Spacebar/server
1
0
Fork 0
mirror of https://github.com/spacebarchat/server.git synced 2024-11-06 19:02:33 +01:00
Code Issues Releases Activity

Added email sanitisation to /users/@me PATCH. Could previously have email as any string

Browse Source
This commit is contained in:
Madeline 2022-02-17 20:57:42 +11:00
parent c23ec4acee
commit d0cfbecc32
No known key found for this signature in database
GPG Key ID: 1958E017C36F2E47
2 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
api/assets/schemas.json
View File

@ -7039,6 +7039,9 @@
}, },
"code": { "code": {
"type": "string" "type": "string"
},
"email": {
"type": "string"
} }
}, },
"definitions": { "definitions": {

9
api/src/routes/users/@me/index.ts
View File

@ -1,5 +1,5 @@
import { Router, Request, Response } from "express"; import { Router, Request, Response } from "express";
import { User, PrivateUserProjection, emitEvent, UserUpdateEvent, handleFile, FieldErrors } from "@fosscord/util"; import { User, PrivateUserProjection, emitEvent, UserUpdateEvent, handleFile, FieldErrors, adjustEmail } from "@fosscord/util";
import { route } from "@fosscord/api"; import { route } from "@fosscord/api";
import bcrypt from "bcrypt"; import bcrypt from "bcrypt";
@ -21,6 +21,7 @@ export interface UserModifySchema {
password?: string; password?: string;
new_password?: string; new_password?: string;
code?: string; code?: string;
email?: string;
} }
router.get("/", route({}), async (req: Request, res: Response) => { router.get("/", route({}), async (req: Request, res: Response) => {
@ -46,6 +47,12 @@ router.patch("/", route({ body: "UserModifySchema" }), async (req: Request, res:
} }
} }
if (body.email) {
body.email = adjustEmail(body.email);
if (!body.email)
throw FieldErrors({ email: { message: req.t("auth:register.EMAIL_INVALID"), code: "EMAIL_INVALID" } });
}
user.assign(body); user.assign(body);
if (body.new_password) { if (body.new_password) {