Improved detection of invalid email addresses (#1831) upon registering

2025-10-31 15:23:02 +00:00 · 2021-01-27 19:18:40 +01:00
parent 0f83f9992c
commit e6799e7a04
2 changed files with 11 additions and 5 deletions
--- a/cps/static/js/main.js
+++ b/cps/static/js/main.js
@@ -82,7 +82,6 @@ $(".container-fluid").bind('drop', function (e) {
        var files = e.originalEvent.dataTransfer.files;
        var test = $("#btn-upload")[0].accept;
        $(this).css('background', '');
-        // var final = [];
        const dt = new DataTransfer()
        jQuery.each(files, function (index, item) {
            if (test.indexOf(item.name.substr(item.name.lastIndexOf('.'))) !== -1) {
--- a/cps/web.py
+++ b/cps/web.py
@@ -24,6 +24,7 @@ from __future__ import division, print_function, unicode_literals
 import os
 from datetime import datetime
 import json
+import re
 import mimetypes
 import chardet  # dependency of requests

@@ -1273,11 +1274,17 @@ def register():
        if config.config_register_email:
            nickname = to_save["email"]
        else:
-            nickname = to_save["nickname"]
-        if not nickname or not to_save["email"]:
+            nickname = to_save.get('nickname', None)
+        if not nickname or not to_save.get("email", None):
            flash(_(u"Please fill out all fields!"), category="error")
            return render_title_template('register.html', title=_(u"register"), page="register")
-
+        #if to_save["email"].count("@") != 1 or not \
+        # Regex according to https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/email#validation
+        if not re.search(r"^[\w.!#$%&'*+\\/=?^_`{|}~-]+@[\w](?:[\w-]{0,61}[\w])?(?:\.[\w](?:[\w-]{0,61}[\w])?)*$",
+                     to_save["email"]):
+            flash(_(u"Invalid e-mail address format"), category="error")
+            log.warning('Registering failed for user "%s" e-mail address: %s', nickname, to_save["email"])
+            return render_title_template('register.html', title=_(u"register"), page="register")

        existing_user = ub.session.query(ub.User).filter(func.lower(ub.User.nickname) == nickname
                                                         .lower()).first()
@@ -1303,7 +1310,7 @@ def register():
                    return render_title_template('register.html', title=_(u"register"), page="register")
            else:
                flash(_(u"Your e-mail is not allowed to register"), category="error")
-                log.warning('Registering failed for user "%s" e-mail address: %s', to_save['nickname'], to_save["email"])
+                log.warning('Registering failed for user "%s" e-mail address: %s', nickname, to_save["email"])
                return render_title_template('register.html', title=_(u"register"), page="register")
            flash(_(u"Confirmation e-mail was send to your e-mail account."), category="success")
            return redirect(url_for('web.login'))