Crashing quill via false verification token

[neilmckibben]

You can crash quill by submitting an invalid verification request. Try this: https://my.hackmit.org/verify/crash. It will break quill and the error message will be along these lines:

/home/ubuntu/quill/app/server/controllers/UserController.js:397
      email: email.toLowerCase()
                   ^
TypeError: Cannot read property 'toLowerCase' of undefined
    at /home/ubuntu/quill/app/server/controllers/UserController.js:397:20
    at /home/ubuntu/quill/app/server/models/User.js:309:12
    at /home/ubuntu/quill/node_modules/jsonwebtoken/index.js:101:18
    at process._tickCallback (internal/process/next_tick.js:61:11)
[14:38:49] [nodemon] app crashed - waiting for file changes before starting...`

When clicking the link above it will only go down for a couple of seconds since the app auto-restarts, but in other instances without this feature, quill will go down indefinitely. It is probably due to due to receiving an false token for verification.

[MitchTalmadge]

I was able to reproduce this. Scary!

[ClemsonJames]

i was gonna post about this lol, so i guess its been a problem for a while

[neilmckibben]

It's a simple fix, just adding a null pointer check before accessing the token

[ClemsonJames]

yup i just fixed it, surprised that they never changed the code

[pshirlyn]

Thanks for bringing it to my attention! We've fallen behind on maintaining quill and pushing many of our internal features to the main repository, which is why it hadn't been fixed yet :( Just pushed a commit for this fix.