validates_email_format_of 1.6.3 → 1.7.2

data/lib/validates_email_format_of.rb

@@ -1,22 +1,106 @@
-# encoding: utf-8
-require 'validates_email_format_of/version'
+require "validates_email_format_of/version"
 
 module ValidatesEmailFormatOf
   def self.load_i18n_locales
-    require 'i18n'
-    I18n.load_path += Dir.glob(File.expand_path(File.join(File.dirname(__FILE__), '..', 'config', 'locales', '*.yml')))
+    require "i18n"
+    I18n.load_path += Dir.glob(File.expand_path(File.join(File.dirname(__FILE__), "..", "config", "locales", "*.yml")))
   end
 
-  require 'resolv'
+  require "resolv"
 
-  LocalPartSpecialChars = /[\!\#\$\%\&\'\*\-\/\=\?\+\-\^\_\`\{\|\}\~]/
+  # Characters that are allowed in to appear in the local part unquoted
+  # https://www.rfc-editor.org/rfc/rfc5322#section-3.2.3
+  #
+  # An addr-spec is a specific Internet identifier that contains a
+  # locally interpreted string followed by the at-sign character ("@",
+  # ASCII value 64) followed by an Internet domain.  The locally
+  # interpreted string is either a quoted-string or a dot-atom.  If the
+  # string can be represented as a dot-atom (that is, it contains no
+  # characters other than atext characters or "." surrounded by atext
+  # characters), then the dot-atom form SHOULD be used and the quoted-
+  # string form SHOULD NOT be used.  Comments and folding white space
+  # SHOULD NOT be used around the "@" in the addr-spec.
+  #
+  #   atext           =   ALPHA / DIGIT /
+  #                       "!" / "#" / "$" / "%" / "&" / "'" / "*" /
+  #                       "+" / "-" / "/" / "=" / "?" / "^" / "_" /
+  #                       "`" / "{" / "|" / "}" / "~"
+  #   dot-atom-text   =   1*atext *("." 1*atext)
+  #   dot-atom        =   [CFWS] dot-atom-text [CFWS]
+  ATEXT = /\A[A-Z0-9!\#$%&'*\-\/=?+\^_`{|}~]\z/i
+
+  # Characters that are allowed to appear unquoted in comments
+  # https://www.rfc-editor.org/rfc/rfc5322#section-3.2.2
+  #
+  # ctext           =   %d33-39 / %d42-91 / %d93-126
+  # ccontent        =   ctext / quoted-pair / comment
+  # comment         =   "(" *([FWS] ccontent) [FWS] ")"
+  # CFWS            =   (1*([FWS] comment) [FWS]) / FWS
+  CTEXT = /\A[#{Regexp.escape([33..39, 42..91, 93..126].map { |ascii_range| ascii_range.map(&:chr) }.flatten.join)}\s]/i
+
+  # https://www.rfc-editor.org/rfc/rfc5322#section-3.2.4
+  #
+  # Strings of characters that include characters other than those
+  # allowed in atoms can be represented in a quoted string format, where
+  # the characters are surrounded by quote (DQUOTE, ASCII value 34)
+  # characters.
+  #
+  # qtext           =   %d33 /             ; Printable US-ASCII
+  #                     %d35-91 /          ;  characters not including
+  #                     %d93-126 /         ;  "\" or the quote character
+  #                     obs-qtext
+  #
+  # qcontent        =   qtext / quoted-pair
+  # quoted-string   =   [CFWS]
+  #                     DQUOTE *([FWS] qcontent) [FWS] DQUOTE
+  #                     [CFWS]
+  QTEXT = /\A[#{Regexp.escape([33..33, 35..91, 93..126].map { |ascii_range| ascii_range.map(&:chr) }.flatten.join)}\s]/i
+
+  IP_OCTET = /\A[0-9]+\Z/
+
+  # From https://datatracker.ietf.org/doc/html/rfc1035#section-2.3.1
+  #
+  # > The labels must follow the rules for ARPANET host names.  They must
+  # > start with a letter, end with a letter or digit, and have as interior
+  # > characters only letters, digits, and hyphen.  There are also some
+  # > restrictions on the length.  Labels must be 63 characters or less.
+  #
+  # <label> | <subdomain> "." <label>
+  # <label> ::= <letter> [ [ <ldh-str> ] <let-dig> ]
+  # <ldh-str> ::= <let-dig-hyp> | <let-dig-hyp> <ldh-str>
+  # <let-dig-hyp> ::= <let-dig> | "-"
+  # <let-dig> ::= <letter> | <digit>
+  #
+  # Additionally, from https://datatracker.ietf.org/doc/html/rfc1123#section-2.1
+  #
+  # > One aspect of host name syntax is hereby changed: the
+  # > restriction on the first character is relaxed to allow either a
+  # > letter or a digit.  Host software MUST support this more liberal
+  # > syntax.
+  DOMAIN_PART_LABEL = /\A[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9]?\Z/
 
