Email validation #70
Comments
|
What problem do you hope to solve? Is there an email address that is not allowed by the validation, or are you concerned that it will allow too many false addresses? If you have a real-world email address that is rejected by AuthN, then that's a bug and needs to be fixed. If you have false addresses that are being allowed by AuthN, then I think it's out of scope for a validation routine. There's no substitute for asking a user to verify their email by clicking a link. |
|
There are two sections of the RFC document which are representing the format of email addresses: For example, these two addresses were rejected by AuthN:
But they are valid. |
|
Yeah, I'm aware that the regular expression is not a complete implementation of the RFC. The problem is that "valid email address" is defined by:
What I think matters most is:
Given that, I'd be happy to merge a PR that allows the validation to accept more real-world email addresses without adding significant complexity. 👍 |
|
Happy to consider specific improvements to the email regex, but I can't see synchronous validation ever replacing traditional email verification. |
The function that validates emails, in my opinion, is poor:
https://github.com/keratin/authn-server/blob/master/services/util.go#L8-L14
There are some packages which validate emails: https://github.com/search?l=Go&q=email+validator&type=Repositories
We need to find a solution that does it better. I think, the authn-server must has a few options like validate by regexp, smtp checking, dns checking, or at all without email validation step.
Email validation is not simple because of the RFC.
The text was updated successfully, but these errors were encountered: