From 60105c7c799922216baf070d9125bb96ed677f21 Mon Sep 17 00:00:00 2001
From: Miguel Renaud-Nolte <miguelrn@tuta.io>
Date: Mon, 10 Apr 2023 02:48:22 +0000
Subject: [PATCH 1/3] fix: accept only valid data from POST

With the current data validation check, an empty POST request with valid GET parameters will cause the validation to pass but a TypeError will be thrown because on line 110 it is fetching null data from POST.
---
 src/Controllers/RegisterController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Controllers/RegisterController.php b/src/Controllers/RegisterController.php
index 2fe94c31a..6f394faa0 100644
--- a/src/Controllers/RegisterController.php
+++ b/src/Controllers/RegisterController.php
@@ -100,7 +100,7 @@ public function registerAction(): RedirectResponse
         // like the password, can only be validated properly here.
         $rules = $this->getValidationRules();
 
-        if (! $this->validate($rules)) {
+        if (! $this->validateData($this->request->getPost(), $rules)) {
             return redirect()->back()->withInput()->with('errors', $this->validator->getErrors());
         }
 

From a96ccdf503d80a1c474b54b5f7b03e49d23b6be1 Mon Sep 17 00:00:00 2001
From: Miguel Renaud-Nolte <miguelrn@tuta.io>
Date: Mon, 10 Apr 2023 02:55:33 +0000
Subject: [PATCH 2/3] fix: only validate data from POST request body

With the current data validation check, an empty POST request with valid GET parameters will cause the validation to pass but credentials which are later fetched from POST request body will be null.
---
 src/Controllers/LoginController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Controllers/LoginController.php b/src/Controllers/LoginController.php
index 9cff8f3aa..8c5bc445d 100644
--- a/src/Controllers/LoginController.php
+++ b/src/Controllers/LoginController.php
@@ -47,7 +47,7 @@ public function loginAction(): RedirectResponse
         // like the password, can only be validated properly here.
         $rules = $this->getValidationRules();
 
-        if (! $this->validate($rules)) {
+        if (! $this->validateData($this->request->getPost(), $rules)) {
             return redirect()->back()->withInput()->with('errors', $this->validator->getErrors());
         }
 

From eed24a4380336f14e19b7e29a7728719f86cab17 Mon Sep 17 00:00:00 2001
From: Miguel Renaud-Nolte <miguelrn@tuta.io>
Date: Mon, 10 Apr 2023 02:59:21 +0000
Subject: [PATCH 3/3] fix: only validate data from POST request body

With the current data validation check, an empty POST request with valid GET parameters will cause the validation to pass later when data is fetched from POST request body, it will be null.
---
 src/Controllers/MagicLinkController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Controllers/MagicLinkController.php b/src/Controllers/MagicLinkController.php
index 84fdfbb7e..2f081a82c 100644
--- a/src/Controllers/MagicLinkController.php
+++ b/src/Controllers/MagicLinkController.php
@@ -65,7 +65,7 @@ public function loginAction()
     {
         // Validate email format
         $rules = $this->getValidationRules();
-        if (! $this->validate($rules)) {
+        if (! $this->validateData($this->request->getPost(), $rules)) {
             return redirect()->route('magic-link')->with('errors', $this->validator->getErrors());
         }