Fixing length issues with email addresses.

* stricter checks on email format - limit local, domain, and total lengths * set maxlength of email fields in HTML close #513

Fixing length issues with email addresses.
* stricter checks on email format - limit local, domain, and total lengths * set maxlength of email fields in HTML close #513
c1c978ba · Shane Tomlinson · 55895720 · c1c978ba · c1c978ba · c1c978ba
Commit c1c978ba authored 13 years ago by Shane Tomlinson
--- a/resources/static/dialog/resources/validation.js
+++ b/resources/static/dialog/resources/validation.js
@@ -41,7 +41,15 @@ BrowserID.Validation = (function() {
    // gotten from http://blog.gerv.net/2011/05/html5_email_address_regexp/
    // changed the requirement that there must be a ldh-str because BrowserID 
    // is only used on internet based networks.
-    return /^[\w.!#$%&'*+\-/=?\^`{|}~]+@[a-z0-9-]+(\.[a-z0-9-]+)+$/.test(address);
+    var parts = address.split("@");
+
+    return /^[\w.!#$%&'*+\-/=?\^`{|}~]+@[a-z0-9-]+(\.[a-z0-9-]+)+$/.test(address)
+           // total address allwed to be 254 bytes long
+           && address.length <= 254
+           // local side only allowed to be 64 bytes long
+           && parts[0] && parts[0].length <= 64
+           // domain side allowed to be up to 253 bytes long
+           && parts[1] && parts[1].length <= 253;
  };



--- a/resources/static/dialog/test/qunit/resources/validation_unit_test.js
+++ b/resources/static/dialog/test/qunit/resources/validation_unit_test.js
@@ -46,7 +46,7 @@ steal.plugins("jquery", "funcunit/qunit").then("/dialog/resources/browserid", fu
    tooltipShown = true;
  }

-  module("validation", {
+  module("resources/validation", {
    setup: function() {
      origShowTooltip = bid.Tooltip.showTooltip;
      bid.Tooltip.showTooltip = showTooltip;
@@ -98,10 +98,77 @@ steal.plugins("jquery", "funcunit/qunit").then("/dialog/resources/browserid", fu
  test("email with empty email", function() {
    var valid = validation.email("");

-    equal(valid, valid, "missing email is missing");
+    equal(valid, false, "missing email is missing");
    equal(tooltipShown, true, "missing email shows no tooltip");
  });

+  test("email with Capital Letters in local side", function() {
+    var valid = validation.email("X@y.z");
+
+    equal(valid, true, "capital letters allowed in local side");
+    equal(tooltipShown, false, "capital letters in local side causes no tooltip");
+  });
+
+  test("email with Capital Letters in domain side", function() {
+    var valid = validation.email("x@Y.z");
+
+    equal(valid, false, "capital letters not allowed in domain side");
+    equal(tooltipShown, true, "missing email shows no tooltip");
+  });
+
+
+  test("email with 64 characters in local side", function() {
+    var local = "";
+
+    for(var i = 0; i < 64; i++) {
+      local += "a";
+    }
+
+    var valid = validation.email(local + "@y.z");
+
+    equal(valid, true, "64 characters allowed in local side");
+    equal(tooltipShown, false, "64 characters causes no error");
+  });
+
+  test("email with more than 64 characters in local side", function() {
+    var local = "";
+
+    for(var i = 0; i <= 64; i++) {
+      local += "a";
+    }
+
+    var valid = validation.email(local + "@y.z");
+
+    equal(valid, false, "only 64 characters allowed in local side");
+    equal(tooltipShown, true, "65 characters causes an error");
+  });
+
+  test("email with 254 characters", function() {
+    var domain = "";
+
+    for(var i = 0; i < 248; i++) {
+      domain += "a";
+    }
+
+    var valid = validation.email("x@" + domain * ".com");
+
+    equal(valid, false, "254 characters allowed in total address");
+    equal(tooltipShown, true, "254 characters causes no error");
+  });
+
+  test("email with more than 254 characters", function() {
+    var domain = "";
+
+    for(var i = 0; i <= 248; i++) {
+      domain += "a";
+    }
+
+    var valid = validation.email("x@" + domain * ".com");
+
+    equal(valid, false, "only 254 characters allowed in total address");
+    equal(tooltipShown, true, "> 254 characters causes an error");
+  });
+
  test("email with invalid email", function() {
    var valid = validation.email("testuser@testuser");


