From 19e42cedc83055222a316f6e0161bc53dde33c91 Mon Sep 17 00:00:00 2001
From: Jesse Shawl <jesse@jesse.sh>
Date: Wed, 3 Jan 2024 18:22:14 -0600
Subject: [PATCH] Validate email addresses (#14)

* see what an invalid email looks like

* 400 for invalid emails
---
 app/controllers/api/api_controller.rb       |  6 +++++-
 spec/controllers/api/api_controller_spec.rb | 10 ++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/app/controllers/api/api_controller.rb b/app/controllers/api/api_controller.rb
index cdc99e0..ff818f0 100644
--- a/app/controllers/api/api_controller.rb
+++ b/app/controllers/api/api_controller.rb
@@ -6,7 +6,11 @@ class ApiController < ApplicationController
     def notify
       return head 400 if params[:to]&.match(/psnator/)
 
-      @notification = Notification.from_params(params)
+      begin
+        @notification = Notification.from_params(params)
+      rescue => e
+         return render json: {error: e.message}, status: 400
+      end
       render json: @notification
     end
   end
diff --git a/spec/controllers/api/api_controller_spec.rb b/spec/controllers/api/api_controller_spec.rb
index 3e980d7..7196b6d 100644
--- a/spec/controllers/api/api_controller_spec.rb
+++ b/spec/controllers/api/api_controller_spec.rb
@@ -27,6 +27,16 @@
       }
     expect(response.code).to eq('400')
   end
+  it 'handles invalid email addresses' do
+    post :notify, params:
+    {
+      to: 'not a valid email address',
+      subject: 'hello',
+      body: 'goodbye'
+    }
+    expect(response.code).to eq('400')
+    expect(response.body).to match('email(.*)invalid')
+  end
   it 'supports multiple recipients' do
     stub_request(:post, 'https://api.sendgrid.com/v3/mail/send')
       .with(