From 731529455554f7e27cc78e46dc8fa84a89494345 Mon Sep 17 00:00:00 2001
From: Chirag Aggarwal <chiragaggarwal5k@gmail.com>
Date: Mon, 20 Jan 2025 05:44:19 +0000
Subject: [PATCH] fix: phone number parsing exception handling

---
 app/controllers/api/account.php | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php
index 6935029450..592b72e83a 100644
--- a/app/controllers/api/account.php
+++ b/app/controllers/api/account.php
@@ -28,6 +28,7 @@ use Appwrite\Utopia\Database\Validator\CustomId;
 use Appwrite\Utopia\Database\Validator\Queries\Identities;
 use Appwrite\Utopia\Request;
 use Appwrite\Utopia\Response;
+use libphonenumber\NumberParseException;
 use libphonenumber\PhoneNumberUtil;
 use MaxMind\Db\Reader;
 use Utopia\Abuse\Abuse;
@@ -2467,7 +2468,12 @@ App::post('/v1/account/tokens/phone')
                 $abuse = new Abuse($timelimit);
                 if ($abuse->check() && System::getEnv('_APP_OPTIONS_ABUSE', 'enabled') === 'enabled') {
                     $helper = PhoneNumberUtil::getInstance();
-                    $countryCode = $helper->parse($phone)->getCountryCode();
+
+                    try {
+                        $countryCode = $helper->parse($phone)->getCountryCode();
+                    } catch (NumberParseException $e) {
+                        throw new Exception(Exception::GENERAL_ARGUMENT_INVALID, 'Invalid phone number');
+                    }
 
                     if (!empty($countryCode)) {
                         $queueForUsage
@@ -3587,7 +3593,12 @@ App::post('/v1/account/verification/phone')
                 $abuse = new Abuse($timelimit);
                 if ($abuse->check() && System::getEnv('_APP_OPTIONS_ABUSE', 'enabled') === 'enabled') {
                     $helper = PhoneNumberUtil::getInstance();
-                    $countryCode = $helper->parse($phone)->getCountryCode();
+
+                    try {
+                        $countryCode = $helper->parse($phone)->getCountryCode();
+                    } catch (NumberParseException $e) {
+                        throw new Exception(Exception::GENERAL_ARGUMENT_INVALID, 'Invalid phone number');
+                    }
 
                     if (!empty($countryCode)) {
                         $queueForUsage
@@ -4148,7 +4159,12 @@ App::post('/v1/account/mfa/challenge')
                     $abuse = new Abuse($timelimit);
                     if ($abuse->check() && System::getEnv('_APP_OPTIONS_ABUSE', 'enabled') === 'enabled') {
                         $helper = PhoneNumberUtil::getInstance();
-                        $countryCode = $helper->parse($phone)->getCountryCode();
+
+                        try {
+                            $countryCode = $helper->parse($phone)->getCountryCode();
+                        } catch (NumberParseException $e) {
+                            throw new Exception(Exception::GENERAL_ARGUMENT_INVALID, 'Invalid phone number');
+                        }
 
                         if (!empty($countryCode)) {
                             $queueForUsage