diff --git a/bin/mailer.js b/bin/mailer.js index 8e1e218c..78714f36 100644 --- a/bin/mailer.js +++ b/bin/mailer.js @@ -22,12 +22,12 @@ server.route( handler: function (request) { var reply = request.reply.bind(request) mailer - .sendCode(request.payload.email, request.payload.code) + .sendCode(Buffer(request.payload.email, 'hex').toString(), request.payload.code) .done(reply, reply) }, validate: { payload: { - email: isA.String().email().required(), + email: isA.String().regex(HEX_STRING).required(), code: isA.String().regex(HEX_STRING).required() } } diff --git a/client/example.js b/client/example.js index 13fecb8e..da492217 100644 --- a/client/example.js +++ b/client/example.js @@ -3,7 +3,7 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ var Client = require('./') -var email = 'me@example.com'; +var email = Buffer('më@example.com').toString('hex'); var password = 'verySecurePassword'; var publicKey = { "algorithm":"RS", diff --git a/models/recovery_email.js b/models/recovery_email.js index 6d10956d..4fd166eb 100644 --- a/models/recovery_email.js +++ b/models/recovery_email.js @@ -59,7 +59,7 @@ module.exports = function (crypto, P, db, mailer) { } RecoveryEmail.prototype.sendCode = function () { - return mailer.sendCode(this.email, this.code) + return mailer.sendCode(Buffer(this.email, 'hex').toString('utf8'), this.code) } RecoveryEmail.prototype.verify = function (code) { diff --git a/routes/account.js b/routes/account.js index bfcdd37b..5fda20cb 100644 --- a/routes/account.js +++ b/routes/account.js @@ -18,7 +18,8 @@ module.exports = function (crypto, uuid, isA, error, Account, RecoveryEmail) { tags: ["srp", "account"], validate: { payload: { - email: isA.String().email().required(), + // TODO: still need to validate the utf8 string is a valid email + email: isA.String().regex(HEX_STRING).required(), srp: isA.Object({ type: isA.String().required(), // TODO valid() verifier: isA.String().regex(HEX_STRING).required(), diff --git a/routes/auth.js b/routes/auth.js index fcb040ac..5d488fad 100644 --- a/routes/auth.js +++ b/routes/auth.js @@ -24,7 +24,7 @@ module.exports = function (isA, Account, SrpSession, AuthBundle) { }, validate: { payload: { - email: isA.String().email().required() + email: isA.String().regex(HEX_STRING).required() }, response: { schema: { diff --git a/routes/password.js b/routes/password.js index 42b6db87..fd918ce0 100644 --- a/routes/password.js +++ b/routes/password.js @@ -61,7 +61,7 @@ module.exports = function (isA, error, Account, tokens) { handler: notImplemented, validate: { payload: { - email: isA.String().email().required() + email: isA.String().regex(HEX_STRING).required() }, response: { schema: { diff --git a/test/account_tests.js b/test/account_tests.js index 8415bd6a..32cfe042 100644 --- a/test/account_tests.js +++ b/test/account_tests.js @@ -16,7 +16,7 @@ var AccountResetToken = models.tokens.AccountResetToken var a = { uid: 'xxx', - email: 'somebody@example.com', + email: Buffer('somebody@example.com').toString('hex'), srp: { verifier: 'BAD1', salt: 'BAD2' @@ -133,7 +133,7 @@ test( test( 'Account.exists returns false if the email is not in use', function (t) { - Account.exists('nobody@example.com').done( + Account.exists(Buffer('nobody@example.com').toString('hex')).done( function (exists) { t.equal(exists, false) t.end() diff --git a/test/integration.js b/test/integration.js index f0e20442..4918d838 100644 --- a/test/integration.js +++ b/test/integration.js @@ -3,7 +3,7 @@ var cp = require('child_process') var Client = require('../client') var config = require('../config').root() -var email = 'test@example.com' +var email = Buffer('test@example.com').toString('hex') var password = 'allyourbasearebelongtous' var publicKey = { "algorithm":"RS", diff --git a/test/recovery_email_tests.js b/test/recovery_email_tests.js index 8076a4a3..6840e10d 100644 --- a/test/recovery_email_tests.js +++ b/test/recovery_email_tests.js @@ -15,11 +15,13 @@ var mailer = { var models = require('../models')(config, dbs, mailer) var RecoveryEmail = models.RecoveryEmail +var email = Buffer('me@example.com').toString('hex') + test( 'RecoveryEmail.create generates a random 32 byte code as a hex string', function (t) { function end() { t.end() } - RecoveryEmail.create('xxx', 'me@example.com', true) + RecoveryEmail.create('xxx', email, true) .then( function (x) { t.equal(x.code.length, 64) @@ -41,7 +43,7 @@ test( function (t) { sends = 0 function end() { t.end() } - RecoveryEmail.create('xxx', 'me@example.com', true) + RecoveryEmail.create('xxx', email, true) .then( function (x) { t.equal(sends, 1) @@ -57,7 +59,7 @@ test( 'recoveryEmail.verify sets verified to true if the codes match', function (t) { function end() { t.end() } - RecoveryEmail.create('xxx', 'me@example.com', true) + RecoveryEmail.create('xxx', email, true) .then( function (x) { t.equal(x.verified, false) @@ -79,7 +81,7 @@ test( 'recoveryEmail.verify does not set verified if codes do not match', function (t) { function end() { t.end() } - RecoveryEmail.create('xxx', 'me@example.com', true) + RecoveryEmail.create('xxx', email, true) .then( function (x) { t.equal(x.verified, false) @@ -101,7 +103,7 @@ test( 'recoveryEmail.verify will not unset the verified flag from true to false', function (t) { function end() { t.end() } - RecoveryEmail.create('xxx', 'me@example.com', true) + RecoveryEmail.create('xxx', email, true) .then( function (x) { t.equal(x.verified, false) diff --git a/test/srp_session_tests.js b/test/srp_session_tests.js index 7ff81fe5..0b5f2eca 100644 --- a/test/srp_session_tests.js +++ b/test/srp_session_tests.js @@ -15,7 +15,7 @@ var SrpSession = models.SrpSession var alice = { uid: 'xxx', - email: 'somebody@example.com', + email: Buffer('somebödy@example.com').toString('hex'), password: 'awesomeSauce', srp: { verifier: null,