diff --git a/yesod-auth/Yesod/Auth/Email.hs b/yesod-auth/Yesod/Auth/Email.hs index 777be4396..26fb9c5a8 100644 --- a/yesod-auth/Yesod/Auth/Email.hs +++ b/yesod-auth/Yesod/Auth/Email.hs @@ -71,7 +71,6 @@ import Safe (readMay) import System.IO.Unsafe (unsafePerformIO) import qualified Text.Email.Validate - loginR, registerR, forgotPasswordR, setpassR :: AuthRoute loginR = PluginR "email" ["login"] registerR = PluginR "email" ["register"] @@ -383,19 +382,18 @@ registerHelper :: YesodAuthEmail master -> HandlerT Auth (HandlerT master IO) TypedContent registerHelper allowUsername dest = do y <- lift getYesod + checkCsrfHeaderOrParam defaultCsrfHeaderName defaultCsrfParamName midentifier <- lookupPostParam "email" let eidentifier = case midentifier of - Nothing -> Left Msg.NoIdentifierProvided - Just x - | Just x' <- Text.Email.Validate.canonicalizeEmail (encodeUtf8 x) -> - Right $ normalizeEmailAddress y $ decodeUtf8With lenientDecode x' - | allowUsername -> Right $ TS.strip x - | otherwise -> Left Msg.InvalidEmailAddress - + Nothing -> Left Msg.NoIdentifierProvided + Just x + | Just x' <- Text.Email.Validate.canonicalizeEmail (encodeUtf8 x) -> + Right $ normalizeEmailAddress y $ decodeUtf8With lenientDecode x' + | allowUsername -> Right $ TS.strip x + | otherwise -> Left Msg.InvalidEmailAddress case eidentifier of - Left route -> loginErrorMessageI dest route - Right identifier -> do - + Left route -> loginErrorMessageI dest route + Right identifier -> do mecreds <- lift $ getEmailCreds identifier registerCreds <- case mecreds of @@ -709,7 +707,6 @@ setLoginLinkKey aid = do now <- liftIO getCurrentTime setSession loginLinkKey $ TS.pack $ show (toPathPiece aid, now) - -- See https://github.com/yesodweb/yesod/issues/1245 for discussion on this -- use of unsafePerformIO. defaultNonceGen :: Nonce.Generator