@defra-fish/business-rules-lib 1.49.0-rc.2 → 1.49.0-rc.4

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@defra-fish/business-rules-lib",
-  "version": "1.49.0-rc.2",
+  "version": "1.49.0-rc.4",
   "description": "Shared business rules for the rod licensing digital services",
   "type": "module",
   "engines": {
@@ -37,5 +37,5 @@
     "moment": "^2.29.1",
     "uuid": "^8.3.2"
   },
-  "gitHead": "f4b3ab8367b4dfd3c6db0db118728b21344b5d8a"
+  "gitHead": "5c9d0205887751b34c54c9e28d86c09ae16183ca"
 }

package/src/index.js

@@ -1,4 +1,5 @@
 import * as contactValidation from './validators/contact.validators.js'
+import * as dateValidation from './validators/date.validators.js'
 import * as permissionValidation from './validators/permission.validators.js'
 export * from './util/ages.js'
 export * from './util/permissions.js'
@@ -6,5 +7,6 @@ export * from './constants.js'
 
 export const validation = {
   contact: contactValidation,
+  date: dateValidation,
   permission: permissionValidation
 }

package/src/validators/__tests__/contact.validators.spec.js

@@ -5,6 +5,9 @@ import moment from 'moment'
 const INVALID_DATE_ERROR_MESSAGE = '"value" must be in [YYYY-MM-DD] format'
 
 describe('contact validators', () => {
+  beforeEach(() => {
+    jest.resetAllMocks()
+  })
   describe('birthDateValidator', () => {
     const validDate = moment().subtract(1, 'day')
 
@@ -128,6 +131,24 @@ describe('contact validators', () => {
         '"value" must contain at least 3 alpha characters'
       )
     })
+
+    it.each([
+      'M̵i̵c̵h̵a̵e̵l̵',
+      'M̷i̷c̷h̷a̷e̷l̷',
+      'M͟i͟c͟h͟a͟e͟l͟',
+      '𝔐𝔦𝔠𝔥𝔞𝔢𝔩',
+      '𝕄𝕚𝕔𝕙𝕒𝕖𝕝',
+      'ןǝɐɥɔıW',
+      'Ⓜⓘⓒⓗⓐⓔⓛ',
+      '🄼🄸🄲🄷🄰🄴🄻',
+      'Mɪᴄʜᴀᴇʟ',
+      'ᴹᶦᶜʰᵃᵉˡ',
+      '𖢑𖥣𖥐𖦙𖧥𖠢ꛚ',
+      'ℳ𝒾𝒸𝒽𝒶ℯ𝓁',
+      '𝙼𝚒𝚌𝚑𝚊𝚎𝚕'
+    ])('prohibits a string with non-standard characters: %s', async c => {
+      await expect(contactValidation.createFirstNameValidator(Joi).validateAsync(c)).rejects.toThrow()
+    })
   })
 
   describe('lastNameValidator', () => {
@@ -229,6 +250,24 @@ describe('contact validators', () => {
         '"value" must contain at least 3 alpha characters'
       )
     })
+
+    it.each([
+      'M̵i̵c̵h̵a̵e̵l̵',
+      'M̷i̷c̷h̷a̷e̷l̷',
+      'M͟i͟c͟h͟a͟e͟l͟',
+      '𝔐𝔦𝔠𝔥𝔞𝔢𝔩',
+      '𝕄𝕚𝕔𝕙𝕒𝕖𝕝',
+      'ןǝɐɥɔıW',
+      'Ⓜⓘⓒⓗⓐⓔⓛ',
+      '🄼🄸🄲🄷🄰🄴🄻',
+      'Mɪᴄʜᴀᴇʟ',
+      'ᴹᶦᶜʰᵃᵉˡ',
+      '𖢑𖥣𖥐𖦙𖧥𖠢ꛚ',
+      'ℳ𝒾𝒸𝒽𝒶ℯ𝓁',
+      '𝙼𝚒𝚌𝚑𝚊𝚎𝚕'
+    ])('prohibits a string with non-standard characters: %s', async c => {
+      await expect(contactValidation.createLastNameValidator(Joi).validateAsync(c)).rejects.toThrow()
+    })
   })
 
   describe('emailValidator', () => {
@@ -241,6 +280,28 @@ describe('contact validators', () => {
         '"value" must be a valid email'
       )
     })
+
+    it('allows a range of unicode characters from plane 1', async () => {
+      const internationStr = 'æçéñøķť@email.com'
+      await expect(contactValidation.createEmailValidator(Joi).validateAsync(internationStr)).resolves.toEqual('æçéñøķť@email.com')
+    })
+
+    it.each([
+      'ᵐᵢᶜₕᵃₑˡ@ᵉₘᵃᵢˡ.ᶜₒᵐ',
+      '𝓂𝒾𝒸𝒽𝒶ℯ𝓁@ℯ𝓂𝒶𝒾𝓁.𝒸ℴ𝓂',
+      'm̶i̶c̶h̶a̶e̶l̶@̶e̶m̶a̶i̶l̶.̶c̶o̶m̶',
+      'm̷i̷c̷h̷a̷e̷l̷@̷e̷m̷a̷i̷l̷.̷c̷o̷m̷',
+      '𝖒𝖎𝖈𝖍𝖆𝖊𝖑@𝖊𝖒𝖆𝖎𝖑.𝖈𝖔𝖒',
+      'm̲i̲c̲h̲a̲e̲l̲@̲e̲m̲a̲i̲l̲.̲c̲o̲m̲',
+      'ꕮꕯꖀꖾꗇꗍꝆ@ꗍꕮꗇꕯꝆ.ꖀꗞꕮ',
+      '🅼🅘🅲🅗🅰🅔🅻@🅴🅜🅰🅘🅻.🅲🅞🅼',
+      'ɯoɔ˙ןıɐɯǝ@ןǝɐɥɔıɯ',
+      'ꮇꮖꮯꮋꭺꭼꮮ@ꭼꮇꭺꮖꮮ.ꮯꮎꮇ',
+      'ｍｉｃｈａｅｌ＠ｅｍａｉｌ．ｃｏｍ',
+      'ₘᵢcₕaₑₗ@ₑₘaᵢₗ.cₒₘ'
+    ])('prohibits a string with non-standard characters: %s', async c => {
+      await expect(contactValidation.createEmailValidator(Joi).validateAsync(c)).rejects.toThrow()
+    })
   })
 
   describe('mobilePhoneValidator', () => {
@@ -251,6 +312,24 @@ describe('contact validators', () => {
     it.each(['test', '07700 test'])('rejects the invalid number %s', async number => {
       await expect(contactValidation.createMobilePhoneValidator(Joi).validateAsync(number)).rejects.toThrow()
     })
+
+    it.each([
+      '𝟘𝟟𝟟𝟘𝟘 𝟡𝟘𝟘𝟘𝟠𝟠',
+      '0𝟟7𝟘0 9𝟘0𝟘8𝟠',
+      '0𝟽𝟽00 𝟿000𝟾𝟾',
+      '0̵7̵7̵0̵0̵ ̵9̵0̵0̵0̵8̵8̵',
+      '0͟7͟7͟0͟0͟ ͟9͟0͟0͟0͟8͟8͟',
+      '0̸7̸7̸0̸0̸ ̸9̸0̸0̸0̸8̸8̸',
+      '０７７００ ９０００８８',
+      '⁰⁷⁷⁰⁰ ⁹⁰⁰⁰⁸⁸',
+      '⓿➐➐⓿⓿ ➒⓿⓿⓿➑➑',
+      '+ㄐㄐワワㄖㄖ ㄢㄖㄖㄖ曰曰',
+      '07700👏 900088',
+      '0̐̈7̐̈7̐̈0̐̈0̐̈ ̐̈9̐̈0̐̈0̐̈0̐̈8̐̈8̐̈',
+      '+4④7⑦0⓪ ⑨0⓪0⑧8'
+    ])('prohibits a string with non-standard characters: %s', async c => {
+      await expect(contactValidation.createMobilePhoneValidator(Joi).validateAsync(c)).rejects.toThrow()
+    })
   })
 
