From 9e63985b284e4529825b8ac9a41a27eb42153396 Mon Sep 17 00:00:00 2001 From: Jean-Christophe BEGUE Date: Wed, 15 Aug 2018 17:25:59 +0200 Subject: [PATCH] Check email validity before using it for password hint sending --- Cargo.toml | 1 + src/api/core/accounts.rs | 5 +++++ src/mail.rs | 3 +-- src/main.rs | 1 + 4 files changed, 8 insertions(+), 2 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 537b4e1..3a51473 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -61,6 +61,7 @@ num-derive = "0.2.2" lettre = "0.8.2" lettre_email = "0.8.2" native-tls = "0.1.5" +fast_chemail = "0.9.5" [patch.crates-io] # Make jwt use ring 0.11, to match rocket diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs index 1d6469c..ffc76f3 100644 --- a/src/api/core/accounts.rs +++ b/src/api/core/accounts.rs @@ -5,6 +5,7 @@ use db::models::*; use api::{PasswordData, JsonResult, EmptyResult, JsonUpcase, NumberOrString}; use auth::Headers; +use fast_chemail::is_valid_email; use mail; use CONFIG; @@ -259,6 +260,10 @@ struct PasswordHintData { fn password_hint(data: JsonUpcase, conn: DbConn) -> EmptyResult { let data: PasswordHintData = data.into_inner().data; + if !is_valid_email(&data.Email) { + return Ok(()); + } + let user = User::find_by_mail(&data.Email, &conn); if user.is_none() { return Ok(()); diff --git a/src/mail.rs b/src/mail.rs index fef03c2..09409e9 100644 --- a/src/mail.rs +++ b/src/mail.rs @@ -1,6 +1,5 @@ use std::error::Error; -use native_tls::TlsConnector; -use native_tls::{Protocol}; +use native_tls::{Protocol, TlsConnector}; use lettre::{EmailTransport, SmtpTransport, ClientTlsParameters, ClientSecurity}; use lettre::smtp::{ConnectionReuseParameters, SmtpTransportBuilder}; use lettre::smtp::authentication::Credentials; diff --git a/src/main.rs b/src/main.rs index 9c0675e..5fbefb0 100644 --- a/src/main.rs +++ b/src/main.rs @@ -29,6 +29,7 @@ extern crate num_traits; extern crate lettre; extern crate lettre_email; extern crate native_tls; +extern crate fast_chemail; use std::{env, path::Path, process::{exit, Command}}; use rocket::Rocket;