block invalid email

simular · May 24, 2024 · fc468df · fc468df
1 parent eb6a2e7
commit fc468df
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/src/Module/Api/AuthController.php b/src/Module/Api/AuthController.php
@@ -127,6 +127,11 @@ public function authenticate(
         RequestAssert::assert($A, 'Invalid credentials');
         RequestAssert::assert($M1, 'Invalid credentials');
 
+        if (!str_contains($email, '@')) {
+            // Todo: Use email filters
+            throw new \RuntimeException('Invalid Email format');
+        }
+
         $user = $orm->findOne(User::class, compact('email'));
 
         if (!$user) {
@@ -200,6 +205,11 @@ public function register(
 
         RequestAssert::assert($email, 'No Email');
 
+        if (!str_contains($email, '@')) {
+            // Todo: Use email filters
+            throw new \RuntimeException('Invalid Email format');
+        }
+
         $verifier = BigInteger::fromBase($verifier, 16);
         $salt = BigInteger::fromBase($salt, 16);