   describe('ukPostcodeValidator', () => {
@@ -265,33 +344,74 @@ describe('contact validators', () => {
     it('expects a minimum of 1 character', async () => {
       await expect(contactValidation.createUKPostcodeValidator(Joi).validateAsync('')).rejects.toThrow('"value" is not allowed to be empty')
     })
+
     it('expects a maximum of 12 characters', async () => {
       await expect(contactValidation.createUKPostcodeValidator(Joi).validateAsync('0123456789ABC')).rejects.toThrow(
         '"value" length must be less than or equal to 12 characters long'
       )
     })
+
     it('expects postcodes to conform to the pattern used in the UK', async () => {
       await expect(contactValidation.createUKPostcodeValidator(Joi).validateAsync('0123456789')).rejects.toThrow(
         /fails to match the required pattern/
       )
     })
+
+    it.each([
+      'A⃣B⃣1⃣2⃣ 1⃣A⃣B⃣',
+      '🄐🄑⑴⑵ ⑴🄐🄑',
+      '丹乃丨己 丨丹乃',
+      'A͢B͢1͢2͢ ͢1͢A͢B͢',
+      'A⃟B⃟1⃟2⃟ 1⃟A⃟B⃟',
+      'AB12👏 1AB',
+      '🅐Ⓑ➊② ①🅐Ⓑ',
+      '𝘼𝐵𝟭𝟮 1𝘼𝘽',
+      '🅰𝙱12 1𝕬𝓑',
+      '1ᴬAᴮB¹²',
+      'ᴬᴮ¹² ¹ᴬᴮ',
+      'q∀1 21q∀',
+      'A̶B̶1̶2̶ ̶1̶A̶B̶'
+    ])('prohibits a string with non-standard characters: %s', async c => {
+      await expect(contactValidation.createUKPostcodeValidator(Joi).validateAsync(c)).rejects.toThrow()
+    })
   })
 
   describe('overseasPostcodeValidator', () => {
     it('converts to uppercase and trims', async () => {
       await expect(contactValidation.createOverseasPostcodeValidator(Joi).validateAsync('a ')).resolves.toEqual('A')
     })
+
     it('expects a minimum of 1 character', async () => {
       await expect(contactValidation.createOverseasPostcodeValidator(Joi).validateAsync('')).rejects.toThrow(
         '"value" is not allowed to be empty'
       )
     })
+
     it('expects a maximum of 12 characters', async () => {
       await expect(contactValidation.createOverseasPostcodeValidator(Joi).validateAsync('123456789AAAA')).rejects.toThrow()
     })
+
     it('will not accept special characters', async () => {
       await expect(contactValidation.createOverseasPostcodeValidator(Joi).validateAsync('12£4')).rejects.toThrow()
     })
+
+    it.each([
+      'A⃣B⃣1⃣2⃣ 1⃣A⃣B⃣',
+      '🄐🄑⑴⑵ ⑴🄐🄑',
+      '丹乃丨己 丨丹乃',
+      'A͢B͢1͢2͢ ͢1͢A͢B͢',
+      'A⃟B⃟1⃟2⃟ 1⃟A⃟B⃟',
+      'AB12👏 1AB',
+      '🅐Ⓑ➊② ①🅐Ⓑ',
+      '𝘼𝐵𝟭𝟮 1𝘼𝘽',
+      '🅰𝙱12 1𝕬𝓑',
+      '1ᴬAᴮB¹²',
+      'ᴬᴮ¹² ¹ᴬᴮ',
+      'q∀1 21q∀',
+      'A̶B̶1̶2̶ ̶1̶A̶B̶'
+    ])('prohibits a string with non-standard characters: %s', async c => {
+      await expect(contactValidation.createOverseasPostcodeValidator(Joi).validateAsync(c)).rejects.toThrow()
+    })
   })
 
