Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[PM-7842] Fix validation of IDN emails #4036

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

[PM-7842] Fix validation of IDN emails #4036

wants to merge 3 commits into from

Conversation

NicolaiSoeborg
Copy link

Type of change

- [x] Bug fix
- [ ] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other

Objective

Tracking the flow of emails when signing up / changing emails ([StrictEmailAddressAttribute]):

  1. (frontend) emails are checked using this regex: https://github.com/angular/angular/blob/17.3.6/packages/forms/src/validators.ts#L127
  2. (backend) check for ParseException and MimeKit.MailboxAddress.Parse(X).Address == X
  3. (backend) check "edge cases" regex
  4. (backend) check EmailAddressAttribute().IsValid (https://github.com/Microsoft/referencesource/blob/master/System.ComponentModel.DataAnnotations/DataAnnotations/EmailAddressAttribute.cs#L54)

The problem:

  1. doesn't allow IDN
  2. requires IDN
  3. allows IDN
  4. allows IDN

This PR relaxes (2) to only check for ParseExceptions, allowing IDN to be specified in punycode form.

Would have been nice if MimeKit had a ParserOptions to not turn punycode into IDN-form, but that is not the case: https://github.com/jstedfast/MimeKit/blob/master/MimeKit/InternetAddress.cs#L418-L419

Bitwarden already have a ton of (unit-)test-cases for handling IDN, so that should already be covered.

@NicolaiSoeborg
Fix validation of IDN emails
64639c0 
Tracking the flow of emails when signing up / changing emails (`[StrictEmailAddressAttribute]`):

1. (frontend) emails are checked using this regex: https://github.com/angular/angular/blob/17.3.6/packages/forms/src/validators.ts#L127
2. (backend) check for `ParseException` and `MimeKit.MailboxAddress.Parse(X).Address == X`
3. (backend) check "edge cases" regex
4. (backend) check `EmailAddressAttribute().IsValid` (https://github.com/Microsoft/referencesource/blob/master/System.ComponentModel.DataAnnotations/DataAnnotations/EmailAddressAttribute.cs#L54)

The problem:

1. doesn't allow IDN
2. requires IDN
3. allows IDN
4. allows IDN

This PR relaxes (2) to only check for ParseExceptions, allowing IDN to
be specified in punycode form.

Would have been nice if MimeKit had a ParserOptions to not turn punycode
into IDN-form, but that is not the case: https://github.com/jstedfast/MimeKit/blob/master/MimeKit/InternetAddress.cs#L418-L419

Bitwarden already have a ton of (unit-)test-cases for handling IDN, so
that should already be covered.
@CLAassistant
Copy link

CLAassistant commented Apr 30, 2024
edited

CLA assistant check
All committers have signed the CLA.

@bitwarden-bot
Copy link

Thank you for your contribution! We've added this to our internal Community PR board for review.
ID: PM-7842

@bitwarden-bot bitwarden-bot changed the title Fix validation of IDN emails [PM-7842] Fix validation of IDN emails Apr 30, 2024
@NicolaiSoeborg
Copy link
Author

Any updates on this? Another way of fixing this bug is by changing the Angular validator to not require emails to be punycoded 🤷

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
community-pr
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@NicolaiSoeborg @CLAassistant @bitwarden-bot