--- a/resources/static/dialog/views/authenticate.ejs
+++ b/resources/static/dialog/views/authenticate.ejs
@@ -4,7 +4,7 @@

          <li>
              <label for="email" class="serif">Email</label>
-              <input id="email" class="sans" type="email" autocapitalize="off" autocorrect="off" value="<%= email %>" />
+              <input id="email" class="sans" type="email" autocapitalize="off" autocorrect="off" value="<%= email %>" maxlength="254"/>

              <div id="email_format" class="tooltip" for="email">
                This field must be an email address.

--- a/resources/static/dialog/views/pickemail.ejs
+++ b/resources/static/dialog/views/pickemail.ejs
@@ -29,7 +29,7 @@
      <ul class="inputs">
          <li>
              <label for="newEmail" class="serif">New email address</label>
-              <input id="newEmail" name="newEmail" type="email" class="sans" autocapitalize="off" autocorrect="off" />
+              <input id="newEmail" name="newEmail" type="email" class="sans" autocapitalize="off" autocorrect="off" maxlength="254"/>

              <div id="email_format" class="tooltip" for="newEmail">
                This field must be an email address.

--- a/resources/views/forgot.ejs
+++ b/resources/views/forgot.ejs
@@ -12,7 +12,7 @@
            <ul class="inputs">
                <li>
                    <label class="serif" for="email">Email Address</label>
-                    <input class="sans" id="email" autofocus required placeholder="Your Email" type="email" autocapitalize="off" autocorrect="off">
+                    <input class="sans" id="email" autofocus required placeholder="Your Email" type="email" autocapitalize="off" autocorrect="off" maxlength="254" />
                </li>
            </ul>
            <div class="submit cf">

--- a/resources/views/signin.ejs
+++ b/resources/views/signin.ejs
@@ -11,7 +11,7 @@
            <ul class="inputs">
                <li>
                    <label class="serif" for="email">Email Address</label>
-                    <input class="sans" id="email" autofocus placeholder="Your Email" type="email" autocapitalize="off" autocorrect="off" tabindex="1">
+                    <input class="sans" id="email" autofocus placeholder="Your Email" type="email" autocapitalize="off" autocorrect="off" tabindex="1" maxlength="254" />

                    <div id="email_format" class="tooltip" for="email">
                      This field must be an email address.

--- a/resources/views/signup.ejs
+++ b/resources/views/signup.ejs
@@ -13,7 +13,7 @@
            <ul class="inputs forminputs">
                <li>
                    <label class="serif" for="email">Email Address</label>
-                    <input class="sans" id="email" autofocus placeholder="Your Email" type="email" autocapitalize="off" autocorrect="off" />
+                    <input class="sans" id="email" autofocus placeholder="Your Email" type="email" autocapitalize="off" autocorrect="off" maxlength="254" />

                    <div id="email_format" class="tooltip" for="email">
                      This field must be an email address.

--- a/resources/views/verifyuser.ejs
+++ b/resources/views/verifyuser.ejs
@@ -14,7 +14,7 @@
      <ul class="inputs">
        <li>
            <label class="serif" for="email">Email Address</label>
-            <input class="youraddress sans" id="email" placeholder="Your Email" type="email" value="" disabled="disabled">
+            <input class="youraddress sans" id="email" placeholder="Your Email" type="email" value="" disabled="disabled" maxlength="254">
        </li>
        <li>
            <label class="serif" for="password">New Password</label>