From e6799e7a041c71048adc0e8061a432a6cc3336d1 Mon Sep 17 00:00:00 2001 From: Ozzie Isaacs Date: Wed, 27 Jan 2021 19:18:40 +0100 Subject: [PATCH] Improved detection of invalid email addresses (#1831) upon registering --- cps/static/js/main.js | 1 - cps/web.py | 15 +++++++++++---- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/cps/static/js/main.js b/cps/static/js/main.js index d891d30e..33881aaa 100644 --- a/cps/static/js/main.js +++ b/cps/static/js/main.js @@ -82,7 +82,6 @@ $(".container-fluid").bind('drop', function (e) { var files = e.originalEvent.dataTransfer.files; var test = $("#btn-upload")[0].accept; $(this).css('background', ''); - // var final = []; const dt = new DataTransfer() jQuery.each(files, function (index, item) { if (test.indexOf(item.name.substr(item.name.lastIndexOf('.'))) !== -1) { diff --git a/cps/web.py b/cps/web.py index 3bff8542..2a027eac 100644 --- a/cps/web.py +++ b/cps/web.py @@ -24,6 +24,7 @@ from __future__ import division, print_function, unicode_literals import os from datetime import datetime import json +import re import mimetypes import chardet # dependency of requests @@ -1273,11 +1274,17 @@ def register(): if config.config_register_email: nickname = to_save["email"] else: - nickname = to_save["nickname"] - if not nickname or not to_save["email"]: + nickname = to_save.get('nickname', None) + if not nickname or not to_save.get("email", None): flash(_(u"Please fill out all fields!"), category="error") return render_title_template('register.html', title=_(u"register"), page="register") - + #if to_save["email"].count("@") != 1 or not \ + # Regex according to https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/email#validation + if not re.search(r"^[\w.!#$%&'*+\\/=?^_`{|}~-]+@[\w](?:[\w-]{0,61}[\w])?(?:\.[\w](?:[\w-]{0,61}[\w])?)*$", + to_save["email"]): + flash(_(u"Invalid e-mail address format"), category="error") + log.warning('Registering failed for user "%s" e-mail address: %s', nickname, to_save["email"]) + return render_title_template('register.html', title=_(u"register"), page="register") existing_user = ub.session.query(ub.User).filter(func.lower(ub.User.nickname) == nickname .lower()).first() @@ -1303,7 +1310,7 @@ def register(): return render_title_template('register.html', title=_(u"register"), page="register") else: flash(_(u"Your e-mail is not allowed to register"), category="error") - log.warning('Registering failed for user "%s" e-mail address: %s', to_save['nickname'], to_save["email"]) + log.warning('Registering failed for user "%s" e-mail address: %s', nickname, to_save["email"]) return render_title_template('register.html', title=_(u"register"), page="register") flash(_(u"Confirmation e-mail was send to your e-mail account."), category="success") return redirect(url_for('web.login'))