no longer create an account.
To perform some extra logic before the signup (throw an error to stop the signup from happening if you want) - you can always use the
onBeforeSignup
hook: https://wasp-lang.dev/docs/auth/auth-hooks#executing-code-before-the-user-signs-upAuth Hooks | Wasp
Auth hooks allow you to "hook into" the auth process at various stages and run your custom code. For example, if you want to forbid certain emails from signing up, or if you wish to send a welcome email to the user after they sign up, auth hooks are the way to go.
What Miho said and also, this is kind of a security feature - you don't want to tell users that an account with an email exists to prevent enumeration attacks (i.e., finding out who uses certain apps)