From c82e48f4f77eef35147a5337bdb174bc1fd9fa2d Mon Sep 17 00:00:00 2001 From: barbara oliveira Date: Fri, 30 Aug 2024 11:48:44 +0200 Subject: [PATCH 01/10] fix:format email add-validators --- app/validators/email_validators.rb | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 app/validators/email_validators.rb diff --git a/app/validators/email_validators.rb b/app/validators/email_validators.rb new file mode 100644 index 0000000..872c36e --- /dev/null +++ b/app/validators/email_validators.rb @@ -0,0 +1,13 @@ +module Decidim + module FriendlySignup + class EmailValidator < ActiveModel::EachValidator + CUSTOM_EMAIL_REGEX = /\A[^<>"']+@[a-zA-Z0-9\-.]+\.[a-zA-Z]{2,}/ + + def validate_each(record, attribute, value) + unless value =~ CUSTOM_EMAIL_REGEX + record.errors.add(attribute, :invalid_format, message: I18n.t("errors.messages.email.invalid_format")) + end + end + end + end +end From 6847909d9d25110aeedd2f08f0af96c2cd93bc99 Mon Sep 17 00:00:00 2001 From: barbara oliveira Date: Fri, 30 Aug 2024 13:56:43 +0200 Subject: [PATCH 02/10] add validation with registration_form --- .../friendly_signup/registration_form_override.rb | 15 +++++++++++++++ app/validators/email_validators.rb | 13 ------------- 2 files changed, 15 insertions(+), 13 deletions(-) create mode 100644 app/forms/concerns/decidim/friendly_signup/registration_form_override.rb delete mode 100644 app/validators/email_validators.rb diff --git a/app/forms/concerns/decidim/friendly_signup/registration_form_override.rb b/app/forms/concerns/decidim/friendly_signup/registration_form_override.rb new file mode 100644 index 0000000..d1bb888 --- /dev/null +++ b/app/forms/concerns/decidim/friendly_signup/registration_form_override.rb @@ -0,0 +1,15 @@ +module Decidim + module FriendlySignup + class RegistrationFormOverride < Decidim::RegistrationForm + validate :no_special_characters_in_email + + private + + def no_special_characters_in_email + if email =~ /[<>'"]/ + errors.add(:email, "contains invalid characters") + end + end + end + end +end diff --git a/app/validators/email_validators.rb b/app/validators/email_validators.rb deleted file mode 100644 index 872c36e..0000000 --- a/app/validators/email_validators.rb +++ /dev/null @@ -1,13 +0,0 @@ -module Decidim - module FriendlySignup - class EmailValidator < ActiveModel::EachValidator - CUSTOM_EMAIL_REGEX = /\A[^<>"']+@[a-zA-Z0-9\-.]+\.[a-zA-Z]{2,}/ - - def validate_each(record, attribute, value) - unless value =~ CUSTOM_EMAIL_REGEX - record.errors.add(attribute, :invalid_format, message: I18n.t("errors.messages.email.invalid_format")) - end - end - end - end -end From 3b940bfe2fd4bb0b6bd0b54f36a67f04aa06d4a4 Mon Sep 17 00:00:00 2001 From: barbara oliveira Date: Fri, 30 Aug 2024 14:32:23 +0200 Subject: [PATCH 03/10] refacto --- .../decidim/friendly_signup/registration_form_override.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/forms/concerns/decidim/friendly_signup/registration_form_override.rb b/app/forms/concerns/decidim/friendly_signup/registration_form_override.rb index d1bb888..202cc16 100644 --- a/app/forms/concerns/decidim/friendly_signup/registration_form_override.rb +++ b/app/forms/concerns/decidim/friendly_signup/registration_form_override.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module Decidim module FriendlySignup class RegistrationFormOverride < Decidim::RegistrationForm @@ -6,9 +8,7 @@ class RegistrationFormOverride < Decidim::RegistrationForm private def no_special_characters_in_email - if email =~ /[<>'"]/ - errors.add(:email, "contains invalid characters") - end + errors.add(:email, "contains invalid characters") if email =~ /[<>'"]/ end end end From 89383aaef821d83509efa9d203cac1ba51847565 Mon Sep 17 00:00:00 2001 From: barbara oliveira Date: Fri, 30 Aug 2024 14:41:21 +0200 Subject: [PATCH 04/10] refacto --- .../decidim/friendly_signup/registration_form_override.