CCD-6096: Disallow invalid characters in Email addresses #2528
Conversation
There was a problem hiding this comment.
Based on what I see in the implementation, the InternetAddress.validate() method provides relatively weak standard email validation or does not fully meet our requirements. If we are not using any additional regex-based validation, we will need to make similar adjustments for the other validations (<>", "()", and "[email protected], "user@email" AND name[email protected] ) mentioned in the main ticket (DFR-3419).
Instead of doing this, we could use the more robust Apache email validation. The project is already defined in data-store with version 1.6.0, which is from 2017. Updating it to the latest 1.9.0 version would allow us to use the following method, which performs significantly better validation:
org.apache.commons.validator.routines.EmailValidator.getInstance().isValid(email);
I ran some comparative tests, and Apache's validator performs much better. While this might introduce some additional testing effort, I believe it’s worth reviewing. We could also get @RebeccaBaker 's opinion on this.
…idatorTest to test for invalid comma or space.
JamesCollettCGI
changed the title
|
Updated EmailValidator to invalidate comma or space. Updated EmailValidatorTest to test for invalid comma or space. |
There was a problem hiding this comment.
Apache common validator will be updated to 1.9.0 version with Spring boot 3 upgrade..
Also, since this change will introduce more constraint validation, it may be put in demo by QA for a while.
…an-symbols-in-email-address
…-email-address' of github.com:hmcts/ccd-data-store-api into CCD-6096-disallow-less-than-and-greater-than-symbols-in-email-address
…an-symbols-in-email-address
JIRA link
https://tools.hmcts.net/jira/browse/CCD-6096
Change description
Disallow less than and greater than symbols in Email addresses.
Also fixed minor typos in unit tests (result01 to result03 and result01 to result02).
Does this PR introduce a breaking change?