mirror of
https://github.com/immich-app/immich.git
synced 2024-12-29 15:11:58 +00:00
fix(server): avoid server error for invalid email data type (#10978)
* fix(server): avoid server error for invalid email data type * add e2e test * fix e2e
This commit is contained in:
parent
27b13b82f5
commit
bd88b079ea
5 changed files with 36 additions and 4 deletions
|
@ -100,6 +100,12 @@ describe('/auth/*', () => {
|
|||
expect(status).toBe(400);
|
||||
expect(body).toEqual(errorDto.badRequest());
|
||||
});
|
||||
|
||||
it('should reject an invalid email', async () => {
|
||||
const { status, body } = await request(app).post('/auth/login').send({ email: [], password });
|
||||
expect(status).toBe(400);
|
||||
expect(body).toEqual(errorDto.invalidEmail);
|
||||
});
|
||||
}
|
||||
|
||||
it('should accept a correct password', async () => {
|
||||
|
|
|
@ -61,6 +61,12 @@ export const errorDto = {
|
|||
message: 'The server already has an admin',
|
||||
correlationId: expect.any(String),
|
||||
},
|
||||
invalidEmail: {
|
||||
error: 'Bad Request',
|
||||
statusCode: 400,
|
||||
message: ['email must be an email'],
|
||||
correlationId: expect.any(String),
|
||||
},
|
||||
};
|
||||
|
||||
export const signupResponseDto = {
|
||||
|
|
|
@ -5,6 +5,7 @@ import { APIKeyEntity } from 'src/entities/api-key.entity';
|
|||
import { SessionEntity } from 'src/entities/session.entity';
|
||||
import { SharedLinkEntity } from 'src/entities/shared-link.entity';
|
||||
import { UserEntity } from 'src/entities/user.entity';
|
||||
import { toEmail } from 'src/validation';
|
||||
|
||||
export enum ImmichCookie {
|
||||
ACCESS_TOKEN = 'immich_access_token',
|
||||
|
@ -41,7 +42,7 @@ export class AuthDto {
|
|||
|
||||
export class LoginCredentialDto {
|
||||
@IsEmail({ require_tld: false })
|
||||
@Transform(({ value }) => value?.toLowerCase())
|
||||
@Transform(toEmail)
|
||||
@IsNotEmpty()
|
||||
@ApiProperty({ example: 'testuser@email.com' })
|
||||
email!: string;
|
||||
|
|
|
@ -38,6 +38,22 @@ describe('create user DTO', () => {
|
|||
expect(errors).toHaveLength(0);
|
||||
});
|
||||
|
||||
it('validates invalid email type', async () => {
|
||||
let dto = plainToInstance(UserAdminCreateDto, {
|
||||
email: [],
|
||||
password: 'some password',
|
||||
name: 'some name',
|
||||
});
|
||||
expect(await validate(dto)).toHaveLength(1);
|
||||
|
||||
dto = plainToInstance(UserAdminCreateDto, {
|
||||
email: {},
|
||||
password: 'some password',
|
||||
name: 'some name',
|
||||
});
|
||||
expect(await validate(dto)).toHaveLength(1);
|
||||
});
|
||||
|
||||
it('should allow emails without a tld', async () => {
|
||||
const someEmail = 'test@test';
|
||||
|
||||
|
|
|
@ -152,11 +152,14 @@ export function validateCronExpression(expression: string) {
|
|||
return true;
|
||||
}
|
||||
|
||||
type IValue = { value: string };
|
||||
type IValue = { value: unknown };
|
||||
|
||||
export const toEmail = ({ value }: IValue) => (value ? value.toLowerCase() : value);
|
||||
export const toEmail = ({ value }: IValue) => (typeof value === 'string' ? value.toLowerCase() : value);
|
||||
|
||||
export const toSanitized = ({ value }: IValue) => sanitize((value || '').replaceAll('.', ''));
|
||||
export const toSanitized = ({ value }: IValue) => {
|
||||
const input = typeof value === 'string' ? value : '';
|
||||
return sanitize(input.replaceAll('.', ''));
|
||||
};
|
||||
|
||||
export const isValidInteger = (value: number, options: { min?: number; max?: number }): value is number => {
|
||||
const { min = Number.MIN_SAFE_INTEGER, max = Number.MAX_SAFE_INTEGER } = options;
|
||||
|
|
Loading…
Reference in a new issue