   describe('premisesValidator', () => {
@@ -308,6 +428,23 @@ describe('contact validators', () => {
         '"value" length must be less than or equal to 50 characters long'
       )
     })
+
+    it.each([
+      '15 𐝥ꗞꕷꗍ ꖀꗞꖡꖡꗇꗱꗍ',
+      '１５ Ｒｏｓｅ Ｃｏｔｔａｇｅ',
+      '¹⁵ ᴿᵒˢᵉ ᶜᵒᵗᵗᵃᵍᵉ',
+      '15 ᖇᐤᔆᕪ ᐸᐤᐩᐩᐞᕐᕪ',
+      '15👏 Rose👏 Cottage',
+      '1̶5̶ ̶R̶o̶s̶e̶ ̶C̶o̶t̶t̶a̶g̶e̶',
+      '1̲5̲ ̲R̲o̲s̲e̲ ̲C̲o̲t̲t̲a̲g̲e̲',
+      '1̸5̸ ̸R̸o̸s̸e̸ ̸C̸o̸t̸t̸a̸g̸e̸',
+      '➊➎ 🅡🅞🅢🅔 🅒🅞🅣🅣🅐🅖🅔',
+      '①➎ 🅡ⓞ🅢ⓔ Ⓒ🅞ⓣ🅣ⓐ🅖ⓔ',
+      '1⑤ 𝑅𝐨𝑠ⓔ 𝒞𝓸𝘁𝕥𝒶ℊ🄴',
+      '𝟏𝟓 𝐑𝐨𝐬𝐞 𝐂𝐨𝐭𝐭𝐚𝐠𝐞'
+    ])('prohibits a string with non-standard characters: %s', async c => {
+      await expect(contactValidation.createPremisesValidator(Joi).validateAsync(c)).rejects.toThrow()
+    })
   })
 
   describe('streetValidator', () => {
@@ -324,6 +461,22 @@ describe('contact validators', () => {
         '"value" length must be less than or equal to 100 characters long'
       )
     })
+
+    it.each([
+      'Bond👏 Street',
+      '🅑ⓞ🅝ⓓ ⓢⓣⓡⓔⓔⓣ',
+      'Ｂｏｎｄ Ｓｔｒｅｅｔ',
+      'ᴮᵒⁿᵈ ˢᵗʳᵉᵉᵗ',
+      'B̲o̲n̲d̲ ̲S̲t̲r̲e̲e̲t̲',
+      'B̸o̸n̸d̸ ̸S̸t̸r̸e̸e̸t̸',
+      '🅑🅞🅝🅓 🅢🅣🅡🅔🅔🅣',
+      'B𝑜𝓷d S𝓉𝓇𝑒𝑒𝓉',
+      'もＢ囗ｏ几ｎ问ｄ  丂Ｓ匕ｔ尺ｒ乇ｅモｅ匕ｔ',
+      'B⃠o⃠n⃠d⃠ S⃠t⃠r⃠e⃠e⃠t⃠',
+      '𝐁𝐨𝐧𝐝 𝐒𝐭𝐫𝐞𝐞𝐭'
+    ])('prohibits a string with non-standard characters: %s', async c => {
+      await expect(contactValidation.createStreetValidator(Joi).validateAsync(c)).rejects.toThrow()
+    })
   })
 
