diff options
| author | Harald Eilertsen <haraldei@anduin.net> | 2024-01-08 11:16:45 +0100 |
|---|---|---|
| committer | Harald Eilertsen <haraldei@anduin.net> | 2024-01-15 19:52:31 +0100 |
| commit | 403539919a9a5b1e3e2ac9725a3b8b17403b2935 (patch) | |
| tree | 1f08b6b3acd2613f9ffca09574d6868e55a6f6c3 | |
| parent | 52ea2fa33e0fb4e6d288f15a12fc1d5e5f80a801 (diff) | |
| download | volse-hubzilla-403539919a9a5b1e3e2ac9725a3b8b17403b2935.tar.gz volse-hubzilla-403539919a9a5b1e3e2ac9725a3b8b17403b2935.tar.bz2 volse-hubzilla-403539919a9a5b1e3e2ac9725a3b8b17403b2935.zip | |
Improve the validate_email function
The validate_email function relied on doing an actual domain lookup (on
supported platforms) to validate the domain of the email address. This
does not work too well in testing environments where we may not want to
spam the DNS system, if it at all is available.
Apart from the the function did very little to actually verify that it
was a valid email address.
This patch tries to change that by usng a somewhat stricted regex based
validation. While this may not be perfect, it should be good enough in
the vast majority of cases. For platforms where no validation was
performed with the old version, it will at least be an improvement.
Also, it allows testing without having an external network connection.
Also clarify the doc comment, that it does not actually try to resolve
the email address, just the domain.
| -rw-r--r-- | include/network.php | 27 | ||||
| -rw-r--r-- | tests/unit/includes/NetworkTest.php | 89 |
2 files changed, 81 insertions, 35 deletions
diff --git a/include/network.php b/include/network.php index f5c5303b3..c5411e702 100644 --- a/include/network.php +++ b/include/network.php @@ -591,23 +591,30 @@ function validate_url(&$url) { } /** - * @brief Checks that email is an actual resolvable internet address. + * @brief Checks that email is valid, and that the domain resolves. * - * @param string $addr - * @return boolean + * Note: This does not try to check that the actual email address will resolve, + * only the domain! + * + * @param string $addr The email address to validate. + * @return boolean True if email is valid, false otherwise. */ -function validate_email($addr) { +function validate_email(string $addr): bool { if(get_config('system', 'disable_email_validation')) return true; - if(! strpos($addr, '@')) - return false; - - $h = substr($addr, strpos($addr, '@') + 1); + $matches = array(); + $result = preg_match( + '/^[A-Z0-9._%-]+@([A-Z0-9.-]+\.[A-Z0-9-]{2,})$/i', + punify($addr), + $matches); - if(($h) && z_dns_check($h, true)) { - return true; + if($result) { + $domain = $matches[1]; + if(($domain) && z_dns_check($domain, true)) { + return true; + } } return false; diff --git a/tests/unit/includes/NetworkTest.php b/tests/unit/includes/NetworkTest.php index 0b9b42e00..9fb00e9d3 100644 --- a/tests/unit/includes/NetworkTest.php +++ b/tests/unit/includes/NetworkTest.php @@ -5,29 +5,68 @@ * @package test.util */ -use PHPUnit\Framework\TestCase; - -require_once('include/network.php'); - -class NetworkTest extends TestCase { - - public function setup() : void { - \App::set_baseurl("https://mytest.org"); - } - - /** - * @dataProvider localUrlTestProvider - */ - public function testIsLocalURL($url, $expected) { - $this->assertEquals($expected, is_local_url($url)); - } - - public function localUrlTestProvider() : array { - return [ - [ '/some/path', true ], - [ 'https://mytest.org/some/path', true ], - [ 'https://other.site/some/path', false ], - ]; - } -} +class NetworkTest extends Zotlabs\Tests\Unit\UnitTestCase { + + public function setUp() : void { + parent::setUp(); + + \App::set_baseurl("https://mytest.org"); + } + + /** + * @dataProvider localUrlTestProvider + */ + public function testIsLocalURL($url, $expected) { + $this->assertEquals($expected, is_local_url($url)); + } + + public function localUrlTestProvider() : array { + return [ + [ '/some/path', true ], + [ 'https://mytest.org/some/path', true ], + [ 'https://other.site/some/path', false ], + ]; + } + + /** + * Test the validate_email function. + * + * @dataProvider validate_email_provider + */ + public function test_validate_email(string $email, bool $expected) : void { + $this->assertEquals($expected, validate_email($email)); + } + /** + * Test that the validate_email function is disabled when configured to. + * + * @dataProvider validate_email_provider + */ + public function test_disable_validate_email(string $email) : void { + \Zotlabs\Lib\Config::Set('system', 'disable_email_validation', true); + $this->assertTrue(validate_email($email)); + } + + function validate_email_provider() : array { + return [ + // First some invalid email addresses + ['', false], + ['not_an_email', false], + ['@not_an_email', false], + ['not@an@email', false], + ['not@an@email.com', false], + + // then test valid addresses too + ['test@example.com', true], + + // Should also work with international domains + ['some.email@dømain.net', true], + + // Should also work with the new top-level domains + ['some.email@example.cancerresearch', true], + + // And internationalized TLD's + ['some.email@example.شبكة', true] + ]; + } +} |