Make username field unique in users-permissions

System Information
  • Strapi Version: 4
  • Operating System:
  • Database:
  • Node Version:
  • NPM Version:
  • Yarn Version:

I just realized that the username field is not unique (and cannot be changed) in the users collection. I know that the email address field must be unique but I was able to create more than 1 user account with the same username and password. I know the chances of 2 different users creating the same username/password combo might be rare, but John Smith with a password of ‘password123’. could happen if your project is open to the public. Has anyone else thought about this?

1 Like

If anyone else is interested:

I just added a unique index on the username column in the up_users table. I can now handle the error “Username already taken” (Postgres) thrown in the register REST call.

1 Like

Adding this unique index caused problems with Strapi (will no longer start) after making changes to content-types. Not exactly sure why. A better solution for Postgres is to add a constraint instead of a unique index. Works great although the register controller method code no longer catches the ‘Username already taken’ error properly. The service add method within register throws an error somewhere in a middleware with the message ‘This attribute must be unique’.

1 Like