   describe('localityValidator', () => {
@@ -340,6 +493,20 @@ describe('contact validators', () => {
         '"value" length must be less than or equal to 100 characters long'
       )
     })
+
+    it.each([
+      'M̲a̲y̲f̲a̲i̲r̲',
+      'M̸a̸y̸f̸a̸i̸r̸',
+      'Ｍａｙｆａｉｒ',
+      'ᴹᵃʸᶠᵃⁱʳ',
+      '🅜🅐🅨🅕🅐🅘🅡',
+      '🅜ⓐ🅨ⓕⓐⓘⓡ',
+      '爪Ｍ丹ａﾘｙ乍ｆ丹ａ工ｉ尺ｒ',
+      'M⃠a⃠y⃠f⃠a⃠i⃠r⃠',
+      '𝐌𝐚𝐲𝐟𝐚𝐢𝐫'
+    ])('prohibits a string with non-standard characters: %s', async c => {
+      await expect(contactValidation.createLocalityValidator(Joi).validateAsync(c)).rejects.toThrow()
+    })
   })
 
   describe('townValidator', () => {
@@ -373,6 +540,13 @@ describe('contact validators', () => {
         '"value" length must be less than or equal to 100 characters long'
       )
     })
+
+    it.each(['Ｌｏｎｄｏｎ', 'ᴸᵒⁿᵈᵒⁿ', '𝐋𝐨𝐧𝐝𝐨𝐧', 'ㄥＬ口ｏ几ｎ冂ｄ口ｏ几ｎ', 'L⃠o⃠n⃠d⃠o⃠n⃠', '🅛🅞🅝🅓🅞🅝', 'L̸o̸n̸d̸o̸n̸', 'L̲o̲n̲d̲o̲n̲'])(
+      'prohibits a string with non-standard characters: %s',
+      async c => {
+        await expect(contactValidation.createTownValidator(Joi).validateAsync(c)).rejects.toThrow()
+      }
+    )
   })
 
   describe('nationalInsuranceNumberValidator', () => {
@@ -381,11 +555,28 @@ describe('contact validators', () => {
         'AB 12 34 56 A'
       )
     })
+
     it('Disallows invalid NI number QQ123456A', async () => {
       await expect(contactValidation.createNationalInsuranceNumberValidator(Joi).validateAsync('QQ123456A')).rejects.toThrow()
     })
+
     it('Disallows invalid NI number BG123456A', async () => {
       await expect(contactValidation.createNationalInsuranceNumberValidator(Joi).validateAsync('QQ123456A')).rejects.toThrow()
     })
+
+    it.each([
+      'A̲B̲1̲2̲3̲4̲5̲6̲A̲',
+      'A̸B̸1̸2̸3̸4̸5̸6̸A̸',
+      'ＡＢ１２３４５６Ａ',
+      'ᴬᴮ¹²³⁴⁵⁶ᴬ',
+      '🅐🅑①②③④⑤⑥🅐',
+      '🅐ⓑ①②③④⑤⑥ⓐ',
+      'A⃠B⃠1⃠2⃠3⃠4⃠5⃠6⃠A⃠',
+      '升Ａ马Ｂ丨１己２ヨ３ㄐ４丂５石６刄Ａ',
+      '✌️AB123456A✌️',
+      '𝐀𝐁𝟏𝟐𝟑𝟒𝟓𝟔𝐀'
+    ])('prohibits a string with non-standard characters: %s', async c => {
+      await expect(contactValidation.createNationalInsuranceNumberValidator(Joi).validateAsync(c)).rejects.toThrow()
+    })
   })
 })

package/src/validators/contact.validators.js

@@ -78,6 +78,12 @@ const createDateStringValidator = joi =>
     }
   })
 
+const allowedUnicodeBlocks = '\\u0000-\\u024F'
+const forbiddenCharsRegex = new RegExp(`[^${allowedUnicodeBlocks}\\s'’()-]`, 'gu')
+const forbiddenEmailRegex = new RegExp(`[^A-Za-z0-9\\s'’@._${allowedUnicodeBlocks}]`, 'gu')
+const forbiddenCharsNumbersRegex = new RegExp(`[^A-Za-z0-9\\s${allowedUnicodeBlocks}]`, 'gu')
+const forbiddenMobileRegex = /[^+()0-9\-.\s]+/g
+
 /**
  * Create a validator to check a contact's birth date
  *
@@ -92,7 +98,8 @@ export const createBirthDateValidator = joi => createDateStringValidator(joi).tr
  * @param {Joi.Root} joi the joi validator used by the consuming project
  * @returns {Joi.StringSchema}
  */
-export const createEmailValidator = joi => joi.string().trim().email().max(100).lowercase().example('person@example.com')
+export const createEmailValidator = joi =>
+  checkCopyPasteValidator(joi, forbiddenEmailRegex).string().allowable().trim().email().max(100).lowercase().example('person@example.com')
 
 export const mobilePhoneRegex = /^[+]*[(]?[0-9]{1,4}[)]?[-\s./0-9]*$/
 /**
@@ -101,7 +108,10 @@ export const mobilePhoneRegex = /^[+]*[(]?[0-9]{1,4}[)]?[-\s./0-9]*$/
  * @param {Joi.Root} joi the joi validator used by the consuming project
  * @returns {Joi.StringSchema}
  */
-export const createMobilePhoneValidator = joi => joi.string().trim().pattern(mobilePhoneRegex).example('+44 7700 900088')
+export const createMobilePhoneValidator = joi =>
+  checkCopyPasteValidator(joi, forbiddenMobileRegex).string().allowable().trim().pattern(mobilePhoneRegex).example('person@example.com')
+
+const maxPremises = 50
 
 /**
  * Create a validator to check a contact's address premises
@@ -109,7 +119,16 @@ export const createMobilePhoneValidator = joi => joi.string().trim().pattern(mob
  * @param {Joi.Root} joi the joi validator used by the consuming project
  * @returns {Joi.StringSchema}
  */
-export const createPremisesValidator = joi => joi.string().trim().min(1).max(50).external(toTitleCase()).required().example('Example House')
+export const createPremisesValidator = joi =>
+  checkCopyPasteValidator(joi, forbiddenCharsNumbersRegex)
+    .string()
+    .allowable()
+    .trim()
+    .min(1)
+    .max(maxPremises)
+    .external(toTitleCase())
+    .required()
+    .example('Example House')
 
 /**
  * Create a validator to check a contact's address street
@@ -117,7 +136,15 @@ export const createPremisesValidator = joi => joi.string().trim().min(1).max(50)
  * @param {Joi.Root} joi the joi validator used by the consuming project
  * @returns {Joi.StringSchema}
  */
-export const createStreetValidator = joi => joi.string().trim().max(100).external(toTitleCase()).empty('').example('Example Street')
+export const createStreetValidator = joi =>
+  checkCopyPasteValidator(joi, forbiddenCharsRegex)
+    .string()
+    .allowable()
+    .trim()
+    .max(100)
+    .external(toTitleCase())
+    .empty('')
+    .example('Example Street')
 
 /**
  * Create a validator to check a contact's address locality
@@ -125,7 +152,15 @@ export const createStreetValidator = joi => joi.string().trim().max(100).externa
  * @param {Joi.Root} joi the joi validator used by the consuming project
  * @returns {Joi.StringSchema}
  */
-export const createLocalityValidator = joi => joi.string().trim().max(100).external(toTitleCase()).empty('').example('Near Sample')
+export const createLocalityValidator = joi =>
+  checkCopyPasteValidator(joi, forbiddenCharsRegex)
+    .string()
+    .allowable()
+    .trim()
+    .max(100)
+    .external(toTitleCase())
+    .empty('')
+    .example('Near Sample')
 
