aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHarald Eilertsen <haraldei@anduin.net>2024-01-08 11:16:45 +0100
committerHarald Eilertsen <haraldei@anduin.net>2024-01-15 19:52:31 +0100
commit403539919a9a5b1e3e2ac9725a3b8b17403b2935 (patch)
tree1f08b6b3acd2613f9ffca09574d6868e55a6f6c3
parent52ea2fa33e0fb4e6d288f15a12fc1d5e5f80a801 (diff)
downloadvolse-hubzilla-403539919a9a5b1e3e2ac9725a3b8b17403b2935.tar.gz
volse-hubzilla-403539919a9a5b1e3e2ac9725a3b8b17403b2935.tar.bz2
volse-hubzilla-403539919a9a5b1e3e2ac9725a3b8b17403b2935.zip
Improve the validate_email function
The validate_email function relied on doing an actual domain lookup (on supported platforms) to validate the domain of the email address. This does not work too well in testing environments where we may not want to spam the DNS system, if it at all is available. Apart from the the function did very little to actually verify that it was a valid email address. This patch tries to change that by usng a somewhat stricted regex based validation. While this may not be perfect, it should be good enough in the vast majority of cases. For platforms where no validation was performed with the old version, it will at least be an improvement. Also, it allows testing without having an external network connection. Also clarify the doc comment, that it does not actually try to resolve the email address, just the domain.
-rw-r--r--include/network.php27
-rw-r--r--tests/unit/includes/NetworkTest.php89
2 files changed, 81 insertions, 35 deletions
diff --git a/include/network.php b/include/network.php
index f5c5303b3..c5411e702 100644
--- a/include/network.php
+++ b/include/network.php
@@ -591,23 +591,30 @@ function validate_url(&$url) {
}
/**
- * @brief Checks that email is an actual resolvable internet address.
+ * @brief Checks that email is valid, and that the domain resolves.
*
- * @param string $addr
- * @return boolean
+ * Note: This does not try to check that the actual email address will resolve,
+ * only the domain!
+ *
+ * @param string $addr The email address to validate.
+ * @return boolean True if email is valid, false otherwise.
*/
-function validate_email($addr) {
+function validate_email(string $addr): bool {
if(get_config('system', 'disable_email_validation'))
return true;
- if(! strpos($addr, '@'))
- return false;
-
- $h = substr($addr, strpos($addr, '@') + 1);
+ $matches = array();
+ $result = preg_match(
+ '/^[A-Z0-9._%-]+@([A-Z0-9.-]+\.[A-Z0-9-]{2,})$/i',
+ punify($addr),
+ $matches);
- if(($h) && z_dns_check($h, true)) {
- return true;
+ if($result) {
+ $domain = $matches[1];
+ if(($domain) && z_dns_check($domain, true)) {
+ return true;
+ }
}
return false;
diff --git a/tests/unit/includes/NetworkTest.php b/tests/unit/includes/NetworkTest.php
index 0b9b42e00..9fb00e9d3 100644
--- a/tests/unit/includes/NetworkTest.php
+++ b/tests/unit/includes/NetworkTest.php
@@ -5,29 +5,68 @@
* @package test.util
*/
-use PHPUnit\Framework\TestCase;
-
-require_once('include/network.php');
-
-class NetworkTest extends TestCase {
-
- public function setup() : void {
- \App::set_baseurl("https://mytest.org");
- }
-
- /**
- * @dataProvider localUrlTestProvider
- */
- public function testIsLocalURL($url, $expected) {
- $this->assertEquals($expected, is_local_url($url));
- }
-
- public function localUrlTestProvider() : array {
- return [
- [ '/some/path', true ],
- [ 'https://mytest.org/some/path', true ],
- [ 'https://other.site/some/path', false ],
- ];
- }
-}
+class NetworkTest extends Zotlabs\Tests\Unit\UnitTestCase {
+
+ public function setUp() : void {
+ parent::setUp();
+
+ \App::set_baseurl("https://mytest.org");
+ }
+
+ /**
+ * @dataProvider localUrlTestProvider
+ */
+ public function testIsLocalURL($url, $expected) {
+ $this->assertEquals($expected, is_local_url($url));
+ }
+
+ public function localUrlTestProvider() : array {
+ return [
+ [ '/some/path', true ],
+ [ 'https://mytest.org/some/path', true ],
+ [ 'https://other.site/some/path', false ],
+ ];
+ }
+
+ /**
+ * Test the validate_email function.
+ *
+ * @dataProvider validate_email_provider
+ */
+ public function test_validate_email(string $email, bool $expected) : void {
+ $this->assertEquals($expected, validate_email($email));
+ }
+ /**
+ * Test that the validate_email function is disabled when configured to.
+ *
+ * @dataProvider validate_email_provider
+ */
+ public function test_disable_validate_email(string $email) : void {
+ \Zotlabs\Lib\Config::Set('system', 'disable_email_validation', true);
+ $this->assertTrue(validate_email($email));
+ }
+
+ function validate_email_provider() : array {
+ return [
+ // First some invalid email addresses
+ ['', false],
+ ['not_an_email', false],
+ ['@not_an_email', false],
+ ['not@an@email', false],
+ ['not@an@email.com', false],
+
+ // then test valid addresses too
+ ['test@example.com', true],
+
+ // Should also work with international domains
+ ['some.email@dømain.net', true],
+
+ // Should also work with the new top-level domains
+ ['some.email@example.cancerresearch', true],
+
+ // And internationalized TLD's
+ ['some.email@example.شبكة', true]
+ ];
+ }
+}