From 92fce385d863cf2ecea4ec1addd958d9eb5e94ab Mon Sep 17 00:00:00 2001
From: Lloyd Hilaiel <lloyd@hilaiel.com>
Date: Thu, 12 Apr 2012 09:26:31 -0600
Subject: [PATCH] return HTTP 400 (bad request) when site or email parameters
 are malformed, not 500 (internal server error).  issue #1429 issue #1423

---
 lib/wsapi/stage_email.js | 13 +++++++++----
 lib/wsapi/stage_user.js  | 10 ++++++++--
 2 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/lib/wsapi/stage_email.js b/lib/wsapi/stage_email.js
index 76bca3b86..6ffe560ee 100644
--- a/lib/wsapi/stage_email.js
+++ b/lib/wsapi/stage_email.js
@@ -24,10 +24,15 @@ exports.i18n = true;
 
 exports.process = function(req, res) {
   // validate
-  // should do this one but it's failing for some reason
-  sanitize(req.body.email).isEmail();
-  sanitize(req.body.site).isOrigin();
-  
+  try {
+    sanitize(req.body.email).isEmail();
+    sanitize(req.body.site).isOrigin();
+  } catch(e) {
+    var msg = "invalid arguments: " + e;
+    logger.warn("bad request received: " + msg);
+    return httputils.badRequest(resp, msg);
+  }
+
   db.lastStaged(req.body.email, function (err, last) {
     if (err) return wsapi.databaseDown(res, err);
 
diff --git a/lib/wsapi/stage_user.js b/lib/wsapi/stage_user.js
index ca1a3318c..0408b7e76 100644
--- a/lib/wsapi/stage_user.js
+++ b/lib/wsapi/stage_user.js
@@ -29,8 +29,14 @@ exports.process = function(req, resp) {
   wsapi.clearAuthenticatedUser(req.session);
 
   // validate
-  sanitize(req.body.email).isEmail();
-  sanitize(req.body.site).isOrigin();
+  try {
+    sanitize(req.body.email).isEmail();
+    sanitize(req.body.site).isOrigin();
+  } catch(e) {
+    var msg = "invalid arguments: " + e;
+    logger.warn("bad request received: " + msg);
+    return httputils.badRequest(resp, msg);
+  }
 
   db.lastStaged(req.body.email, function (err, last) {
     if (err) return wsapi.databaseDown(resp, err);
-- 
GitLab