W
Wasp-lang2mo ago
mb23

How can i avoid that a user can "signup" twice with the same email address?

At the moment, it's possible for users to sign up with the same email address and still get this confirmation message on the signup page: You've signed up successfully! Check your email for the confirmation link. In the database, nothing changes if the email address already exists but how can I check upfront as part of the sign up process if the email address already exists?
3 Replies
kapa.ai
kapa.ai2mo ago
Hi @mb23. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave: ---------------------- In Wasp, you can customize the sign-up action to check if an email already exists in the database before proceeding with the sign-up process. This can be done by using the findAuthIdentity function which checks if an authentication identity already exists for a given provider ID. Here is a sample code snippet from the Wasp documentation that shows how to do this: 
import {  
 findAuthIdentity,  
 createUser,  
} from 'wasp/server/auth'  
import type { CustomSignup } from 'wasp/server/operations'  
  
type CustomSignupInput = {  
 email: string  
 password: string  
}  
type CustomSignupOutput = {  
 success: boolean  
 message: string  
}  
  
export const signup: CustomSignup<CustomSignupInput, CustomSignupOutput> = async (args, _context) => {  
 const providerId = createProviderId('email', args.email)  
 const existingAuthIdentity = await findAuthIdentity(providerId)  
  
 if (existingAuthIdentity) {  
 // Your custom code here  
 } else {  
 await createUser(  
 providerId,  
 providerData,  
 // Any additional data you want to store on the User entity  
 {},  
 )  
 // ...  
 }  
 // ...  
 return {  
 success: true,  
 message: 'User created successfully',  
 }  
}
import {  
 findAuthIdentity,  
 createUser,  
} from 'wasp/server/auth'  
import type { CustomSignup } from 'wasp/server/operations'  
  
type CustomSignupInput = {  
 email: string  
 password: string  
}  
type CustomSignupOutput = {  
 success: boolean  
 message: string  
}  
  
export const signup: CustomSignup<CustomSignupInput, CustomSignupOutput> = async (args, _context) => {  
 const providerId = createProviderId('email', args.email)  
 const existingAuthIdentity = await findAuthIdentity(providerId)  
  
 if (existingAuthIdentity) {  
 // Your custom code here  
 } else {  
 await createUser(  
 providerId,  
 providerData,  
 // Any additional data you want to store on the User entity  
 {},  
 )  
 // ...  
 }  
 // ...  
 return {  
 success: true,  
 message: 'User created successfully',  
 }  
}
In the above code, findAuthIdentity is used to check if an authentication identity already exists for the provided email. If it does (existingAuthIdentity is not null), you can return a custom message indicating that the email is already in use. If it doesn't, the code proceeds to create a new user. Please note that this is just a basic example. You might need to adjust the code to fit your specific needs. For more information, you can refer to the Wasp documentation on creating a custom sign-up action (https://wasp-lang.dev/docs/auth/email#creating-a-custom-sign-up-action). ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ---------------------- Sorry @mb23, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist: Perhaps try again in 15mins?
miho
miho2mo ago
We consider the user registered only after they confirm their email. Until then, the email is considered free. Imagine if somebody signed up with someone's email and now that person can no longer create an account. To perform some extra logic before the signup (throw an error to stop the signup from happening if you want) - you can always use the onBeforeSignup hook: https://wasp-lang.dev/docs/auth/auth-hooks#executing-code-before-the-user-signs-up
Auth Hooks | Wasp
Auth hooks allow you to "hook into" the auth process at various stages and run your custom code. For example, if you want to forbid certain emails from signing up, or if you wish to send a welcome email to the user after they sign up, auth hooks are the way to go.
Filip
Filip2mo ago
What Miho said and also, this is kind of a security feature - you don't want to tell users that an account with an email exists to prevent enumeration attacks (i.e., finding out who uses certain apps)
Want results from more Discord servers?
Add your server