From f4dbca615011f691b7cc5d81554c32fa1dbdf423 Mon Sep 17 00:00:00 2001
From: Madeline <46743919+MaddyUnderStars@users.noreply.github.com>
Date: Thu, 17 Feb 2022 20:57:42 +1100
Subject: Added email sanitisation to /users/@me PATCH. Could previously have
 email as any string

---
 api/assets/schemas.json           | 3 +++
 api/src/routes/users/@me/index.ts | 9 ++++++++-
 2 files changed, 11 insertions(+), 1 deletion(-)

(limited to 'api')

diff --git a/api/assets/schemas.json b/api/assets/schemas.json
index 4ffa44b8..818c8a61 100644
--- a/api/assets/schemas.json
+++ b/api/assets/schemas.json
@@ -7039,6 +7039,9 @@
 			},
 			"code": {
 				"type": "string"
+			},
+			"email": {
+				"type": "string"
 			}
 		},
 		"definitions": {
diff --git a/api/src/routes/users/@me/index.ts b/api/src/routes/users/@me/index.ts
index 75c91001..93d2cb01 100644
--- a/api/src/routes/users/@me/index.ts
+++ b/api/src/routes/users/@me/index.ts
@@ -1,5 +1,5 @@
 import { Router, Request, Response } from "express";
-import { User, PrivateUserProjection, emitEvent, UserUpdateEvent, handleFile, FieldErrors } from "@fosscord/util";
+import { User, PrivateUserProjection, emitEvent, UserUpdateEvent, handleFile, FieldErrors, adjustEmail } from "@fosscord/util";
 import { route } from "@fosscord/api";
 import bcrypt from "bcrypt";
 
@@ -21,6 +21,7 @@ export interface UserModifySchema {
 	password?: string;
 	new_password?: string;
 	code?: string;
+	email?: string;
 }
 
 router.get("/", route({}), async (req: Request, res: Response) => {
@@ -46,6 +47,12 @@ router.patch("/", route({ body: "UserModifySchema" }), async (req: Request, res:
 		}
 	}
 
+	if (body.email) {
+		body.email = adjustEmail(body.email);
+		if (!body.email)
+			throw FieldErrors({ email: { message: req.t("auth:register.EMAIL_INVALID"), code: "EMAIL_INVALID" } });
+	}
+
 	user.assign(body);
 
 	if (body.new_password) {
-- 
cgit 1.4.1