registration: trim spaces and sanity check user email from form
When a user attempts to register an email, trim prefixed and trailing spaces, then perform a basic sanity check to ensure it's of form "test@example.com". Fixes #163
This commit is contained in:
parent
a9ab63893d
commit
8be9396811
2 changed files with 33 additions and 2 deletions
|
@ -104,7 +104,7 @@ func handleRegisterFunc(s *Server) http.HandlerFunc {
|
|||
trustedEmail := ses.Identity.Email != "" && idpc.TrustedEmailProvider()
|
||||
validate := r.Form.Get("validate") == "1"
|
||||
formErrors := []formError{}
|
||||
email := r.Form.Get("email")
|
||||
email := strings.TrimSpace(r.Form.Get("email"))
|
||||
|
||||
// only auto-populate the first time the page is GETted, not on
|
||||
// subsequent POSTs
|
||||
|
@ -114,7 +114,7 @@ func handleRegisterFunc(s *Server) http.HandlerFunc {
|
|||
|
||||
password := r.Form.Get("password")
|
||||
if validate {
|
||||
if email == "" {
|
||||
if email == "" || !user.ValidEmail(email) {
|
||||
formErrors = append(formErrors, formError{"email", "Please supply a valid email"})
|
||||
}
|
||||
if local && password == "" {
|
||||
|
|
|
@ -146,6 +146,37 @@ func TestHandleRegister(t *testing.T) {
|
|||
wantStatus: http.StatusSeeOther,
|
||||
wantUserCreated: true,
|
||||
},
|
||||
{
|
||||
// User comes in with spaces in their email, having submitted the
|
||||
// form. The email is trimmed and the user is created.
|
||||
query: url.Values{
|
||||
"code": []string{"code-2"},
|
||||
"validate": []string{"1"},
|
||||
"email": str("\t\ntest@example.com "),
|
||||
"password": str("password"),
|
||||
},
|
||||
connID: "local",
|
||||
wantStatus: http.StatusSeeOther,
|
||||
wantUserCreated: true,
|
||||
},
|
||||
{
|
||||
// User comes in with an invalid email, having submitted the form.
|
||||
// The email is rejected and the user is not created.
|
||||
query: url.Values{
|
||||
"code": []string{"code-2"},
|
||||
"validate": []string{"1"},
|
||||
"email": str("aninvalidemail"),
|
||||
"password": str("password"),
|
||||
},
|
||||
connID: "local",
|
||||
wantStatus: http.StatusBadRequest,
|
||||
wantFormValues: url.Values{
|
||||
"code": str("code-3"),
|
||||
"email": str("aninvalidemail"),
|
||||
"password": str("password"),
|
||||
"validate": str("1"),
|
||||
},
|
||||
},
|
||||
{
|
||||
// User comes in with a valid code, having submitted the form, but
|
||||
// there's no password.
|
||||
|
|
Reference in a new issue