yetangitu/timelimit-server
1
0
Fork 0
mirror of https://codeberg.org/timelimit/timelimit-server.git synced 2025-10-04 02:09:24 +02:00
Code Issues Projects Releases Wiki Activity

Sanitize mail addresses

Browse source
This commit is contained in:
Jonas Lochmann 2019-10-07 00:00:00 +00:00
parent df2cdab180
commit 196afe8ed1
No known key found for this signature in database
GPG key ID: 8B8C9AEE10FA5B36
4 changed files with 32 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

12
src/api/auth.ts
View file

@ -20,7 +20,7 @@ import { Router } from 'express'
import { BadRequest } from 'http-errors'
import { Database } from '../database'
import { sendLoginCode, signInByMailCode } from '../function/authentication/login-by-mail'
import { isMailServerBlacklisted } from '../util/mail'
import { isMailServerBlacklisted, sanitizeMailAddress } from '../util/mail'
import {
isSendMailLoginCodeRequest,
isSignInByMailCodeRequest
@ -35,11 +35,17 @@ export const createAuthRouter = (database: Database) => {
throw new BadRequest()
}
if (isMailServerBlacklisted(req.body.mail)) {
const mail = sanitizeMailAddress(req.body.mail)
if (!mail) {
throw new BadRequest()
}
if (isMailServerBlacklisted(mail)) {
res.json({ mailServerBlacklisted: true })
} else {
const { mailLoginToken } = await sendLoginCode({
mail: req.body.mail,
mail,
locale: req.body.locale,
database
})