System Information
-
Strapi Version: 4
-
Operating System:
-
Database:
-
Node Version:
-
NPM Version:
-
Yarn Version:
I just realized that the username field is not unique (and cannot be changed) in the users collection. I know that the email address field must be unique but I was able to create more than 1 user account with the same username and password. I know the chances of 2 different users creating the same username/password combo might be rare, but John Smith with a password of ‘password123’. could happen if your project is open to the public. Has anyone else thought about this?
1 Like
If anyone else is interested:
I just added a unique index on the username column in the up_users table. I can now handle the error “Username already taken” (Postgres) thrown in the register REST call.
1 Like
Adding this unique index caused problems with Strapi (will no longer start) after making changes to content-types. Not exactly sure why. A better solution for Postgres is to add a constraint instead of a unique index. Works great although the register controller method code no longer catches the ‘Username already taken’ error properly. The service add method within register throws an error somewhere in a middleware with the message ‘This attribute must be unique’.
1 Like