1
0
forked from sm/vain

validate email on register/forgot

Fixes #21.

Change-Id: I21bfd87d6fd730e8a90ceec77c9b23a90bc397e9
This commit is contained in:
Stephen McQuay 2016-04-22 23:50:23 -07:00
parent cce3166bdd
commit adcc05ea3a
No known key found for this signature in database
GPG Key ID: 1ABF428F71BAFC3D

View File

@ -5,6 +5,7 @@ import (
"fmt"
"log"
"net/http"
"net/mail"
"strings"
verrors "mcquay.me/vain/errors"
@ -125,7 +126,14 @@ func (s *Server) register(w http.ResponseWriter, req *http.Request) {
http.Error(w, "must provide one email parameter", http.StatusBadRequest)
return
}
tok, err := s.db.Register(email[0])
addr := email[0]
if _, err := mail.ParseAddress(addr); err != nil {
http.Error(w, fmt.Sprintf("invalid email detected: %v", err), http.StatusBadRequest)
return
}
tok, err := s.db.Register(addr)
if err := verrors.ToHTTP(err); err != nil {
http.Error(w, err.Message, err.Code)
return
@ -160,7 +168,14 @@ func (s *Server) forgot(w http.ResponseWriter, req *http.Request) {
http.Error(w, "must provide one email parameter", http.StatusBadRequest)
return
}
tok, err := s.db.forgot(email[0])
addr := email[0]
if _, err := mail.ParseAddress(addr); err != nil {
http.Error(w, fmt.Sprintf("invalid email detected: %v", err), http.StatusBadRequest)
return
}
tok, err := s.db.forgot(addr)
if err := verrors.ToHTTP(err); err != nil {
http.Error(w, err.Message, err.Code)
return