From 29bfcd3a3ffb064a762e0d3f8e8dfc40fab7efe9 Mon Sep 17 00:00:00 2001
From: Gabor Javorszky <gabor@javorszky.co.uk>
Date: Mon, 27 May 2013 22:03:13 +0100
Subject: [PATCH] Duplicate user, error handling, password in fixture

---
 config.js                                     |  3 ++-
 core/admin/controllers/index.js               | 17 +++++++-----
 core/shared/data/fixtures/001.js              |  9 ++++---
 .../models/dataProvider.bookshelf.users.js    | 27 ++++++++++++-------
 4 files changed, 35 insertions(+), 21 deletions(-)

diff --git a/config.js b/config.js
index 5e6813f00a..115eb0ea7c 100644
--- a/config.js
+++ b/config.js
@@ -68,7 +68,8 @@
             connection: {
                 filename: './core/shared/data/testdb.db'
             },
-            debug: true
+            debug: false
+            // debug: true
         },
 
         staging: {},
diff --git a/core/admin/controllers/index.js b/core/admin/controllers/index.js
index 95b8c52f90..67510658c8 100755
--- a/core/admin/controllers/index.js
+++ b/core/admin/controllers/index.js
@@ -64,9 +64,9 @@
                 console.log('user found: ', user);
                 req.session.user = "ghostadmin";
                 res.redirect(req.query.redirect || '/ghost/');
-            }, function (err) {
+            }, function (error) {
                 // Do something here to signal the reason for an error
-                console.log(err.stack);
+                req.flash('error', error.message);
                 res.redirect('/ghost/login/');
             });
         },
@@ -78,16 +78,19 @@
             });
         },
         'doRegister': function (req, res) {
-             // console.log(req.body);
-            if (req.body.email_address !== '' && req.body.password.length > 5) {
+            var email = req.body.email_address,
+                password = req.body.password;
+
+            if (email !== '' && password.length > 5) {
                 api.users.add({
-                    email_address: req.body.email_address,
-                    password: req.body.password
+                    email_address: email,
+                    password: password
                 }).then(function (user) {
                     console.log('user added', user);
                     res.redirect('/ghost/login/');
                 }, function (error) {
-                    console.log('there was an error', error);
+                    req.flash('error', error.message);
+                    res.redirect('/ghost/register/');
                 });
             } else {
                 req.flash('error', "The password is too short. Have at least 6 characters in there");
diff --git a/core/shared/data/fixtures/001.js b/core/shared/data/fixtures/001.js
index f2ecbd92d5..849f92a6ae 100644
--- a/core/shared/data/fixtures/001.js
+++ b/core/shared/data/fixtures/001.js
@@ -50,15 +50,16 @@ module.exports = {
 
     users: [
         {
-            "id":               "1",
-            "username":         "johnonolan",
+            "id":                "1",
+            "username":          "johnonolan",
             "first_name":        "John",
             "last_name":         "O'Nolan",
+            "password":          "$2a$10$.pb3wOEhbEPvArvOBB.iyuKslBjC7lSXCUzp29civDTvCg3M1j0XO",
             "email_address":     "john@onolan.org",
             "profile_picture":   "logo.png",
             "cover_picture":     "",
-            "bio":              "Interactive designer, public speaker, startup advisor and writer. Living in Austria, attempting world domination via keyboard.",
-            "url":              "john.onolan.org",
+            "bio":               "Interactive designer, public speaker, startup advisor and writer. Living in Austria, attempting world domination via keyboard.",
+            "url":               "john.onolan.org",
             "created_by":        1,
             "updated_by":        1
         }
diff --git a/core/shared/models/dataProvider.bookshelf.users.js b/core/shared/models/dataProvider.bookshelf.users.js
index 7407b271a8..eeaf9b443e 100644
--- a/core/shared/models/dataProvider.bookshelf.users.js
+++ b/core/shared/models/dataProvider.bookshelf.users.js
@@ -30,11 +30,17 @@
             // Clone the _user so we don't expose the hashed password unnecessarily
             userData = _.extend({}, _user);
 
-        return nodefn.call(bcrypt.hash, _user.password, null, null).then(function (hash) {
-            userData.password = hash;
-            return BaseProvider.prototype.add.call(self, userData);
+        return self.model.forge({email_address: userData.email_address}).fetch().then(function (user) {
+            if (!!user.attributes.email_address) {
+                return when.reject(new Error('A user with that email address already exists.'));
+            }
 
+            return nodefn.call(bcrypt.hash, _user.password, null, null).then(function (hash) {
+                userData.password = hash;
+                return BaseProvider.prototype.add.call(self, userData);
+            });
         });
+
     };
 
     /**
@@ -47,12 +53,15 @@
         return this.model.forge({
             email_address: _userdata.email
         }).fetch().then(function (user) {
-            return nodefn.call(bcrypt.compare, _userdata.pw, user.get('password')).then(function (matched) {
-                if (!matched) {
-                    return when.reject(new Error('Password does not match'));
-                }
-                return user;
-            });
+            if (!!user.attributes.email_address) {
+                return nodefn.call(bcrypt.compare, _userdata.pw, user.get('password')).then(function (matched) {
+                    if (!matched) {
+                        return when.reject(new Error('Passwords do not match'));
+                    }
+                    return user;
+                });
+            }
+            return when.reject(new Error('We do not have a record for such user.'));
         });
     };