-
Notifications
You must be signed in to change notification settings - Fork 11.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Security fix for privilege escalation (#598)
* Prevent external users to update their information * Trim leading and trailing whitespaces from email and username on signup * Check whether the provided email address is the same as where the invitation sent
- Loading branch information
1 parent
11ab2c8
commit be4228d
Showing
12 changed files
with
229 additions
and
16 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,9 +1,25 @@ | ||
package api | ||
|
||
import "encoding/json" | ||
import ( | ||
"encoding/json" | ||
"net/mail" | ||
) | ||
|
||
func jsonMap(data []byte) (map[string]string, error) { | ||
jsonMap := make(map[string]string) | ||
err := json.Unmarshal(data, &jsonMap) | ||
return jsonMap, err | ||
} | ||
|
||
func ValidateAndNormalizeEmail(email string) (string, error) { | ||
if email == "" { | ||
return "", nil | ||
} | ||
|
||
e, err := mail.ParseAddress(email) | ||
if err != nil { | ||
return "", err | ||
} | ||
|
||
return e.Address, nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.