Merge branch 'disallow-email-newlines' into staging

system76 · May 6, 2024 · 422f729 · 422f729
2 parents 2dcdbd2 + ae3d7b0
commit 422f729
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 1 deletion.
diff --git a/lib/recognizer/accounts/user.ex b/lib/recognizer/accounts/user.ex
@@ -142,7 +142,7 @@ defmodule Recognizer.Accounts.User do
   defp validate_email(changeset) do
     changeset
     |> validate_required([:email])
-    |> validate_format(:email, ~r/^[^\s]+@[^\s]+\.[\w]+$/,
+    |> validate_format(:email, ~r/\A[^\s]+@[^\s]+\.[\w]+\z/,
       message: "must have the @ sign, no spaces and a top level domain"
     )
     |> validate_length(:email, max: 160)

diff --git a/test/recognizer/accounts_test.exs b/test/recognizer/accounts_test.exs
@@ -79,6 +79,18 @@ defmodule Recognizer.AccountsTest do
              } = errors_on(changeset)
     end
 
+    test "validates email does not have a preceding newline" do
+      {:error, changeset} = Accounts.register_user(%{email: "\n[email protected]"})
+
+      assert %{email: ["must have the @ sign, no spaces and a top level domain"]} = errors_on(changeset)
+    end
+
+    test "validates email does not have a trailing newline" do
+      {:error, changeset} = Accounts.register_user(%{email: "[email protected]\n"})
+
+      assert %{email: ["must have the @ sign, no spaces and a top level domain"]} = errors_on(changeset)
+    end
+
     test "validates maximum values for email and password for security" do
       too_long = String.duplicate("db", 100)
       {:error, changeset} = Accounts.register_user(%{email: too_long, password: too_long})