2 files changed, 65 insertions, 3 deletions

diff --git a/internal/api/client/instance/instancepatch_test.go b/internal/api/client/instance/instancepatch_test.go
index 683fec5a6..90464d009 100644
--- a/internal/api/client/instance/instancepatch_test.go
+++ b/internal/api/client/instance/instancepatch_test.go
@@ -187,6 +187,65 @@ func (suite *InstancePatchTestSuite) TestInstancePatch5() {
 	suite.Equal(`{"error":"Forbidden: user is not an admin so cannot update instance settings"}`, string(b))
 }
 
+func (suite *InstancePatchTestSuite) TestInstancePatch6() {
+	requestBody, w, err := testrig.CreateMultipartFormData(
+		"", "",
+		map[string]string{
+			"contact_email": "",
+		})
+	if err != nil {
+		panic(err)
+	}
+	bodyBytes := requestBody.Bytes()
+
+	// set up the request
+	recorder := httptest.NewRecorder()
+	ctx := suite.newContext(recorder, http.MethodPatch, bodyBytes, instance.InstanceInformationPath, w.FormDataContentType())
+
+	// call the handler
+	suite.instanceModule.InstanceUpdatePATCHHandler(ctx)
+
+	// we should have OK because our request was valid
+	suite.Equal(http.StatusOK, recorder.Code)
+
+	result := recorder.Result()
+	defer result.Body.Close()
+
+	b, err := io.ReadAll(result.Body)
+	suite.NoError(err)
+
+	suite.Equal(`{"uri":"http://localhost:8080","title":"localhost:8080","description":"","short_description":"","email":"","version":"","registrations":true,"approval_required":true,"invites_enabled":false,"urls":{"streaming_api":"wss://localhost:8080"},"stats":{"domain_count":2,"status_count":16,"user_count":4},"thumbnail":"","max_toot_chars":5000}`, string(b))
+}
+
+func (suite *InstancePatchTestSuite) TestInstancePatch7() {
+	requestBody, w, err := testrig.CreateMultipartFormData(
+		"", "",
+		map[string]string{
+			"contact_email": "not.an.email.address",
+		})
+	if err != nil {
+		panic(err)
+	}
+	bodyBytes := requestBody.Bytes()
+
+	// set up the request
+	recorder := httptest.NewRecorder()
+	ctx := suite.newContext(recorder, http.MethodPatch, bodyBytes, instance.InstanceInformationPath, w.FormDataContentType())
+
+	// call the handler
+	suite.instanceModule.InstanceUpdatePATCHHandler(ctx)
+
+	suite.Equal(http.StatusBadRequest, recorder.Code)
+
+	result := recorder.Result()
+	defer result.Body.Close()
+
+	b, err := io.ReadAll(result.Body)
+	suite.NoError(err)
+
+	suite.Equal(`{"error":"Bad Request: mail: missing '@' or angle-addr"}`, string(b))
+}
+
 func TestInstancePatchTestSuite(t *testing.T) {
 	suite.Run(t, &InstancePatchTestSuite{})
 }
diff --git a/internal/processing/instance.go b/internal/processing/instance.go
index a95f87ebd..4d1e8b8fd 100644
--- a/internal/processing/instance.go
+++ b/internal/processing/instance.go
@@ -167,10 +167,13 @@ func (p *processor) InstancePatch(ctx context.Context, form *apimodel.InstanceSe
 
 	// validate & update site contact email if it's set on the form
 	if form.ContactEmail != nil {
-		if err := validate.Email(*form.ContactEmail); err != nil {
-			return nil, gtserror.NewErrorBadRequest(err, err.Error())
+		contactEmail := *form.ContactEmail
+		if contactEmail != "" {
+			if err := validate.Email(contactEmail); err != nil {
+				return nil, gtserror.NewErrorBadRequest(err, err.Error())
+			}
 		}
-		i.ContactEmail = *form.ContactEmail
+		i.ContactEmail = contactEmail
 	}
 
 	// validate & update site short description if it's set on the form