 /**
  * Create a validator to check a contact's address town
@@ -134,8 +169,9 @@ export const createLocalityValidator = joi => joi.string().trim().max(100).exter
  * @returns {Joi.StringSchema}
  */
 export const createTownValidator = joi =>
-  joi
+  checkCopyPasteValidator(joi, forbiddenCharsRegex)
     .string()
+    .allowable()
     .trim()
     .max(100)
     .external(toTitleCase(['under', 'upon', 'in', 'on', 'cum', 'next', 'the', 'en', 'le', 'super']))
@@ -144,6 +180,7 @@ export const createTownValidator = joi =>
 
 export const ukPostcodeRegex = /^([A-PR-UWYZ][0-9]{1,2}[A-HJKPSTUW]?|[A-PR-UWYZ][A-HK-Y][0-9]{1,2}[ABEHMNPRVWXY]?)\s{0,6}([0-9][A-Z]{2})$/i
 export const overseasPostcodeRegex = /^([a-zA-Z0-9 ]{1,12})$/i
+const maxPostcode = 12
 
 /**
  * Create a validator to check a contact's postcode
@@ -154,7 +191,17 @@ export const overseasPostcodeRegex = /^([a-zA-Z0-9 ]{1,12})$/i
  * @returns {Joi.StringSchema}
  */
 export const createUKPostcodeValidator = joi =>
-  joi.string().trim().min(1).max(12).required().pattern(ukPostcodeRegex).replace(ukPostcodeRegex, '$1 $2').uppercase().example('AB12 3CD')
+  checkCopyPasteValidator(joi, forbiddenCharsNumbersRegex)
+    .string()
+    .allowable()
+    .trim()
+    .min(1)
+    .max(maxPostcode)
+    .required()
+    .pattern(ukPostcodeRegex)
+    .replace(ukPostcodeRegex, '$1 $2')
+    .uppercase()
+    .example('AB12 3CD')
 
 /**
  * Create a validator to check/format overseas postcodes
@@ -162,7 +209,15 @@ export const createUKPostcodeValidator = joi =>
  * @returns {Joi.StringSchema}
  */
 export const createOverseasPostcodeValidator = joi =>
-  joi.string().trim().min(1).max(12).uppercase().required().pattern(overseasPostcodeRegex)
+  checkCopyPasteValidator(joi, forbiddenCharsNumbersRegex)
+    .string()
+    .allowable()
+    .trim()
+    .min(1)
+    .max(maxPostcode)
+    .uppercase()
+    .required()
+    .pattern(overseasPostcodeRegex)
 
 const nameStringSubstitutions = [
   /*
@@ -251,7 +306,7 @@ const createNameStringValidator = (joi, { minimumLength }) =>
             return helpers.error('string.min')
           }
           value = standardiseName(value)
-          if (!nameStringRegex.test(value)) {
+          if (!nameStringRegex.test(value) || forbiddenCharsRegex.test(value)) {
             return helpers.error('string.forbidden')
           }
           return value
@@ -302,8 +357,9 @@ const ukNINORegEx =
   /^([ABCEGHJ-PRSTW-Z][ABCEGHJ-NPRSTW-Z])(?<!(?:BG|GB|KN|NK|NT|TN|ZZ))\s?([0-9]{2})\s{0,3}([0-9]{2})\s{0,3}([0-9]{2})\s{0,3}([ABCD])$/
 
 export const createNationalInsuranceNumberValidator = joi =>
-  joi
+  checkCopyPasteValidator(joi, forbiddenCharsNumbersRegex)
     .string()
+    .allowable()
     .trim()
     .uppercase()
     .pattern(ukNINORegEx)
@@ -311,3 +367,22 @@ export const createNationalInsuranceNumberValidator = joi =>
     .required()
     .description('A UK national insurance number')
     .example('NH 12 34 56 A')
+
+const checkCopyPasteValidator = (joi, forbiddenRegex) =>
+  joi.extend({
+    type: 'string',
+    base: joi.string(),
+    rules: {
+      allowable: {
+        validate (value, helpers) {
+          if (forbiddenRegex.test(value)) {
+            return helpers.error('string.forbidden')
+          }
+          return value
+        }
+      }
+    },
+    messages: {
+      'string.forbidden': '{{#label}} contains forbidden characters'
+    }
+  })