Fix for duplicate email registration that meant flash error not being

displayed. The error message does not specify the error is a duplicate email address so as not to reveal which emails are current user accounts.
2026-02-05 02:42:26 -05:00 · 2016-03-09 15:12:33 +00:00
parent eea5bfe749
commit 33c92a4e29
2 changed files with 36 additions and 6 deletions
--- a/app/main/views/register.py
+++ b/app/main/views/register.py
@@ -30,9 +30,13 @@ def register():

    form = RegisterUserForm()
    if form.validate_on_submit():
-        return _do_registration(form)
-    else:
-        return render_template('views/register.html', form=form)
+        registered = _do_registration(form)
+        if registered:
+            return redirect(url_for('main.verify'))
+        else:
+            flash('There was an error registering your account')
+
+    return render_template('views/register.html', form=form)


@main.route('/register-from-invite', methods=['GET', 'POST'])
@@ -46,7 +50,11 @@ def register_from_invite():
    if form.validate_on_submit():
        if form.service.data != invited_user['service'] or form.email_address.data != invited_user['email_address']:
            abort(400)
-        return _do_registration(form)
+        registered = _do_registration(form)
+        if registered:
+            return redirect(url_for('main.verify'))
+        else:
+            flash('There was an error registering your account')

    form.service.data = invited_user['service']
    form.email_address.data = invited_user['email_address']
@@ -77,6 +85,6 @@ def _do_registration(form, service=None):
        users_dao.send_verify_code(user.id, 'email', user.email_address)
        session['expiry_date'] = str(datetime.now() + timedelta(hours=1))
        session['user_details'] = {"email": user.email_address, "id": user.id}
-        return redirect(url_for('main.verify'))
+        return True
    else:
-        flash('There was an error registering your account')
+        return False
--- a/tests/app/main/views/test_register.py
+++ b/tests/app/main/views/test_register.py
@@ -1,4 +1,5 @@
 from flask import url_for
+from bs4 import BeautifulSoup


 def test_render_register_returns_template_with_form(app_):
@@ -106,3 +107,24 @@ def test_should_return_400_if_password_is_blacklisted(app_,

    response.status_code == 200
    assert 'That password is blacklisted, too common' in response.get_data(as_text=True)
+
+
+def test_register_with_existing_email_returns_error(app_,
+                                                    api_user_active,
+                                                    mock_get_user_by_email):
+    user_data = {
+        'name': 'Already Hasaccount',
+        'email_address': api_user_active.email_address,
+        'mobile_number': '+4407700900460',
+        'password': 'validPassword!'
+    }
+
+    with app_.test_request_context():
+        response = app_.test_client().post(url_for('main.register'),
+                                           data=user_data)
+        assert response.status_code == 200
+        page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')
+        element = page.find('h1')
+        assert element.text == 'Create an account'
+        flash_banner = page.find('div', class_='banner-dangerous').string.strip()
+        assert flash_banner == 'There was an error registering your account'