#13106

pending completion

Build # #13106

Build Type

push

circleci

Committed by

rhelmer

Commit Message

add user input validation and API result handling

Run Details

282 of 1611 branches covered (17.5%)

Branch coverage included in aggregate %.

9 of 9 new or added lines in 1 file covered. (100.0%)

959 of 4354 relevant lines covered (22.03%)

1.84 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/src/controllers/exposureScan.js

/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

import { getMessage } from '../utils/fluent.js'
import { UserInputError } from '../utils/error.js'
import { getBreachesForEmail } from '../utils/hibp.js'

function exposureScan (req, res, next) {
  if (req.method !== 'POST') {
    return next()
  }

  // TODO could share this validation logic with add-email API?
  const email = req.body.email
  // Use the same regex as HTML5 email input type
  // https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/email#basic_validation
  const emailRegex = /^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/

  if (!email || !emailRegex.test(email)) {
    throw new UserInputError(getMessage('user-add-invalid-email'))
  }

  try {
    const allBreaches = getBreachesForEmail(email)
    const breaches = allBreaches.filter(a => !a.IsSensitive)

    return res.json({ success: true, breaches })
  } catch (ex) {
    return res.status(500).send({ success: false })
  }
}

export { exposureScan }

1	/* This Source Code Form is subject to the terms of the Mozilla Public
2	* License, v. 2.0. If a copy of the MPL was not distributed with this
3	* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5	import { getMessage } from '../utils/fluent.js'
6	import { UserInputError } from '../utils/error.js'
7	import { getBreachesForEmail } from '../utils/hibp.js'
8
9	function exposureScan (req, res, next) {
10	if (req.method !== 'POST') {	×
11	return next()	×
12	}
13
14	// TODO could share this validation logic with add-email API?
15	const email = req.body.email	×
16	// Use the same regex as HTML5 email input type
17	// https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/email#basic_validation
18	const emailRegex = /^[a-zA-Z0-9.!#$%&'+/=?^_`{\|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)$/	×
19
20	if (!email \|\| !emailRegex.test(email)) {	×
21	throw new UserInputError(getMessage('user-add-invalid-email'))	×
22	}
23
24	try {	×
25	const allBreaches = getBreachesForEmail(email)	×
26	const breaches = allBreaches.filter(a => !a.IsSensitive)	×
27
28	return res.json({ success: true, breaches })	×
29	} catch (ex) {
30	return res.status(500).send({ success: false })	×
31	}
32	}
33
34	export { exposureScan }

mozilla / blurts-server / #13106

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous