From cc045f5a66480588b96975a412fc2c23bff56d6a Mon Sep 17 00:00:00 2001 From: Eric Bailey Date: Thu, 28 Sep 2023 13:17:36 -0500 Subject: [PATCH] apply basic email validation to createAccount (#1658) * apply basic email validation to createAccount * format --- packages/pds/package.json | 2 ++ .../api/com/atproto/server/createAccount.ts | 7 ++++++ packages/pds/tests/account.test.ts | 22 +++++++++++++++++++ pnpm-lock.yaml | 14 ++++++++++++ 4 files changed, 45 insertions(+) diff --git a/packages/pds/package.json b/packages/pds/package.json index b6cacf93672..a8bf838afde 100644 --- a/packages/pds/package.json +++ b/packages/pds/package.json @@ -47,6 +47,7 @@ "bytes": "^3.1.2", "compression": "^1.7.4", "cors": "^2.8.5", + "disposable-email": "^0.2.3", "dotenv": "^16.0.0", "express": "^4.17.2", "express-async-errors": "^3.1.1", @@ -77,6 +78,7 @@ "@atproto/lex-cli": "workspace:^", "@did-plc/server": "^0.0.1", "@types/cors": "^2.8.12", + "@types/disposable-email": "^0.2.0", "@types/express": "^4.17.13", "@types/express-serve-static-core": "^4.17.36", "@types/jsonwebtoken": "^8.5.9", diff --git a/packages/pds/src/api/com/atproto/server/createAccount.ts b/packages/pds/src/api/com/atproto/server/createAccount.ts index 5827ff6c658..42264453583 100644 --- a/packages/pds/src/api/com/atproto/server/createAccount.ts +++ b/packages/pds/src/api/com/atproto/server/createAccount.ts @@ -1,4 +1,5 @@ import { InvalidRequestError } from '@atproto/xrpc-server' +import disposable from 'disposable-email' import { normalizeAndValidateHandle } from '../../../../handle' import * as plc from '@did-plc/lib' import * as scrypt from '../../../../db/scrypt' @@ -27,6 +28,12 @@ export default function (server: Server, ctx: AppContext) { ) } + if (!disposable.validate(email)) { + throw new InvalidRequestError( + 'This email address is not supported, please use a different email.', + ) + } + // normalize & ensure valid handle const handle = await normalizeAndValidateHandle({ ctx, diff --git a/packages/pds/tests/account.test.ts b/packages/pds/tests/account.test.ts index 78a769b6e9f..26328966312 100644 --- a/packages/pds/tests/account.test.ts +++ b/packages/pds/tests/account.test.ts @@ -76,6 +76,28 @@ describe('account', () => { await expect(promise).rejects.toThrow('Input/handle must be a valid handle') }) + describe('email validation', () => { + it('succeeds on allowed emails', async () => { + const promise = agent.api.com.atproto.server.createAccount({ + email: 'ok-email@gmail.com', + handle: 'ok-email.test', + password: 'asdf', + }) + await expect(promise).resolves.toBeTruthy() + }) + + it('fails on disallowed emails', async () => { + const promise = agent.api.com.atproto.server.createAccount({ + email: 'bad-email@disposeamail.com', + handle: 'bad-email.test', + password: 'asdf', + }) + await expect(promise).rejects.toThrow( + 'This email address is not supported, please use a different email.', + ) + }) + }) + let did: string let jwt: string diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index fd9ef8cdbad..80681385373 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -504,6 +504,9 @@ importers: cors: specifier: ^2.8.5 version: 2.8.5 + disposable-email: + specifier: ^0.2.3 + version: 0.2.3 dotenv: specifier: ^16.0.0 version: 16.0.3 @@ -586,6 +589,9 @@ importers: '@types/cors': specifier: ^2.8.12 version: 2.8.12 + '@types/disposable-email': + specifier: ^0.2.0 + version: 0.2.0 '@types/express': specifier: ^4.17.13 version: 4.17.13 @@ -5295,6 +5301,10 @@ packages: resolution: {integrity: sha512-vt+kDhq/M2ayberEtJcIN/hxXy1Pk+59g2FV/ZQceeaTyCtCucjL2Q7FXlFjtWn4n15KCr1NE2lNNFhp0lEThw==} dev: true + /@types/disposable-email@0.2.0: + resolution: {integrity: sha512-i4fPC8+a5j7RlKVe9cOHz6cYVxkSFYuJ78GB3EJPMfBJURWmEsD4gb/gD48j7KAWe0M8ZvdJR6a6GaDohTYttw==} + dev: true + /@types/elliptic@6.4.14: resolution: {integrity: sha512-z4OBcDAU0GVwDTuwJzQCiL6188QvZMkvoERgcVjq0/mPM8jCfdwZ3x5zQEVoL9WCAru3aG5wl3Z5Ww5wBWn7ZQ==} dependencies: @@ -6647,6 +6657,10 @@ packages: path-type: 4.0.0 dev: true + /disposable-email@0.2.3: + resolution: {integrity: sha512-gkBQQ5Res431ZXqLlAafrXHizG7/1FWmi8U2RTtriD78Vc10HhBUvdJun3R4eSF0KRIQQJs+wHlxjkED/Hr1EQ==} + dev: false + /doctrine@3.0.0: resolution: {integrity: sha512-yS+Q5i3hBf7GBkd4KG8a7eBNNWNGLTaEwwYWUijIYM7zrlYDM0BFXHjjPWlWZ1Rg7UaddZeIDmi9jF3HmqiQ2w==} engines: {node: '>=6.0.0'}