forked from mystiq/dex
registration: trim spaces and sanity check user email from form
When a user attempts to register an email, trim prefixed and trailing spaces, then perform a basic sanity check to ensure it's of form "test@example.com". Fixes #163
This commit is contained in:
Eric Chiang
Eric Chiang
parent
a9ab63893d
commit
8be9396811
2 changed files with 33 additions and 2 deletions
|
|
@ -104,7 +104,7 @@ func handleRegisterFunc(s *Server) http.HandlerFunc {
|
||||||
trustedEmail := ses.Identity.Email != "" && idpc.TrustedEmailProvider()
|
trustedEmail := ses.Identity.Email != "" && idpc.TrustedEmailProvider()
|
||||||
validate := r.Form.Get("validate") == "1"
|
validate := r.Form.Get("validate") == "1"
|
||||||
formErrors := []formError{}
|
formErrors := []formError{}
|
||||||
email := r.Form.Get("email")
|
email := strings.TrimSpace(r.Form.Get("email"))
|
||||||
|
|
||||||
// only auto-populate the first time the page is GETted, not on
|
// only auto-populate the first time the page is GETted, not on
|
||||||
// subsequent POSTs
|
// subsequent POSTs
|
||||||
|
|
@ -114,7 +114,7 @@ func handleRegisterFunc(s *Server) http.HandlerFunc {
|
||||||
|
|
||||||
password := r.Form.Get("password")
|
password := r.Form.Get("password")
|
||||||
if validate {
|
if validate {
|
||||||
if email == "" {
|
if email == "" || !user.ValidEmail(email) {
|
||||||
formErrors = append(formErrors, formError{"email", "Please supply a valid email"})
|
formErrors = append(formErrors, formError{"email", "Please supply a valid email"})
|
||||||
}
|
}
|
||||||
if local && password == "" {
|
if local && password == "" {
|
||||||
|
|
|
||||||
|
|
@ -146,6 +146,37 @@ func TestHandleRegister(t *testing.T) {
|
||||||
wantStatus: http.StatusSeeOther,
|
wantStatus: http.StatusSeeOther,
|
||||||
wantUserCreated: true,
|
wantUserCreated: true,
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
// User comes in with spaces in their email, having submitted the
|
||||||
|
// form. The email is trimmed and the user is created.
|
||||||
|
query: url.Values{
|
||||||
|
"code": []string{"code-2"},
|
||||||
|
"validate": []string{"1"},
|
||||||
|
"email": str("\t\ntest@example.com "),
|
||||||
|
"password": str("password"),
|
||||||
|
},
|
||||||
|
connID: "local",
|
||||||
|
wantStatus: http.StatusSeeOther,
|
||||||
|
wantUserCreated: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
// User comes in with an invalid email, having submitted the form.
|
||||||
|
// The email is rejected and the user is not created.
|
||||||
|
query: url.Values{
|
||||||
|
"code": []string{"code-2"},
|
||||||
|
"validate": []string{"1"},
|
||||||
|
"email": str("aninvalidemail"),
|
||||||
|
"password": str("password"),
|
||||||
|
},
|
||||||
|
connID: "local",
|
||||||
|
wantStatus: http.StatusBadRequest,
|
||||||
|
wantFormValues: url.Values{
|
||||||
|
"code": str("code-3"),
|
||||||
|
"email": str("aninvalidemail"),
|
||||||
|
"password": str("password"),
|
||||||
|
"validate": str("1"),
|
||||||
|
},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
// User comes in with a valid code, having submitted the form, but
|
// User comes in with a valid code, having submitted the form, but
|
||||||
// there's no password.
|
// there's no password.
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue