1
0
mirror of https://github.com/spacebarchat/server.git synced 2024-11-10 20:52:42 +01:00

Added email sanitisation to /users/@me PATCH. Could previously have email as any string

This commit is contained in:
Madeline 2022-02-17 20:57:42 +11:00
parent dbbe0037d0
commit f4dbca6150
2 changed files with 11 additions and 1 deletions

View File

@ -7039,6 +7039,9 @@
},
"code": {
"type": "string"
},
"email": {
"type": "string"
}
},
"definitions": {

View File

@ -1,5 +1,5 @@
import { Router, Request, Response } from "express";
import { User, PrivateUserProjection, emitEvent, UserUpdateEvent, handleFile, FieldErrors } from "@fosscord/util";
import { User, PrivateUserProjection, emitEvent, UserUpdateEvent, handleFile, FieldErrors, adjustEmail } from "@fosscord/util";
import { route } from "@fosscord/api";
import bcrypt from "bcrypt";
@ -21,6 +21,7 @@ export interface UserModifySchema {
password?: string;
new_password?: string;
code?: string;
email?: string;
}
router.get("/", route({}), async (req: Request, res: Response) => {
@ -46,6 +47,12 @@ router.patch("/", route({ body: "UserModifySchema" }), async (req: Request, res:
}
}
if (body.email) {
body.email = adjustEmail(body.email);
if (!body.email)
throw FieldErrors({ email: { message: req.t("auth:register.EMAIL_INVALID"), code: "EMAIL_INVALID" } });
}
user.assign(body);
if (body.new_password) {