Skip to content

Commit

Permalink
Update email validation logic (bluesky-social#3092)
Browse files Browse the repository at this point in the history
  • Loading branch information
matthieusieben authored Nov 25, 2024
1 parent 5ddd512 commit 1e367cb
Show file tree
Hide file tree
Showing 6 changed files with 37 additions and 16 deletions.
5 changes: 5 additions & 0 deletions .changeset/happy-beers-notice.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
"@atproto/pds": patch
---

Improve email validation logic
5 changes: 5 additions & 0 deletions .changeset/soft-tigers-taste.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
"@atproto/pds": patch
---

Update list of forbidden domain names in email addresses
4 changes: 2 additions & 2 deletions packages/pds/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -43,11 +43,12 @@
"@atproto/xrpc": "workspace:^",
"@atproto/xrpc-server": "workspace:^",
"@did-plc/lib": "^0.0.4",
"@hapi/address": "^5.1.1",
"better-sqlite3": "^10.0.0",
"bytes": "^3.1.2",
"compression": "^1.7.4",
"cors": "^2.8.5",
"disposable-email": "^0.2.3",
"disposable-email-domains-js": "^1.5.0",
"express": "^4.17.2",
"express-async-errors": "^3.1.1",
"file-type": "^16.5.4",
Expand Down Expand Up @@ -78,7 +79,6 @@
"@atproto/pds-entryway": "npm:@atproto/[email protected]",
"@did-plc/server": "^0.0.1",
"@types/cors": "^2.8.12",
"@types/disposable-email": "^0.2.0",
"@types/express": "^4.17.13",
"@types/express-serve-static-core": "^4.17.36",
"@types/nodemailer": "^6.4.6",
Expand Down
6 changes: 4 additions & 2 deletions packages/pds/src/api/com/atproto/server/createAccount.ts
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,9 @@ import { AtprotoData, ensureAtpDocument } from '@atproto/identity'
import { AuthRequiredError, InvalidRequestError } from '@atproto/xrpc-server'
import { ExportableKeypair, Keypair, Secp256k1Keypair } from '@atproto/crypto'
import * as plc from '@did-plc/lib'
import disposable from 'disposable-email'
import { isEmailValid } from '@hapi/address'
import { isDisposableEmail } from 'disposable-email-domains-js'

import {
baseNormalizeAndValidate,
normalizeAndValidateHandle,
Expand Down Expand Up @@ -175,7 +177,7 @@ const validateInputsForLocalPds = async (

if (!email) {
throw new InvalidRequestError('Email is required')
} else if (!disposable.validate(email)) {
} else if (!isEmailValid(email) || isDisposableEmail(email)) {
throw new InvalidRequestError(
'This email address is not supported, please use a different email.',
)
Expand Down
5 changes: 3 additions & 2 deletions packages/pds/src/api/com/atproto/server/updateEmail.ts
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
import assert from 'node:assert'

import { InvalidRequestError } from '@atproto/xrpc-server'
import disposable from 'disposable-email'
import { isEmailValid } from '@hapi/address'
import { isDisposableEmail } from 'disposable-email-domains-js'

import { UserAlreadyExistsError } from '../../../../account-manager/helpers/account'
import AppContext from '../../../../context'
Expand All @@ -14,7 +15,7 @@ export default function (server: Server, ctx: AppContext) {
handler: async ({ auth, input }) => {
const did = auth.credentials.did
const { token, email } = input.body
if (!disposable.validate(email)) {
if (!isEmailValid(email) || isDisposableEmail(email)) {
throw new InvalidRequestError(
'This email address is not supported, please use a different email.',
)
Expand Down
28 changes: 18 additions & 10 deletions pnpm-lock.yaml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit 1e367cb

Please sign in to comment.