diff --git a/services/web/app/coffee/Features/User/UserUpdater.coffee b/services/web/app/coffee/Features/User/UserUpdater.coffee index d268f12d73..6adc174be4 100644 --- a/services/web/app/coffee/Features/User/UserUpdater.coffee +++ b/services/web/app/coffee/Features/User/UserUpdater.coffee @@ -29,6 +29,8 @@ module.exports = UserUpdater = # emails and the default rather than calling this method directly # changeEmailAddress: (userId, newEmail, callback)-> + newEmail = EmailHelper.parseEmail(newEmail) + return callback(new Error('invalid email')) if !newEmail? logger.log userId: userId, newEmail: newEmail, "updaing email address of user" oldEmail = null @@ -49,6 +51,8 @@ module.exports = UserUpdater = unless callback? # affiliationOptions is optional callback = affiliationOptions affiliationOptions = {} + newEmail = EmailHelper.parseEmail(newEmail) + return callback(new Error('invalid email')) if !newEmail? UserGetter.ensureUniqueEmailAddress newEmail, (error) => return callback(error) if error? @@ -69,6 +73,8 @@ module.exports = UserUpdater = # remove one of the user's email addresses. The email cannot be the user's # default email address removeEmailAddress: (userId, email, callback) -> + email = EmailHelper.parseEmail(email) + return callback(new Error('invalid email')) if !email? removeAffiliation userId, email, (error) => if error? logger.err error: error, 'problem removing affiliation' @@ -88,6 +94,8 @@ module.exports = UserUpdater = # set the default email address by setting the `email` attribute. The email # must be one of the user's multiple emails (`emails` attribute) setDefaultEmailAddress: (userId, email, callback) -> + email = EmailHelper.parseEmail(email) + return callback(new Error('invalid email')) if !email? query = _id: userId, 'emails.email': email update = $set: email: email @updateUser query, update, (error, res) -> diff --git a/services/web/test/unit/coffee/User/UserUpdaterTests.coffee b/services/web/test/unit/coffee/User/UserUpdaterTests.coffee index fc9a4d8558..0c872e5e4a 100644 --- a/services/web/test/unit/coffee/User/UserUpdaterTests.coffee +++ b/services/web/test/unit/coffee/User/UserUpdaterTests.coffee @@ -60,6 +60,11 @@ describe "UserUpdater", -> ).should.equal true done() + it 'validates email', (done)-> + @UserUpdater.changeEmailAddress @stubbedUser._id, 'foo', (err)=> + should.exist(err) + done() + it 'handle error', (done)-> @UserUpdater.removeEmailAddress.callsArgWith(2, new Error('nope')) @UserUpdater.changeEmailAddress @stubbedUser._id, @newEmail, (err)=> @@ -111,6 +116,11 @@ describe "UserUpdater", -> @UserUpdater.updateUser.called.should.equal false done() + it 'validates email', (done)-> + @UserUpdater.addEmailAddress @stubbedUser._id, 'bar', (err)=> + should.exist(err) + done() + describe 'removeEmailAddress', -> beforeEach -> @UserUpdater.updateUser = sinon.stub().callsArgWith(2, null, nMatched: 1) @@ -154,6 +164,11 @@ describe "UserUpdater", -> @UserUpdater.updateUser.called.should.equal false done() + it 'validates email', (done)-> + @UserUpdater.removeEmailAddress @stubbedUser._id, 'baz', (err)=> + should.exist(err) + done() + describe 'setDefaultEmailAddress', -> it 'set default', (done)-> @UserUpdater.updateUser = sinon.stub().callsArgWith(2, null, n: 1) @@ -180,6 +195,11 @@ describe "UserUpdater", -> should.exist(err) done() + it 'validates email', (done)-> + @UserUpdater.setDefaultEmailAddress @stubbedUser._id, '.edu', (err)=> + should.exist(err) + done() + describe 'confirmEmail', -> it 'should update the email record', (done)-> @UserUpdater.updateUser = sinon.stub().callsArgWith(2, null, n: 1) @@ -205,3 +225,8 @@ describe "UserUpdater", -> @UserUpdater.confirmEmail @stubbedUser._id, @newEmail, (err)=> should.exist(err) done() + + it 'validates email', (done)-> + @UserUpdater.confirmEmail @stubbedUser._id, '@', (err)=> + should.exist(err) + done()