mirror of
https://github.com/laurent22/joplin.git
synced 2025-01-26 18:58:21 +02:00
Server: Decrease maximum email and full_name sizes (#10303)
This commit is contained in:
parent
8393ccc7f8
commit
313587097a
@ -50,6 +50,19 @@ describe('UserModel', () => {
|
||||
// check that the email is valid
|
||||
error = await checkThrowAsync(async () => await models().user().save({ id: user1.id, email: 'ohno' }));
|
||||
expect(error instanceof ErrorUnprocessableEntity).toBe(true);
|
||||
|
||||
// check that the email is not too long
|
||||
error = await checkThrowAsync(async () => await models().user().save({ id: user1.id, email: `${'long'.repeat(100)}@example.com` }));
|
||||
expect(error instanceof ErrorUnprocessableEntity).toBe(true);
|
||||
|
||||
// check that the full name is not too long
|
||||
error = await checkThrowAsync(async () => await models().user().save({ id: user1.id, full_name: 'long'.repeat(400) }));
|
||||
expect(error instanceof ErrorUnprocessableEntity).toBe(true);
|
||||
|
||||
// should not throw if updating with valid data
|
||||
expect(
|
||||
await checkThrowAsync(async () => await models().user().save({ id: user1.id, full_name: 'Example', email: 'new_email@example.com' })),
|
||||
).toBe(null);
|
||||
});
|
||||
|
||||
// test('should delete a user', async () => {
|
||||
|
@ -298,9 +298,13 @@ export default class UserModel extends BaseModel<User> {
|
||||
if ('email' in user) {
|
||||
const existingUser = await this.loadByEmail(user.email);
|
||||
if (existingUser && existingUser.id !== user.id) throw new ErrorUnprocessableEntity(`there is already a user with this email: ${user.email}`);
|
||||
// See https://www.rfc-editor.org/errata_search.php?rfc=3696&eid=1690 (found via https://stackoverflow.com/a/574698)
|
||||
if (user.email.length > 254) throw new ErrorUnprocessableEntity('Please enter an email address between 0 and 254 characters');
|
||||
if (!this.validateEmail(user.email)) throw new ErrorUnprocessableEntity(`Invalid email: ${user.email}`);
|
||||
}
|
||||
|
||||
if ('full_name' in user && user.full_name.length > 256) throw new ErrorUnprocessableEntity('Full name must be at most 256 characters');
|
||||
|
||||
return super.validate(user, options);
|
||||
}
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user