From 61b5882d48eccb556fccdd76df392431a214bde0 Mon Sep 17 00:00:00 2001
From: ricola <ricola@poivron.org>
Date: Thu, 4 Dec 2025 18:30:48 -0600
Subject: [PATCH] Validate new organizer

---
 vedia.rb | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/vedia.rb b/vedia.rb
index d30fdaa..63c1f71 100644
--- a/vedia.rb
+++ b/vedia.rb
@@ -137,7 +137,7 @@ end
 
 post '/reset' do
   @errors = []
-  unless params[:email] =~ URI::MailTo::EMAIL_REGEXP
+  if not params[:email] =~ URI::MailTo::EMAIL_REGEXP
     @errors << OpenStruct.new(:attribute => :email, :type => :invalid)
   end
   if not @errors.empty?
@@ -503,8 +503,22 @@ post '/votes/:id/organizers' do
   require_login
   find_vote
   require_organizer
-  user = User.find_by(email: params[:email])
-  @vote.users << user
+  @errors = []
+  if not params[:email] =~ URI::MailTo::EMAIL_REGEXP
+    @errors << OpenStruct.new(:attribute => :email, :type => :invalid)
+  else
+    user = User.find_by(email: params[:email])
+    if not user
+      @errors << OpenStruct.new(:attribute => :email, :type => :unknown)
+      @params = params
+    elsif @vote.users.exists?(user.id)
+      @errors << OpenStruct.new(:attribute => :email, :type => :duplicate)
+    else
+      @vote.users << user
+    end
+  end
+  # I'm not displaying the error message yet because it would require choosing
+  # between erb :votes_edit, :votes_show_closed, and :votes_show_open.
   redirect '/votes/' + @vote.secure_id
 end