From 3a9303d3284cf82ce6e0a4ec251b0c4b5dee3936 Mon Sep 17 00:00:00 2001
From: Bryce Kahle <bkahle@gmail.com>
Date: Mon, 8 Jan 2018 16:12:55 -0500
Subject: [PATCH] Ensure email is valid before attempting to use

---
 api/admin.go  |  5 ++++-
 api/invite.go | 10 ++++------
 api/signup.go |  8 ++++----
 3 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/api/admin.go b/api/admin.go
index a2fa12bb0..97d509a06 100644
--- a/api/admin.go
+++ b/api/admin.go
@@ -134,9 +134,12 @@ func (a *API) adminUserCreate(w http.ResponseWriter, r *http.Request) error {
 		return err
 	}
 
+	if params.Email == "" {
+		return unprocessableEntityError("Creating a user requires a valid email")
+	}
 	mailer := getMailer(ctx)
 	if err := mailer.ValidateEmail(params.Email); err != nil {
-		return badRequestError("Invalid email address: %s", params.Email).WithInternalError(err)
+		return unprocessableEntityError("Invalid email address: %s", params.Email).WithInternalError(err)
 	}
 
 	aud := a.requestAud(ctx, r)
diff --git a/api/invite.go b/api/invite.go
index b38d27164..729a7f976 100644
--- a/api/invite.go
+++ b/api/invite.go
@@ -30,9 +30,12 @@ func (a *API) Invite(w http.ResponseWriter, r *http.Request) error {
 	if params.Email == "" {
 		return unprocessableEntityError("Invite requires a valid email")
 	}
+	mailer := getMailer(ctx)
+	if err = mailer.ValidateEmail(params.Email); err != nil {
+		return unprocessableEntityError("Unable to validate email address: " + err.Error())
+	}
 
 	aud := a.requestAud(ctx, r)
-
 	user, err := a.db.FindUserByEmailAndAudience(instanceID, params.Email, aud)
 	if err == nil {
 		return unprocessableEntityError("Email address already registered by another user")
@@ -54,11 +57,6 @@ func (a *API) Invite(w http.ResponseWriter, r *http.Request) error {
 	now := time.Now()
 	user.InvitedAt = &now
 
-	mailer := getMailer(ctx)
-	if err = mailer.ValidateEmail(params.Email); err != nil {
-		return unprocessableEntityError("Unable to validate email address: " + err.Error())
-	}
-
 	if err := mailer.InviteMail(user); err != nil {
 		return internalServerError("Error sending confirmation mail").WithInternalError(err)
 	}
diff --git a/api/signup.go b/api/signup.go
index 73c784d31..92238336a 100644
--- a/api/signup.go
+++ b/api/signup.go
@@ -40,16 +40,16 @@ func (a *API) Signup(w http.ResponseWriter, r *http.Request) error {
 	}
 
 	mailer := getMailer(ctx)
-	aud := a.requestAud(ctx, r)
+	if err = mailer.ValidateEmail(params.Email); err != nil {
+		return unprocessableEntityError("Unable to validate email address: " + err.Error())
+	}
 
+	aud := a.requestAud(ctx, r)
 	user, err := a.db.FindUserByEmailAndAudience(instanceID, params.Email, aud)
 	if err != nil {
 		if !models.IsNotFoundError(err) {
 			return internalServerError("Database error finding user").WithInternalError(err)
 		}
-		if err = mailer.ValidateEmail(params.Email); err != nil {
-			return unprocessableEntityError("Unable to validate email address: " + err.Error())
-		}
 
 		params.Provider = "email"
 		user, err = a.signupNewUser(ctx, params, aud)