Skip to content

Commit

Permalink
Don't allow newlines in email addresses
Browse files Browse the repository at this point in the history
  • Loading branch information
macifell committed May 6, 2024
1 parent c7ba9ec commit ae3d7b0
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 1 deletion.
2 changes: 1 addition & 1 deletion lib/recognizer/accounts/user.ex
Original file line number Diff line number Diff line change
Expand Up @@ -142,7 +142,7 @@ defmodule Recognizer.Accounts.User do
defp validate_email(changeset) do
changeset
|> validate_required([:email])
|> validate_format(:email, ~r/^[^\s]+@[^\s]+\.[\w]+$/,
|> validate_format(:email, ~r/\A[^\s]+@[^\s]+\.[\w]+\z/,
message: "must have the @ sign, no spaces and a top level domain"
)
|> validate_length(:email, max: 160)
Expand Down
12 changes: 12 additions & 0 deletions test/recognizer/accounts_test.exs
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,18 @@ defmodule Recognizer.AccountsTest do
} = errors_on(changeset)
end

test "validates email does not have a preceding newline" do
{:error, changeset} = Accounts.register_user(%{email: "\n[email protected]"})

assert %{email: ["must have the @ sign, no spaces and a top level domain"]} = errors_on(changeset)
end

test "validates email does not have a trailing newline" do
{:error, changeset} = Accounts.register_user(%{email: "[email protected]\n"})

assert %{email: ["must have the @ sign, no spaces and a top level domain"]} = errors_on(changeset)
end

test "validates maximum values for email and password for security" do
too_long = String.duplicate("db", 100)
{:error, changeset} = Accounts.register_user(%{email: too_long, password: too_long})
Expand Down

0 comments on commit ae3d7b0

Please sign in to comment.