Server side checking of user input before allowing signup.

controllers/user.js

@@ -7,10 +7,10 @@ var _ = require('lodash'),
     secrets = require('../config/secrets'),
     moment = require('moment'),
     Challenge = require('./../models/Challenge'),
-    debug = require('debug')('freecc:cntr:challenges')
+    debug = require('debug')('freecc:cntr:challenges'),
     resources = require('./resources');
 
-//TODO(Berks): Refactor to use module.exports = {} pattern.
+
 
 /**
  * GET /signin
@@ -99,9 +99,25 @@ exports.postEmailSignup = function(req, res, next) {
     if (errors) {
         req.flash('errors', errors);
         return res.redirect('/email-signup');
-    debug(errors);
     }
 
+    var possibleUserData = req.body;
+
+    if (possibleUserData.password.length < 5) {
+        req.flash('errors', {
+            msg: 'Your password is too short'
+        });
+        return res.redirect('email-signup');
+    }
+
+    if (possibleUserData.username.length < 8 || possibleUserData.length > 20) {
+        req.flash('errors', {
+            msg: 'Your username must be between 5 and 20 characters'
+        });
+        return res.redirect('email-signup');
+    }
+
+
     var user = new User({
         email: req.body.email.trim(),
         password: req.body.password,
@@ -111,18 +127,30 @@ exports.postEmailSignup = function(req, res, next) {
         }
     });
 
-  User.findOne({ email: req.body.email }, function(err, existingUser) {
+    User.findOne({ email: req.body.email }, function(err, existingEmail) {
-    if (err) { return next(err); }
+        if (err) {
+            return next(err);
+        }
 
-    if (existingUser) {
+        if (existingEmail) {
             req.flash('errors', {
                 msg: 'Account with that email address already exists.'
             });
             return res.redirect('/email-signup');
         }
+        User.findOne({'profile.username': req.body.username }, function(err, existingUsername) {
+            if (err) {
+                return next(err);
+            }
+            if (existingUsername) {
+                req.flash('errors', {
+                    msg: 'Account with that username already exists.'
+                });
+                return res.redirect('/email-signup');
+            }
+
             user.save(function(err) {
                 if (err) { return next(err); }
-
                 req.logIn(user, function(err) {
                     if (err) { return next(err); }
                     res.redirect('/email-signup');
@@ -152,6 +180,7 @@ exports.postEmailSignup = function(req, res, next) {
                 if (err) { return err; }
             });
         });
+    });
 };
 
 /**
@@ -292,6 +321,8 @@ exports.updateProgress = function(req, res) {
  */
 
 exports.postUpdateProfile = function(req, res, next) {
+
+    // What does this do?
     User.findById(req.user.id, function(err, user) {
         if (err) return next(err);
         var errors = req.validationErrors();
@@ -322,7 +353,6 @@ exports.postUpdateProfile = function(req, res, next) {
                     });
                     return res.redirect('/account');
                 }
-        var user = req.user;
                 user.email = req.body.email.trim() || '';
                 user.profile.name = req.body.name.trim() || '';
                 user.profile.username = req.body.username.trim() || '';