Skip to content

Commit 54a6375

Browse files
rsbhrsbh
committed
feat: add email validation in Authenticate api
1 parent 1d386c9 commit 54a6375

File tree

2 files changed

+31
-2
lines changed

2 files changed

+31
-2
lines changed

internal/api/v1beta1/authenticate.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -72,6 +72,10 @@ func (h Handler) Authenticate(ctx context.Context, request *frontierv1beta1.Auth
7272
return nil, status.Error(codes.Internal, err.Error())
7373
}
7474

75+
if (request.StrategyName == authenticate.MailLinkAuthMethod.String() || request.StrategyName == authenticate.MailOTPAuthMethod.String()) && !isValidEmail(request.Email) {
76+
return nil, status.Error(codes.InvalidArgument, "Invalid email")
77+
}
78+
7579
// not logged in, try registration
7680
response, err := h.authnService.StartFlow(ctx, authenticate.RegistrationStartRequest{
7781
Method: request.GetStrategyName(),

internal/api/v1beta1/authenticate_test.go

Lines changed: 27 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -68,7 +68,7 @@ func TestHandler_Authenticate(t *testing.T) {
6868
authn.EXPECT().SanitizeCallbackURL("").Return("")
6969
session.EXPECT().ExtractFromContext(mock.AnythingOfType("context.backgroundCtx")).Return(nil, frontiersession.ErrNoSession)
7070
authn.EXPECT().StartFlow(mock.AnythingOfType("context.backgroundCtx"), authenticate.RegistrationStartRequest{
71-
Email: "",
71+
Email: "[email protected]",
7272
Method: authenticate.MailOTPAuthMethod.String(),
7373
ReturnToURL: "",
7474
CallbackUrl: "",
@@ -81,14 +81,39 @@ func TestHandler_Authenticate(t *testing.T) {
8181
},
8282
request: &frontierv1beta1.AuthenticateRequest{
8383
StrategyName: authenticate.MailOTPAuthMethod.String(),
84-
Email: "",
84+
Email: "[email protected]",
8585
},
8686
wantErr: nil,
8787
want: &frontierv1beta1.AuthenticateResponse{
8888
Endpoint: "",
8989
State: "",
9090
},
9191
},
92+
{
93+
name: "should throw error if email is invalid in mailotp",
94+
setup: func(authn *mocks.AuthnService, session *mocks.SessionService) {
95+
authn.EXPECT().SanitizeReturnToURL("").Return("")
96+
authn.EXPECT().SanitizeCallbackURL("").Return("")
97+
session.EXPECT().ExtractFromContext(mock.AnythingOfType("context.backgroundCtx")).Return(nil, frontiersession.ErrNoSession)
98+
authn.EXPECT().StartFlow(mock.AnythingOfType("context.backgroundCtx"), authenticate.RegistrationStartRequest{
99+
Email: "frontier",
100+
Method: authenticate.MailOTPAuthMethod.String(),
101+
ReturnToURL: "",
102+
CallbackUrl: "",
103+
}).Return(&authenticate.RegistrationStartResponse{
104+
Flow: &authenticate.Flow{
105+
StartURL: "",
106+
},
107+
State: "",
108+
}, nil)
109+
},
110+
request: &frontierv1beta1.AuthenticateRequest{
111+
StrategyName: authenticate.MailOTPAuthMethod.String(),
112+
Email: "frontier",
113+
},
114+
wantErr: status.Error(codes.InvalidArgument, "Invalid email"),
115+
want: nil,
116+
},
92117
}
93118

94119
for _, tt := range tests {

0 commit comments

Comments
 (0)