Skip to content

Commit

Permalink
Make e-mail sanity check more precise (#20991)
Browse files Browse the repository at this point in the history 
For security reasons, all e-mail addresses starting with
non-alphanumeric characters were rejected. This is too broad and rejects
perfectly valid e-mail addresses. Only leading hyphens should be
rejected -- in all other cases e-mail address specification should
follow RFC 5322.

Co-authored-by: Andreas Fischer <[email protected]>
Co-authored-by: 6543 <[email protected]>
Co-authored-by: zeripath <[email protected]>
Co-authored-by: techknowlogick <[email protected]>
  • Loading branch information
@balanceofcowards @6543
@zeripath @techknowlogick
5 people authored Oct 12, 2022
1 parent b5a54f0 commit 9862936
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 20 deletions.
5 changes: 2 additions & 3 deletions models/user/email_address.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ func (err ErrEmailCharIsNotSupported) Error() string {
}

// ErrEmailInvalid represents an error where the email address does not comply with RFC 5322
// or has a leading '-' character
type ErrEmailInvalid struct {
Email string
}
Expand Down Expand Up @@ -134,9 +135,7 @@ func ValidateEmail(email string) error {
return ErrEmailCharIsNotSupported{email}
}

if !(email[0] >= 'a' && email[0] <= 'z') &&
!(email[0] >= 'A' && email[0] <= 'Z') &&
!(email[0] >= '0' && email[0] <= '9') {
if email[0] == '-' {
return ErrEmailInvalid{email}
}

Expand Down
36 changes: 19 additions & 17 deletions models/user/email_address_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -281,23 +281,25 @@ func TestEmailAddressValidate(t *testing.T) {
`[email protected]`: nil,
`first;[email protected]`: user_model.ErrEmailCharIsNotSupported{`first;[email protected]`},
"[email protected]": user_model.ErrEmailInvalid{"[email protected]"},
"[email protected]": user_model.ErrEmailInvalid{"[email protected]"},
"#[email protected]": user_model.ErrEmailInvalid{"#[email protected]"},
"[email protected]": user_model.ErrEmailInvalid{"[email protected]"},
"%[email protected]": user_model.ErrEmailInvalid{"%[email protected]"},
"&[email protected]": user_model.ErrEmailInvalid{"&[email protected]"},
"'[email protected]": user_model.ErrEmailInvalid{"'[email protected]"},
"*[email protected]": user_model.ErrEmailInvalid{"*[email protected]"},
"[email protected]": user_model.ErrEmailInvalid{"[email protected]"},
"/[email protected]": user_model.ErrEmailInvalid{"/[email protected]"},
"[email protected]": user_model.ErrEmailInvalid{"[email protected]"},
"[email protected]": user_model.ErrEmailInvalid{"[email protected]"},
"^[email protected]": user_model.ErrEmailInvalid{"^[email protected]"},
"`[email protected]": user_model.ErrEmailInvalid{"`[email protected]"},
"{[email protected]": user_model.ErrEmailInvalid{"{[email protected]"},
"|[email protected]": user_model.ErrEmailInvalid{"|[email protected]"},
"}[email protected]": user_model.ErrEmailInvalid{"}[email protected]"},
"[email protected]": user_model.ErrEmailInvalid{"[email protected]"},
"[email protected]": nil,
"#[email protected]": nil,
"[email protected]": nil,
"%[email protected]": nil,
"&[email protected]": nil,
"'[email protected]": nil,
"*[email protected]": nil,
"[email protected]": nil,
"[email protected]": user_model.ErrEmailInvalid{"[email protected]"},
"/[email protected]": nil,
"[email protected]": nil,
"[email protected]": nil,
"^[email protected]": nil,
"[email protected]": nil,
"`[email protected]": nil,
"{[email protected]": nil,
"|[email protected]": nil,
"}[email protected]": nil,
"[email protected]": nil,
";[email protected]": user_model.ErrEmailCharIsNotSupported{";[email protected]"},
"Foo <[email protected]>": user_model.ErrEmailCharIsNotSupported{"Foo <[email protected]>"},
string([]byte{0xE2, 0x84, 0xAA}): user_model.ErrEmailCharIsNotSupported{string([]byte{0xE2, 0x84, 0xAA})},
Expand Down

0 comments on commit 9862936

Please sign in to comment.