From 9ddceae8248c350191bef2980094f971983b23e3 Mon Sep 17 00:00:00 2001
From: "nicolas.dorier" <nicolas.dorier@gmail.com>
Date: Fri, 13 Oct 2017 16:59:02 +0900
Subject: [PATCH] Validate email in the api

---
 BTCPayServer.Tests/UnitTest1.cs               | 1 +
 BTCPayServer/Controllers/InvoiceController.cs | 8 ++++++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/BTCPayServer.Tests/UnitTest1.cs b/BTCPayServer.Tests/UnitTest1.cs
index b0c838033..0e016e37d 100644
--- a/BTCPayServer.Tests/UnitTest1.cs
+++ b/BTCPayServer.Tests/UnitTest1.cs
@@ -69,6 +69,7 @@ namespace BTCPayServer.Tests
 				user.GrantAccess();
 				var invoice = user.BitPay.CreateInvoice(new Invoice()
 				{
+					Buyer = new Buyer() { email = "test@fwf.com" },
 					Price = 5000.0,
 					Currency = "USD",
 					PosData = "posData",
diff --git a/BTCPayServer/Controllers/InvoiceController.cs b/BTCPayServer/Controllers/InvoiceController.cs
index f2794710e..171c17de5 100644
--- a/BTCPayServer/Controllers/InvoiceController.cs
+++ b/BTCPayServer/Controllers/InvoiceController.cs
@@ -97,8 +97,12 @@ namespace BTCPayServer.Controllers
 			entity.BuyerInformation = Map<Invoice, BuyerInformation>(invoice);
 			//Another way of passing buyer info to support
 			FillBuyerInfo(invoice.Buyer, entity.BuyerInformation);
-
-			entity.RefundMail = EmailValidator.IsEmail(entity?.BuyerInformation?.BuyerEmail) ? entity.BuyerInformation.BuyerEmail : null;
+			if(entity?.BuyerInformation?.BuyerEmail != null)
+			{
+				if(!EmailValidator.IsEmail(entity.BuyerInformation.BuyerEmail))
+					throw new BitpayHttpException(400, "Invalid email");
+				entity.RefundMail = entity.BuyerInformation.BuyerEmail;
+			}
 			entity.ProductInformation = Map<Invoice, ProductInformation>(invoice);
 			entity.RedirectURL = invoice.RedirectURL ?? store.StoreWebsite;
 			entity.Status = "new";