API should guard against invalid email addresses #109
Comments
|
The email address should already be getting validated, using the Also, when testing locally, I do get a Request: curl -X "POST" "http://api.lvh.me:5000/users" \
-H "Content-Type: application/json" \
-d "{\"data\":{\"attributes\":{\"email\":\"test\\[email protected]\",\"password\":\"testing123\",\"first_name\":\"test\",\"last_name\":\"test\",\"state_code\":\"NY\"}}}"Response: HTTP/1.1 422 Unprocessable Entity
Date: Thu, 11 Feb 2016 19:15:54 GMT
Status: 422 Unprocessable Entity
# snip…
{
"errors": [
{
"detail": "Email is invalid",
"id": "VALIDATION_ERROR",
"status": 422,
"title": "Email error"
}
]
}Any chance you can provide me with a way to reproduce the issue you’re seeing? |
|
@christopherstyles I used an accented character in the email address, if I remember right. That or a ligature'd AE. |
|
@AaronSofaer I’m no expert on this, but after some diving it seems that RFC 2822 (which outlined valid addresses as being solely US-ASCII) was obsoleted by RFC 6531. Utf-8 characters are acceptable to smtp servers that support the SMTPUTF8 extension. Some of the characters that would invalidate the local part of an email address can be found in this chart…things like |
|
@christopherstyles RFCs are nice and all, but services like Mailgun will choke on those addresses, often quite loudly/with side effects. But I'm not exactly married to this bug; it was just something I noticed in my initial pokings. :) |
Any email address with unicode characters that aren't the standard ASCII English set are not really valid email addresses. The API should return 400 with an Invalid Email Address code when a client attempts to create a user by POSTing to /users.
The text was updated successfully, but these errors were encountered: