Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Internal Server error when doing a POST with invalid emails on /v1/user/emails #19397

Closed
ludovicianul opened this issue Apr 13, 2022 · 0 comments · Fixed by #19441
Closed

Internal Server error when doing a POST with invalid emails on /v1/user/emails #19397

ludovicianul opened this issue Apr 13, 2022 · 0 comments · Fixed by #19441
Labels
issue/confirmed Issue has been reviewed and confirmed to be present or accepted to be implemented modifies/api This PR adds API routes or modifies them type/bug
Milestone
1.17.0

Comments

@ludovicianul
Copy link

Description

While doing some fuzzing using https://github.com/Endava/cats I discovered an issue for the /v1/user/emails endpoint. Doing a POST with an invalid email address results in a 500, rather that something more meaningful.

You can reproduce the issue using (just replace $token with your own token):

cats replay Test228.json

Or using the payload:

{
  "emails": [
    "yCUjse4J",
    "yCUjse4J"
  ],
  "catsFuzzyField": "catsFuzzyField"
}

Test228.json.zip

Gitea Version

1.17.0+dev-423-g4396d0e7c

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

Using https://try.gitea.io/.

Database

No response
@techknowlogick techknowlogick added the modifies/api This PR adds API routes or modifies them label Apr 13, 2022
@wxiaoguang wxiaoguang added this to the 1.17.0 milestone Apr 14, 2022
@wxiaoguang wxiaoguang added the issue/confirmed Issue has been reviewed and confirmed to be present or accepted to be implemented label Apr 14, 2022
Gusted pushed a commit to Gusted/gitea that referenced this issue Apr 20, 2022
Don't panic on ErrEmailInvalid
46d7730 
- Don't panic on `ErrEmailInvalid`, this was caused due that we were
trying to force `ErrEmailCharIsNotSupported` interface, which panics.
- Resolves go-gitea#19397
@Gusted Gusted mentioned this issue Apr 20, 2022
Merged
Gusted pushed a commit to Gusted/gitea that referenced this issue Apr 20, 2022
Don't panic on ErrEmailInvalid (go-gitea#19441)
9854e8e 
- Backport go-gitea#19441
  - Don't panic on `ErrEmailInvalid`, this was caused due that we were trying to force `ErrEmailCharIsNotSupported` interface, which panics.
  - Resolves go-gitea#19397
@Gusted Gusted mentioned this issue Apr 20, 2022
Merged
6543 pushed a commit that referenced this issue Apr 20, 2022
Don't panic on ErrEmailInvalid (#19441)
23d3767 
- Don't panic on `ErrEmailInvalid`, this was caused due that we were
trying to force `ErrEmailCharIsNotSupported` interface, which panics.
- Resolves #19397
zeripath pushed a commit that referenced this issue Apr 20, 2022
@6543
Don't panic on ErrEmailInvalid (#19441) (#19442)
5863f7e 
- Backport #19441
  - Don't panic on `ErrEmailInvalid`, this was caused due that we were trying to force `ErrEmailCharIsNotSupported` interface, which panics.
  - Resolves #19397

Co-authored-by: 6543 <6543@obermui.de>
AbdulrhmnGhanem pushed a commit to kitspace/gitea that referenced this issue Aug 24, 2022
@AbdulrhmnGhanem
Don't panic on ErrEmailInvalid (go-gitea#19441)
2c81c3c 
- Don't panic on `ErrEmailInvalid`, this was caused due that we were
trying to force `ErrEmailCharIsNotSupported` interface, which panics.
- Resolves go-gitea#19397
@go-gitea go-gitea locked and limited conversation to collaborators May 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
issue/confirmed Issue has been reviewed and confirmed to be present or accepted to be implemented modifies/api This PR adds API routes or modifies them type/bug
Projects
None yet
Milestone
1.17.0
Development

Successfully merging a pull request may close this issue.

Don't panic on ErrEmailInvalid Gusted/gitea
3 participants
@techknowlogick @wxiaoguang @ludovicianul