summary refs log tree commit diff
path: root/api/src
diff options
context:
space:
mode:
authorMadeline <46743919+MaddyUnderStars@users.noreply.github.com>2022-02-17 20:57:42 +1100
committerMadeline <46743919+MaddyUnderStars@users.noreply.github.com>2022-02-17 20:57:42 +1100
commitd0cfbecc3286f8086629ac89b724e0adbdaf9a39 (patch)
tree623581f56dcd5c6da294251c24018fa005661216 /api/src
parentFixed bug in /users/@me PATCH where username must be present in every request... (diff)
downloadserver-d0cfbecc3286f8086629ac89b724e0adbdaf9a39.tar.xz
Added email sanitisation to /users/@me PATCH. Could previously have email as any string
Diffstat (limited to 'api/src')
-rw-r--r--api/src/routes/users/@me/index.ts9


1 files changed, 8 insertions, 1 deletions
diff --git a/api/src/routes/users/@me/index.ts b/api/src/routes/users/@me/index.ts

index 75c91001..93d2cb01 100644
--- a/api/src/routes/users/@me/index.ts
+++ b/api/src/routes/users/@me/index.ts
@@ -1,5 +1,5 @@
 import { Router, Request, Response } from "express";
-import { User, PrivateUserProjection, emitEvent, UserUpdateEvent, handleFile, FieldErrors } from "@fosscord/util";
+import { User, PrivateUserProjection, emitEvent, UserUpdateEvent, handleFile, FieldErrors, adjustEmail } from "@fosscord/util";
 import { route } from "@fosscord/api";
 import bcrypt from "bcrypt";
 
@@ -21,6 +21,7 @@ export interface UserModifySchema {
 	password?: string;
 	new_password?: string;
 	code?: string;
+	email?: string;
 }
 
 router.get("/", route({}), async (req: Request, res: Response) => {
@@ -46,6 +47,12 @@ router.patch("/", route({ body: "UserModifySchema" }), async (req: Request, res:
 		}
 	}
 
+	if (body.email) {
+		body.email = adjustEmail(body.email);
+		if (!body.email)
+			throw FieldErrors({ email: { message: req.t("auth:register.EMAIL_INVALID"), code: "EMAIL_INVALID" } });
+	}
+
 	user.assign(body);
 
 	if (body.new_password) {

 

generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-07-01 22:41:51 +0000