-  def self.validate_email_domain(email)
-    domain = email.to_s.downcase.match(/\@(.+)/)[1]
+  # From https://tools.ietf.org/id/draft-liman-tld-names-00.html#rfc.section.2
+  #
+  # > A TLD label MUST be at least two characters long and MAY be as long as 63 characters -
+  # > not counting any leading or trailing periods (.). It MUST consist of only ASCII characters
+  # > from the groups "letters" (A-Z), "digits" (0-9) and "hyphen" (-), and it MUST start with an
+  # > ASCII "letter", and it MUST NOT end with a "hyphen". Upper and lower case MAY be mixed at random,
+  # > since DNS lookups are case-insensitive.
+  #
+  # tldlabel = ALPHA *61(ldh) ld
+  # ldh      = ld / "-"
+  # ld       = ALPHA / DIGIT
+  # ALPHA    = %x41-5A / %x61-7A   ; A-Z / a-z
+  # DIGIT    = %x30-39             ; 0-9
+  DOMAIN_PART_TLD = /\A[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9]\Z/
+
+  def self.validate_email_domain(email, check_mx_timeout: 3)
+    domain = email.to_s.downcase.match(/@(.+)/)[1]
     Resolv::DNS.open do |dns|
+      dns.timeouts = check_mx_timeout
       @mx = dns.getresources(domain, Resolv::DNS::Resource::IN::MX) + dns.getresources(domain, Resolv::DNS::Resource::IN::A)
     end
-    @mx.size > 0 ? true : false
+    @mx.size > 0
   end
 
   DEFAULT_MESSAGE = "does not appear to be valid"
@@ -25,7 +109,7 @@ module ValidatesEmailFormatOf
   ERROR_MX_MESSAGE_I18N_KEY = :email_address_not_routable
 
   def self.default_message
-    defined?(I18n) ? I18n.t(ERROR_MESSAGE_I18N_KEY, :scope => [:activemodel, :errors, :messages], :default => DEFAULT_MESSAGE) : DEFAULT_MESSAGE
+    defined?(I18n) ? I18n.t(ERROR_MESSAGE_I18N_KEY, scope: [:activemodel, :errors, :messages], default: DEFAULT_MESSAGE) : DEFAULT_MESSAGE
   end
 
   # Validates whether the specified value is a valid email address.  Returns nil if the value is valid, otherwise returns an array
@@ -34,57 +118,60 @@ module ValidatesEmailFormatOf
   # Configuration options:
   # * <tt>message</tt> - A custom error message (default is: "does not appear to be valid")
   # * <tt>check_mx</tt> - Check for MX records (default is false)
+  # * <tt>check_mx_timeout</tt> - Timeout in seconds for checking MX records before a `ResolvTimeout` is raised (default is 3)
   # * <tt>mx_message</tt> - A custom error message when an MX record validation fails (default is: "is not routable.")
   # * <tt>with</tt> The regex to use for validating the format of the email address (deprecated)
   # * <tt>local_length</tt> Maximum number of characters allowed in the local part (default is 64)
   # * <tt>domain_length</tt> Maximum number of characters allowed in the domain part (default is 255)
   # * <tt>generate_message</tt> Return the I18n key of the error message instead of the error message itself (default is false)
-  def self.validate_email_format(email, options={})
-      default_options = { :message => options[:generate_message] ? ERROR_MESSAGE_I18N_KEY : default_message,
-                          :check_mx => false,
-                          :mx_message => options[:generate_message] ? ERROR_MX_MESSAGE_I18N_KEY : (defined?(I18n) ? I18n.t(ERROR_MX_MESSAGE_I18N_KEY, :scope => [:activemodel, :errors, :messages], :default => DEFAULT_MX_MESSAGE) : DEFAULT_MX_MESSAGE),
-                          :domain_length => 255,
-                          :local_length => 64,
-                          :generate_message => false
-                          }
-      opts = options.merge(default_options) {|key, old, new| old}  # merge the default options into the specified options, retaining all specified options
-
-      email = email.strip if email
-
-      begin
-        domain, local = email.reverse.split('@', 2)
-      rescue
-        return [ opts[:message] ]
-      end
+  def self.validate_email_format(email, options = {})
+    default_options = {message: options[:generate_message] ? ERROR_MESSAGE_I18N_KEY : default_message,
+                       check_mx: false,
+                       check_mx_timeout: 3,
+                       mx_message: if options[:generate_message]
+                                     ERROR_MX_MESSAGE_I18N_KEY
+                                   else
+                                     (defined?(I18n) ? I18n.t(ERROR_MX_MESSAGE_I18N_KEY, scope: [:activemodel, :errors, :messages], default: DEFAULT_MX_MESSAGE) : DEFAULT_MX_MESSAGE)
+                                   end,
+                       domain_length: 255,
+                       local_length: 64,
+                       generate_message: false}
+    opts = options.merge(default_options) { |key, old, new| old } # merge the default options into the specified options, retaining all specified options
+
+    begin
+      domain, local = email.reverse.split("@", 2)
+    rescue
+      return [opts[:message]]
+    end
 
-      # need local and domain parts
-      return [ opts[:message] ] unless local and not local.empty? and domain and not domain.empty?
+    # need local and domain parts
+    return [opts[:message]] unless local && !local.empty? && domain && !domain.empty?
 
-      # check lengths
-      return [ opts[:message] ] unless domain.length <= opts[:domain_length] and local.length <= opts[:local_length]
+    # check lengths
+    return [opts[:message]] unless domain.length <= opts[:domain_length] && local.length <= opts[:local_length]
 
-      local.reverse!
-      domain.reverse!
+    local.reverse!
+    domain.reverse!
 
-      if opts.has_key?(:with) # holdover from versions <= 1.4.7
-        return [ opts[:message] ] unless email =~ opts[:with]
-      else
-        return [ opts[:message] ] unless self.validate_local_part_syntax(local) and self.validate_domain_part_syntax(domain)
-      end
+    if opts.has_key?(:with) # holdover from versions <= 1.4.7
+      return [opts[:message]] unless email&.match?(opts[:with])
+    else
+      return [opts[:message]] unless validate_local_part_syntax(local) && validate_domain_part_syntax(domain)
+    end
 
-      if opts[:check_mx] and !self.validate_email_domain(email)
-        return [ opts[:mx_message] ]
-      end
+    if opts[:check_mx] && !validate_email_domain(email, check_mx_timeout: opts[:check_mx_timeout])
+      return [opts[:mx_message]]
+    end
 
-      return nil    # represents no validation errors
+    nil # represents no validation errors
   end
 
-
   def self.validate_local_part_syntax(local)
     in_quoted_pair = false
     in_quoted_string = false
+    comment_depth = 0
 
-    (0..local.length-1).each do |i|
+    (0..local.length - 1).each do |i|
       ord = local[i].ord
 
       # accept anything if it's got a backslash before it
@@ -93,9 +180,26 @@ module ValidatesEmailFormatOf
         next
       end
 
+      if in_quoted_string
+        next if QTEXT.match?(local[i])
+      end
+
+      # opening paren to show we are going into a comment (CFWS)
+      if ord == 40
+        comment_depth += 1
+        next
+      end
+
+      # closing paren
+      if ord == 41
+        comment_depth -= 1
+        return false if comment_depth < 0
+        next
+      end
+
       # backslash signifies the start of a quoted pair
-      if ord == 92 and i < local.length - 1
-        return false if not in_quoted_string # must be in quoted string per http://www.rfc-editor.org/errata_search.php?rfc=3696
+      if ord == 92 && i < local.length - 1
+        return false if !in_quoted_string # must be in quoted string per http://www.rfc-editor.org/errata_search.php?rfc=3696
         in_quoted_pair = true
         next
       end
@@ -106,45 +210,53 @@ module ValidatesEmailFormatOf
         next
       end
 
-      next if local[i,1] =~ /[a-z0-9]/i
-      next if local[i,1] =~ LocalPartSpecialChars
+      if comment_depth > 0
+        next if CTEXT.match?(local[i])
+      elsif ATEXT.match?(local[i, 1])
+        next
+      end
 
       # period must be followed by something
       if ord == 46
-        return false if i == 0 or i == local.length - 1 # can't be first or last char
-        next unless local[i+1].ord == 46 # can't be followed by a period
+        return false if i == 0 || i == local.length - 1 # can't be first or last char
+        next unless local[i + 1].ord == 46 # can't be followed by a period
       end
 
       return false
     end
 
     return false if in_quoted_string # unbalanced quotes
+    return false unless comment_depth.zero? # unbalanced comment parens
 