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/forms/concerns/decidim/friendly_signup/registration_form_override.rb b/app/forms/concerns/decidim/friendly_signup/registration_form_override.rb index 202cc16..6dc0f3b 100644 --- a/app/forms/concerns/decidim/friendly_signup/registration_form_override.rb +++ b/app/forms/concerns/decidim/friendly_signup/registration_form_override.rb @@ -8,7 +8,7 @@ class RegistrationFormOverride < Decidim::RegistrationForm private def no_special_characters_in_email - errors.add(:email, "contains invalid characters") if email =~ /[<>'"]/ + errors.add(:email, :invalid) if email =~ /[<>'"]/ end end end From 5a038ee3de7a6de3227fd70c18e0a42ab35f5df7 Mon Sep 17 00:00:00 2001 From: barbara oliveira Date: Fri, 30 Aug 2024 15:39:19 +0200 Subject: [PATCH 05/10] add spec --- spec/forms/registration_form_spec.rb | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/spec/forms/registration_form_spec.rb b/spec/forms/registration_form_spec.rb index b720bd7..af6c990 100644 --- a/spec/forms/registration_form_spec.rb +++ b/spec/forms/registration_form_spec.rb @@ -74,5 +74,11 @@ module Decidim end end end + + context "when email contains a script tag" do + let(:email) { "@example.org" } + + it { is_expected.to be_invalid } + end end end From 2483fffbb145592b09f36b94a9066552ef5dd34b Mon Sep 17 00:00:00 2001 From: barbara oliveira Date: Fri, 30 Aug 2024 15:50:59 +0200 Subject: [PATCH 06/10] Optimize the regex for better performance --- .../decidim/friendly_signup/registration_form_override.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/forms/concerns/decidim/friendly_signup/registration_form_override.rb b/app/forms/concerns/decidim/friendly_signup/registration_form_override.rb index 6dc0f3b..c86e8d4 100644 --- a/app/forms/concerns/decidim/friendly_signup/registration_form_override.rb +++ b/app/forms/concerns/decidim/friendly_signup/registration_form_override.rb @@ -7,8 +7,9 @@ class RegistrationFormOverride < Decidim::RegistrationForm private + EMAIL_REGEX = /\A[^<>"']+@[a-zA-Z0-9\-.]+\.[a-zA-Z]{2,}/ def no_special_characters_in_email - errors.add(:email, :invalid) if email =~ /[<>'"]/ + errors.add(:email, :invalid) if email =~ EMAIL_REGEX end end end From a46c261d8db649f6654307aa860aa899ed7562c4 Mon Sep 17 00:00:00 2001 From: barbara oliveira Date: Fri, 30 Aug 2024 16:00:59 +0200 Subject: [PATCH 07/10] add test for email with unvalid charact --- spec/forms/registration_form_spec.rb | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/spec/forms/registration_form_spec.rb b/spec/forms/registration_form_spec.rb index af6c990..7e04b20 100644 --- a/spec/forms/registration_form_spec.rb +++ b/spec/forms/registration_form_spec.rb @@ -79,6 +79,12 @@ module Decidim let(:email) { "@example.org" } it { is_expected.to be_invalid } + + context "when email contains invalid characters" do + let(:email) { 'user"@example.org' } + + it { is_expected.to be_invalid } + end end end end From e4e9729cbff7b89d59ab08588a371861dc6586a6 Mon Sep 17 00:00:00 2001 From: barbara oliveira Date: Fri, 30 Aug 2024 16:13:02 +0200 Subject: [PATCH 08/10] lint --- .../decidim/friendly_signup/registration_form_override.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/app/forms/concerns/decidim/friendly_signup/registration_form_override.rb b/app/forms/concerns/decidim/friendly_signup/registration_form_override.rb index c86e8d4..6f40707 100644 --- a/app/forms/concerns/decidim/friendly_signup/registration_form_override.rb +++ b/app/forms/concerns/decidim/friendly_signup/registration_form_override.rb @@ -8,6 +8,7 @@ class RegistrationFormOverride < Decidim::RegistrationForm private EMAIL_REGEX = /\A[^<>"']+@[a-zA-Z0-9\-.]+\.[a-zA-Z]{2,}/ + def no_special_characters_in_email errors.add(:email, :invalid) if email =~ EMAIL_REGEX end From 413ccca9a003895049fca102fabec8b80581bd7a Mon Sep 17 00:00:00 2001 From: barbara oliveira Date: Tue, 3 Sep 2024 09:51:19 +0200 Subject: [PATCH 09/10] Bump version to 0.4.6 --- lib/decidim/friendly_signup/version.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/decidim/friendly_signup/version.rb b/lib/decidim/friendly_signup/version.rb index b92f7a7..07ce5be 100644 --- a/lib/decidim/friendly_signup/version.rb +++ b/lib/decidim/friendly_signup/version.rb @@ -5,6 +5,6 @@ module Decidim module FriendlySignup DECIDIM_VERSION = "0.27.4" COMPAT_DECIDIM_VERSION = "~> 0.27" - VERSION = "0.4.5" + VERSION = "0.4.6" end end From 20ac0c193be93d4fa112d4232a60678c1c1020cf Mon Sep 17 00:00:00 2001 From: barbara oliveira Date: Tue, 3 Sep 2024 10:00:49 +0200 Subject: [PATCH 10/10] add gemfile.lock --- Gemfile.lock | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index d09d5bd..48e35e7 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - decidim-friendly_signup (0.4.5) + decidim-friendly_signup (0.4.6) decidim-core (~> 0.27) GEM @@ -796,6 +796,7 @@ GEM PLATFORMS arm64-darwin-21 arm64-darwin-22 + arm64-darwin-23 x86_64-darwin-20 x86_64-linux @@ -818,4 +819,4 @@ RUBY VERSION ruby 3.0.2p107 BUNDLED WITH - 2.4.9 + 2.5.11