From 1befe77a7b6afe1a48532ff2c0f2b9b896219e1f Mon Sep 17 00:00:00 2001
From: root <root@databunker.org>
Date: Thu, 16 Dec 2021 09:18:08 +0000
Subject: [PATCH] check that user has at least one index key

---
 src/bunker.go    |  2 +-
 src/users_api.go | 10 +++++++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/bunker.go b/src/bunker.go
index 88fa118..3617efe 100644
--- a/src/bunker.go
+++ b/src/bunker.go
@@ -186,7 +186,7 @@ func (e mainEnv) setupRouter() *httprouter.Router {
 
 	router.GET("/v1/sys/backup", e.backupDB)
 
-	router.POST("/v1/user", e.userNew)
+	router.POST("/v1/user", e.userCreate)
 	router.GET("/v1/user/:mode/:identity", e.userGet)
 	router.DELETE("/v1/user/:mode/:identity", e.userDelete)
 	router.PUT("/v1/user/:mode/:identity", e.userChange)
diff --git a/src/users_api.go b/src/users_api.go
index 2b724e6..9040ff3 100644
--- a/src/users_api.go
+++ b/src/users_api.go
@@ -10,7 +10,7 @@ import (
 	"go.mongodb.org/mongo-driver/bson"
 )
 
-func (e mainEnv) userNew(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
+func (e mainEnv) userCreate(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
 	event := audit("create user record", "", "", "")
 	defer func() { event.submit(e.db) }()
 
@@ -81,6 +81,14 @@ func (e mainEnv) userNew(w http.ResponseWriter, r *http.Request, ps httprouter.P
 			return
 		}
 	}
+	if len(parsedData.loginIdx) == 0 &&
+	   len(parsedData.emailIdx) == 0 &&
+	   len(parsedData.phoneIdx) == 0 &&
+	   len(parsedData.customIdx) == 0 {
+		returnError(w, r, "failed to create user, all user lookup fields are missing", 405, err, event)
+		return
+	}
+
 	userTOKEN, err := e.db.createUserRecord(parsedData, event)
 	if err != nil {
 		returnError(w, r, "internal error", 405, err, event)