-    return true
+    true
   end
 
   def self.validate_domain_part_syntax(domain)
-    parts = domain.downcase.split('.', -1)
+    parts = domain.downcase.split(".", -1)
 
     return false if parts.length <= 1 # Only one domain part
 
-    # Empty parts (double period) or invalid chars
-    return false if parts.any? {
-      |part|
-        part.nil? or
-        part.empty? or
-        not part =~ /\A[[:alnum:]\-]+\Z/ or
-        part[0,1] == '-' or part[-1,1] == '-' # hyphen at beginning or end of part
-    }
-
     # ipv4
-    return true if parts.length == 4 and parts.all? { |part| part =~ /\A[0-9]+\Z/ and part.to_i.between?(0, 255) }
-
-    return false if parts[-1].length < 2 or not parts[-1] =~ /[a-z\-]/ # TLD is too short or does not contain a char or hyphen
+    return true if parts.length == 4 && parts.all? { |part| part =~ IP_OCTET && part.to_i.between?(0, 255) }
+
+    # From https://datatracker.ietf.org/doc/html/rfc3696#section-2 this is the recommended, pragmatic way to validate a domain name:
+    #
+    # > It is likely that the better strategy has now become to make the "at least one period" test,
+    # > to verify LDH conformance (including verification that the apparent TLD name is not all-numeric),
+    # > and then to use the DNS to determine domain name validity, rather than trying to maintain
+    # > a local list of valid TLD names.
+    #
+    # We do a little bit more but not too much and validate the tokens but do not check against a list of valid TLDs.
+    parts.each do |part|
+      return false if part.nil? || part.empty?
+      return false if part.length > 63
+      return false unless DOMAIN_PART_LABEL.match?(part)
+    end
 
-    return true
+    return false unless DOMAIN_PART_TLD.match?(parts[-1])
+    true
   end
 end
 
-require 'validates_email_format_of/active_model' if defined?(::ActiveModel) && !(ActiveModel::VERSION::MAJOR < 2 || (2 == ActiveModel::VERSION::MAJOR && ActiveModel::VERSION::MINOR < 1))
-require 'validates_email_format_of/railtie' if defined?(::Rails::Railtie)
+require "validates_email_format_of/active_model" if defined?(::ActiveModel) && !(ActiveModel::VERSION::MAJOR < 2 || (ActiveModel::VERSION::MAJOR == 2 && ActiveModel::VERSION::MINOR < 1))
+require "validates_email_format_of/railtie" if defined?(::Rails::Railtie)

data/rakefile.rb

@@ -1 +1,4 @@
-require 'bundler/gem_tasks'
+require "bundler/gem_tasks"
+require "standard/rake"
+
+task default: [:spec, "standard:fix"]

data/spec/rspec_matcher_spec.rb

@@ -1,14 +1,12 @@
-require "#{File.expand_path(File.dirname(__FILE__))}/spec_helper"
-if defined?(ActiveModel)
-  require "validates_email_format_of/rspec_matcher"
+require "#{__dir__}/spec_helper"
+require "validates_email_format_of/rspec_matcher"
 
-  class Person
-    attr_accessor :email_address
-    include ::ActiveModel::Validations
-    validates_email_format_of :email_address
-  end
+class Person
+  attr_accessor :email_address
+  include ::ActiveModel::Validations
+  validates_email_format_of :email_address
+end
 
-  describe Person do
-    it { should validate_email_format_of(:email_address) }
-  end
+describe Person do
+  it { should validate_email_format_of(:email_address) }
 end

data/spec/spec_helper.rb

@@ -1,4 +1,7 @@
-require 'active_model' if Gem.loaded_specs.keys.include?('activemodel')
+require "active_model"
+require "active_support"
+require "pry"
+require "byebug"
 
 RSpec::Matchers.define :have_errors_on_email do
   match do |actual|
@@ -6,7 +9,7 @@ RSpec::Matchers.define :have_errors_on_email do
     expect(actual).not_to be_empty, "#{actual} should not be empty"
     expect(actual.size).to eq(@reasons.size), "#{actual} should have #{@reasons.size} elements"
     @reasons.each do |reason|
-      reason = "#{"Email " if defined?(ActiveModel)}#{reason}"
+      reason = "Email #{reason}"
       expect(actual).to include(reason), "#{actual} should contain #{reason}"
     end
   end
@@ -17,6 +20,6 @@ RSpec::Matchers.define :have_errors_on_email do
     (@reasons ||= []) << reason
   end
   match_when_negated do |actual|
-    expect(actual).to (defined?(ActiveModel) ? be_empty : be_nil)
+    expect(actual).to(be_empty)
   end
 end