emails: fix email validation regex.

Fix the email validation regex allowing certain invalid emails like `foo@gmail..com`.
2022-01-02 14:59:36 -06:00
parent d903f45935
commit 751835745b
2 changed files with 41 additions and 1 deletions
--- a/app/logical/email_validator.rb
+++ b/app/logical/email_validator.rb
@@ -10,7 +10,7 @@ module EmailValidator
  module_function

  # https://www.regular-expressions.info/email.html
-  EMAIL_REGEX = /\A[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}\z/
+  EMAIL_REGEX = /\A[a-z0-9._%+-]+@(?:[a-z0-9][a-z0-9-]{0,61}\.)+[a-z]{2,}\z/i

  # Sites that ignore dots in email addresses, e.g. where `te.st@gmail.com` is
  # the same as `test@gmail.com`.
--- a/test/unit/email_address_test.rb
+++ b/test/unit/email_address_test.rb
@@ -0,0 +1,40 @@
+require 'test_helper'
+
+class EmailAddressTest < ActiveSupport::TestCase
+  context "EmailAddress" do
+    context "validation" do
+      should allow_value("foo@gmail.com").for(:address)
+      should allow_value("FOO@gmail.com").for(:address)
+      should allow_value("foo@GMAIL.com").for(:address)
+      should allow_value("foo@foo-bar.com").for(:address)
+      should allow_value("foo.bar@gmail.com").for(:address)
+      should allow_value("foo_bar@gmail.com").for(:address)
+      should allow_value("foo+bar@gmail.com").for(:address)
+      should allow_value("foo@foo.bar.com").for(:address)
+
+      should_not allow_value("foo@gmail.com ").for(:address)
+      should_not allow_value(" foo@gmail.com").for(:address)
+      should_not allow_value("foo@-gmail.com").for(:address)
+      should_not allow_value("foo@.gmail.com").for(:address)
+      should_not allow_value("foo@gmail").for(:address)
+      should_not allow_value("foo@gmail.").for(:address)
+      should_not allow_value("foo@gmail,com").for(:address)
+      should_not allow_value("foo@gmail.com.").for(:address)
+      should_not allow_value("foo@gmail.co,").for(:address)
+      should_not allow_value("fooqq@.com").for(:address)
+      should_not allow_value("foo@gmail..com").for(:address)
+      should_not allow_value("foo@gmailcom").for(:address)
+      should_not allow_value("mailto:foo@gmail.com").for(:address)
+      should_not allow_value('foo"bar"@gmail.com').for(:address)
+      should_not allow_value('foo<bar>@gmail.com').for(:address)
+      should_not allow_value("foo@gmail.com@gmail.com").for(:address)
+      should_not allow_value("foo@g,ail.com").for(:address)
+      should_not allow_value("foo@gmai;.com").for(:address)
+      should_not allow_value("foo@gmail@com").for(:address)
+      should_not allow_value("foo@gmail.c").for(:address)
+      should_not allow_value("foo@foo.-bar.com").for(:address)
+      should_not allow_value("foo@127.0.0.1").for(:address)
+      should_not allow_value("foo@localhost").for(:address)
+    end
+  end
+end