From e30e6d9f5575cd502764abeb380b253de3b95262 Mon Sep 17 00:00:00 2001
From: Shaun Hamilton <shauhami020@gmail.com>
Date: Wed, 3 May 2023 13:53:28 +0100
Subject: [PATCH] fix(api-server): check type of email to prevent throw
 (#50259)

---
 api-server/src/server/boot/authentication.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api-server/src/server/boot/authentication.js b/api-server/src/server/boot/authentication.js
index c7589da53ce..26765096f10 100644
--- a/api-server/src/server/boot/authentication.js
+++ b/api-server/src/server/boot/authentication.js
@@ -220,7 +220,7 @@ function mobileLogin(app) {
 
       const { email } = await auth0Res.json();
 
-      if (!isEmail(email)) {
+      if (typeof email !== 'string' || !isEmail(email)) {
         return next(
           wrapHandledError(new TypeError('decoded email is invalid'), {
             type: 'danger',