Validate contact email syntax, fixes #46693

puzzle · Apr 11, 2022 · da933bd · da933bd
1 parent 6233e36
commit da933bd
Show file tree

Hide file tree

Showing 6 changed files with 45 additions and 0 deletions.
diff --git a/Gemfile b/Gemfile
@@ -18,6 +18,7 @@ gem 'dalli'
 gem 'delayed_cron_job'
 gem 'delayed_job_active_record'
 gem 'devise'
+gem 'email_address'
 gem 'fast_jsonapi'
 gem 'haml'
 gem 'highrise'

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -216,6 +216,8 @@ GEM
       dry-equalizer (~> 0.2)
       dry-initializer (~> 3.0)
       dry-schema (~> 1.5, >= 1.5.2)
+    email_address (0.2.2)
+      simpleidn
     erubi (1.10.0)
     ethon (0.14.0)
       ffi (>= 1.15.0)
@@ -510,6 +512,8 @@ GEM
       simplecov_json_formatter (~> 0.1)
     simplecov-html (0.12.3)
     simplecov_json_formatter (0.1.3)
+    simpleidn (0.2.1)
+      unf (~> 0.1.4)
     sixarm_ruby_unaccent (1.2.0)
     sort_alphabetical (1.1.0)
       unicode_utils (>= 1.2.2)
@@ -538,6 +542,9 @@ GEM
       thread_safe (~> 0.1)
     uglifier (4.2.0)
       execjs (>= 0.3.0, < 3)
+    unf (0.1.4)
+      unf_ext
+    unf_ext (0.0.8.1)
     unicode-display_width (2.0.0)
     unicode_utils (1.4.0)
     uniform_notifier (1.14.2)
@@ -598,6 +605,7 @@ DEPENDENCIES
   delayed_cron_job
   delayed_job_active_record
   devise
+  email_address
   execjs
   fabrication
   faker

diff --git a/app/models/contact.rb b/app/models/contact.rb
@@ -32,6 +32,7 @@ class Contact < ActiveRecord::Base
 
   validates_by_schema
   validates :firstname, :lastname, :client_id, presence: true
+  validates :email, email: true, allow_blank: true
   validates :invoicing_key, uniqueness: true, allow_blank: true
 
   scope :list, -> { order(:lastname, :firstname) }

diff --git a/app/models/util/email_validator.rb b/app/models/util/email_validator.rb
@@ -0,0 +1,7 @@
+class EmailValidator < ActiveModel::EachValidator
+  def validate_each(record, attribute, value)
+    return if EmailAddress.valid?(value, host_validation: :syntax)
+
+    record.errors.add attribute, (options[:message] || I18n.t('error.message.invalid_email'))
+  end
+end
diff --git a/config/locales/error_messages.de-CH.yml b/config/locales/error_messages.de-CH.yml
@@ -15,3 +15,5 @@ de-CH:
     login:
       ldapname_not_found:
         'Der Member mit dem LDAP Name: "%{ldapname}" konnte nicht gefunden werden.'
+    message:
+      invalid_email: 'ist keine gültige Email Adresse'
diff --git a/test/models/contact_test.rb b/test/models/contact_test.rb
@@ -0,0 +1,26 @@
+#  Copyright (c) 2006-2022, Puzzle ITC GmbH. This file is part of
+#  PuzzleTime and licensed under the Affero General Public License version 3
+#  or later. See the COPYING file at the top-level directory or at
+#  https://github.com/puzzle/puzzletime.
+
+require 'test_helper'
+
+class ContactTest < ActiveSupport::TestCase
+  def contact(email:)
+    Fabricate.build(:contact, email: email, client: clients(:puzzle))
+  end
+
+  test 'email can be blank' do
+    assert contact(email: nil).valid?
+    assert contact(email: '').valid?
+  end
+
+  test 'email must be valid' do
+    assert contact(email: '[email protected]').valid?
+    refute contact(email: 'test').valid?
+    refute contact(email: 'example.com').valid?
+    refute contact(email: '@example.com').valid?
+    refute contact(email: 'test@[email protected]').valid?
+    refute contact(email: 'andré@example.com').valid?
+  end
+end