diff --git a/app/api/views/mailbox.py b/app/api/views/mailbox.py index 10bba2c2c..a8787afb5 100644 --- a/app/api/views/mailbox.py +++ b/app/api/views/mailbox.py @@ -38,7 +38,11 @@ def create_mailbox(): the new mailbox dict """ user = g.user - mailbox_email = sanitize_email(request.get_json().get("email")) + email = request.get_json().get("email") + if not email: + return jsonify(error="Invalid email"), 400 + + mailbox_email = sanitize_email(email) try: new_mailbox = mailbox_utils.create_mailbox(user, mailbox_email).mailbox diff --git a/tests/api/test_mailbox.py b/tests/api/test_mailbox.py index 085a42aaa..9cbdfc6f2 100644 --- a/tests/api/test_mailbox.py +++ b/tests/api/test_mailbox.py @@ -5,7 +5,7 @@ from tests.utils import login -def test_create_mailbox(flask_client): +def test_create_mailbox_valid(flask_client): login(flask_client) r = flask_client.post( @@ -21,10 +21,34 @@ def test_create_mailbox(flask_client): assert r.json["default"] is False assert r.json["nb_alias"] == 0 - # invalid email address + +def test_create_mailbox_invalid_email(flask_client): + login(flask_client) + r = flask_client.post( + "/api/mailboxes", + json={"email": "gmail.com"}, # not an email address + ) + + assert r.status_code == 400 + assert r.json == {"error": "Invalid email"} + + +def test_create_mailbox_empty_payload(flask_client): + login(flask_client) + r = flask_client.post( + "/api/mailboxes", + json={}, + ) + + assert r.status_code == 400 + assert r.json == {"error": "Invalid email"} + + +def test_create_mailbox_empty_email(flask_client): + login(flask_client) r = flask_client.post( "/api/mailboxes", - json={"email": "gmail.com"}, + json={"email": ""}, ) assert r.status_code == 400