From 9af3979b8ce47123b807a19ca824b8eeab0c5a83 Mon Sep 17 00:00:00 2001
From: Felix Strick <felix.strick@udo.edu>
Date: Sat, 11 Mar 2023 15:41:04 +0100
Subject: [PATCH] Check if username is already registered

---
 pretix_keycloak_create_user/signals.py | 48 ++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)

diff --git a/pretix_keycloak_create_user/signals.py b/pretix_keycloak_create_user/signals.py
index aaecbe2..4d8ea44 100644
--- a/pretix_keycloak_create_user/signals.py
+++ b/pretix_keycloak_create_user/signals.py
@@ -1,4 +1,5 @@
 import json
+import requests
 from django import forms
 from django.dispatch import receiver
 from django.urls import resolve, reverse
@@ -8,10 +9,13 @@ from pretix.base.settings import settings_hierarkey
 from pretix.base.signals import (
     order_modified,
     order_placed,
+    validate_order,
 )
 from pretix.base.templatetags.rich_text import rich_text_snippet
 from pretix.control.signals import nav_event_settings
 from pretix.presale.signals import question_form_fields
+from pretix.base.services.orders import OrderError
+
 
 from .tasks import keycloak_create_user
 
@@ -103,3 +107,47 @@ def navbar_settings(sender, request=None, **kwargs):
             and url.url_name == "settings",
         }
     ]
+
+@receiver(validate_order, dispatch_uid="keycloak_create_user_validate_order")
+def validate_order(sender, positions, **kwargs):
+    if (
+        not sender.settings.keycloak_create_user_authorization_token
+        and not sender.settings.keycloak_create_user_realm_url
+    ):
+        return
+    
+    for order_position in positions.all():
+        if str(order_position.item.pk) not in sender.settings.get(
+            "keycloak_create_user_items"
+        ):
+            continue
+
+        if not order_position.meta_info_data.get("question_form_data", {}).get(
+            "keycloak_create_user_keycloak_username"
+        ):
+            continue
+
+        event = sender 
+        server = event.settings.keycloak_create_user_realm_url
+        token = event.settings.keycloak_create_user_authorization_token
+
+        username = order_position.meta_info_data.get("question_form_data", {}).get(
+            "keycloak_create_user_keycloak_username"
+        )
+
+        response = requests.get(
+            "{}/users/count?username={}".format(
+                server,
+                username # TODO verify that this is not a security issue
+            ),
+            headers={
+                "Authorization": "Bearer {}".format(token),
+            },
+        )
+    
+        if response.status_code == 200:
+            if json.loads(response.text) > 0:
+                raise OrderError(
+                    _("Username already taken. Please choose another username.")
+                )
+    
-- 
GitLab