From 685f84d439eae7a8be929e530889d12ce12bb48b Mon Sep 17 00:00:00 2001
From: BilalG1 <bg2002@gmail.com>
Date: Wed, 5 Nov 2025 16:45:07 -0800
Subject: [PATCH] fix empty email on sign-in error (#994)

<!--

Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md

-->


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Sign-in now rejects empty email values and returns a validation error
instead of accepting them.

* **Tests**
* Added an end-to-end test that verifies signing in with an empty email
returns a schema validation error (HTTP 400).
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
---
 .../latest/auth/password/sign-in/route.tsx    |  2 +-
 .../api/v1/auth/password/sign-in.test.ts      | 33 +++++++++++++++++++
 2 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/apps/backend/src/app/api/latest/auth/password/sign-in/route.tsx b/apps/backend/src/app/api/latest/auth/password/sign-in/route.tsx
index 8f90ecf66..98eaa2742 100644
--- a/apps/backend/src/app/api/latest/auth/password/sign-in/route.tsx
+++ b/apps/backend/src/app/api/latest/auth/password/sign-in/route.tsx
@@ -20,7 +20,7 @@ export const POST = createSmartRouteHandler({
       tenancy: adaptSchema,
     }).defined(),
     body: yupObject({
-      email: emailSchema.defined(),
+      email: emailSchema.defined().nonEmpty(),
       password: passwordSchema.defined(),
     }).defined(),
   }),
diff --git a/apps/e2e/tests/backend/endpoints/api/v1/auth/password/sign-in.test.ts b/apps/e2e/tests/backend/endpoints/api/v1/auth/password/sign-in.test.ts
index 4f19aaf41..2bf62c706 100644
--- a/apps/e2e/tests/backend/endpoints/api/v1/auth/password/sign-in.test.ts
+++ b/apps/e2e/tests/backend/endpoints/api/v1/auth/password/sign-in.test.ts
@@ -129,3 +129,36 @@ it("should not allow signing in when MFA is required", async ({ expect }) => {
     }
   `);
 });
+
+it("should return a schema error for empty e-mail address", async ({ expect }) => {
+  const response = await niceBackendFetch("/api/v1/auth/password/sign-in", {
+    method: "POST",
+    accessType: "client",
+    body: {
+      email: "",
+      password: "some-password",
+    },
+  });
+  expect(response).toMatchInlineSnapshot(`
+    NiceResponse {
+      "status": 400,
+      "body": {
+        "code": "SCHEMA_ERROR",
+        "details": {
+          "message": deindent\`
+            Request validation failed on POST /api/v1/auth/password/sign-in:
+              - body.email must not be empty
+          \`,
+        },
+        "error": deindent\`
+          Request validation failed on POST /api/v1/auth/password/sign-in:
+            - body.email must not be empty
+        \`,
+      },
+      "headers": Headers {
+        "x-stack-known-error": "SCHEMA_ERROR",
+        <some fields may have been hidden>,
+      },
+    }
+  `);
+});