search

Mudlet / mudlet-package-repo

Web server for serving Mudlet packages. Client @ https://github.com/Mudlet/MudletPackageManager
7 stars 5 forks source link

Check email validity before creating user #112

Open Kebap opened 3 years ago

Kebap commented 3 years ago

Reproduce:

  1. Click "register"
  2. Enter username and password but no correct email address but just a random word like "fish"
  3. Error message will appear: /usr/local/share/lua/5.1/resty/mail/smtp.lua:188: SMTP response was not successful: 501 Invalid command or cannot parse to address
  4. User account seems to have been registered anyway already, because
  5. Register again with same username and a new and fully correct email address
  6. Error message will appear to inform the username is already in use (or email address, but that was new indeed)
  7. Register again with different username than in steps 2 or 5 but with the same random word email entry as in step 2
  8. Error message will appear to inform the username or email is already in use (name unlikely as it was new again)

Expected:

  1. Sane error message shown
  2. User account not created
  3. Additional attempts with same username or same broken email will result in same error as 3 or finally in success
Kebap commented 3 years ago

Seems like we need to actually validate the email address received before then creating the user and sending their email here: https://github.com/Mudlet/mudlet-package-repo/blob/15fa37ba9c1f54650e134f45a39faa96770773de/controllers/register.lua#L32-L33 This is the most complete Lua implementation I found so far: https://ohdoylerules.com/snippets/validate-email-with-lua/ It is also written by an open source advocate so should be fine