feat: prevent email with plug

2025-08-01 18:58:42 +07:00 · 2025-08-01 18:58:42 +07:00 · 641531e8b3
parent 795fdd6b3f
commit 641531e8b3
2 changed files with 6 additions and 3 deletions
--- a/apps/backend/src/services/auth/auth.service.ts
+++ b/apps/backend/src/services/auth/auth.service.ts
@ -36,10 +36,13 @@ export class AuthService {
    addToOrg?: boolean | { orgId: string; role: 'USER' | 'ADMIN'; id: string }
  ) {
    if (provider === Provider.LOCAL) {
+      if (process.env.DISALLOW_PLUS && body.email.includes('+')) {
+        throw new Error('Email with plus sign is not allowed');
+      }
      const user = await this._userService.getUserByEmail(body.email);
      if (body instanceof CreateOrgUserDto) {
        if (user) {
-          throw new Error('User already exists');
+          throw new Error('Email already exists');
        }

        if (!(await this.canRegister(provider))) {
--- a/apps/frontend/src/components/auth/register.tsx
+++ b/apps/frontend/src/components/auth/register.tsx
@ -116,7 +116,7 @@ export function RegisterAfter({
        ...data,
      }),
    })
-      .then((response) => {
+      .then(async (response) => {
        setLoading(false);
        if (response.status === 200) {
          fireEvents('register');
@ -129,7 +129,7 @@ export function RegisterAfter({
          });
        } else {
          form.setError('email', {
-            message: getHelpfulReasonForRegistrationFailure(response.status),
+            message: await response.text(),
          });
        }
      })