From 9a75ee6f30bdded027c43957148532a3f6ba04fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20Bajto=C5=A1?= Date: Tue, 6 Sep 2016 12:50:03 +0200 Subject: [PATCH] Rework email validation to use isemail Drop hand-crafted RegExp in favour of a 3rd-party module that supports RFC5321, RFC5322 and other relevant standards. --- common/models/user.js | 19 +++++++++++++++---- package.json | 1 + test/user.test.js | 17 ++++++++++++----- 3 files changed, 28 insertions(+), 9 deletions(-) diff --git a/common/models/user.js b/common/models/user.js index 3394e19e..7aa7e04c 100644 --- a/common/models/user.js +++ b/common/models/user.js @@ -9,6 +9,7 @@ var g = require('strong-globalize')(); +var isEmail = require('isemail'); var loopback = require('../../lib/loopback'); var utils = require('../../lib/utils'); var path = require('path'); @@ -752,10 +753,9 @@ module.exports = function(User) { assert(loopback.AccessToken, 'AccessToken model must be defined before User model'); UserModel.accessToken = loopback.AccessToken; - // email validation regex - var re = /^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/; - - UserModel.validatesFormatOf('email', { with: re, message: g.f('Must provide a valid email') }); + UserModel.validate('email', emailValidator, { + message: g.f('Must provide a valid email'), + }); // FIXME: We need to add support for uniqueness of composite keys in juggler if (!(UserModel.settings.realmRequired || UserModel.settings.realmDelimiter)) { @@ -772,3 +772,14 @@ module.exports = function(User) { User.setup(); }; + +function emailValidator(err, done) { + var value = this.email; + if (value == null) + return; + if (typeof value !== 'string') + return err('string'); + if (value === '') return; + if (!isEmail(value)) + return err('email'); +} diff --git a/package.json b/package.json index 92766fbd..2b059745 100644 --- a/package.json +++ b/package.json @@ -48,6 +48,7 @@ "inflection": "^1.6.0", "loopback-connector-remote": "^2.0.0-alpha.1", "loopback-datasource-juggler": "^3.0.0-alpha.7", + "isemail": "^1.2.0", "loopback-phase": "^1.2.0", "nodemailer": "^2.5.0", "nodemailer-stub-transport": "^1.0.0", diff --git a/test/user.test.js b/test/user.test.js index 477019f2..a13d3c7b 100644 --- a/test/user.test.js +++ b/test/user.test.js @@ -120,10 +120,7 @@ describe('User', function() { assert.equal(err.name, 'ValidationError'); assert.equal(err.statusCode, 422); assert.equal(err.details.context, User.modelName); - assert.deepEqual(err.details.codes.email, [ - 'presence', - 'format.null', - ]); + assert.deepEqual(err.details.codes.email, ['presence']); done(); }); @@ -143,11 +140,21 @@ describe('User', function() { it('Requires a valid email', function(done) { User.create({ email: 'foo@', password: '123' }, function(err) { assert(err); - + assert.equal(err.name, 'ValidationError'); + assert.equal(err.statusCode, 422); + assert.equal(err.details.context, User.modelName); + assert.deepEqual(err.details.codes.email, ['custom.email']); done(); }); }); + it('allows TLD domains in email', function() { + return User.create({ + email: 'local@com', + password: '123', + }); + }); + it('Requires a unique email', function(done) { User.create({ email: 'a@b.com', password: 'foobar' }, function() { User.create({ email: 'a@b.com', password: 'batbaz' }, function(err) {