From ff6a7512d5bc4d06893e25e821ff6789ef398227 Mon Sep 17 00:00:00 2001
From: Daniel Friesel <derf@finalrewind.org>
Date: Fri, 8 Mar 2019 18:52:12 +0100
Subject: do not allow multiple pending registrations for one mail

---
 index.pl                   | 38 ++++++++++++++++++++++++++++++++++++++
 templates/register.html.ep |  2 +-
 2 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/index.pl b/index.pl
index 7b84c4a..84d6aec 100755
--- a/index.pl
+++ b/index.pl
@@ -234,6 +234,22 @@ app->attr(
 			qq{select id from users where name = ?});
 	}
 );
+app->attr(
+	get_pending_mails_query => sub {
+		my ($self) = @_;
+
+		return $self->app->dbh->prepare(
+			qq{select id from users where email = ? and status = 0;});
+	}
+);
+app->attr(
+	get_listed_mails_query => sub {
+		my ($self) = @_;
+
+		return $self->app->dbh->prepare(
+			qq{select * from pending_mails where email = ?;});
+	}
+);
 app->attr(
 	get_user_query => sub {
 		my ($self) = @_;
@@ -661,6 +677,20 @@ helper 'check_if_user_name_exists' => sub {
 	return 0;
 };
 
+helper 'check_if_mail_is_blacklisted' => sub {
+	my ( $self, $mail ) = @_;
+
+	$self->app->get_pending_mails_query->execute($mail);
+	if ( @{ $self->app->get_pending_mails_query->fetchall_arrayref } ) {
+		return 1;
+	}
+	$self->app->get_listed_mails_query->execute($mail);
+	if ( @{ $self->app->get_listed_mails_query->fetchall_arrayref } ) {
+		return 1;
+	}
+	return 0;
+};
+
 helper 'get_user_travels' => sub {
 	my ( $self, $limit ) = @_;
 
@@ -946,6 +976,11 @@ post '/register' => sub {
 		return;
 	}
 
+	if ( $self->check_if_mail_is_blacklisted($email) ) {
+		$self->render( 'register', invalid => 'mail_blacklisted' );
+		return;
+	}
+
 	if ( $password ne $password2 ) {
 		$self->render( 'register', invalid => 'password_notequal' );
 		return;
@@ -958,6 +993,7 @@ post '/register' => sub {
 
 	my $token   = make_token();
 	my $pw_hash = hash_password($password);
+	$self->app->dbh->begin_work;
 	my $user_id = $self->add_user( $user, $email, $token, $pw_hash );
 
 	my $body = "Hallo, ${user}!\n\n";
@@ -991,9 +1027,11 @@ post '/register' => sub {
 
 	my $success = try_to_sendmail($reg_mail);
 	if ($success) {
+		$self->app->dbh->commit;
 		$self->render( 'login', from => 'register' );
 	}
 	else {
+		$self->app->dbh->rollback;
 		$self->render( 'register', invalid => 'sendmail' );
 	}
 };
diff --git a/templates/register.html.ep b/templates/register.html.ep
index d1e189d..6a4a72d 100644
--- a/templates/register.html.ep
+++ b/templates/register.html.ep
@@ -37,7 +37,7 @@
 					% }
 					% elsif ($invalid eq 'mail_blacklisted') {
 						<span class="card-title">Mailadresse nicht nutzbar</span>
-						<p>Mit der angegebenen E-Mail-Adresse können keine
+						<p>Mit der angegebenen E-Mail-Adresse können derzeit keine
 							travelynx-Accounts registriert werden.</p>
 					% }
 					% elsif ($invalid eq 'sendmail') {
-- 
cgit v1.2.3