From 05e4af5b4c7709ab08194d109ddec8e19f44758d Mon Sep 17 00:00:00 2001
From: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com>
Date: Thu, 16 Jan 2014 12:14:47 +0100
Subject: [PATCH] Better check on the validity of emails

At this moment it was possible to enter emails like:
mailto:info@example.com. This was causing some issue in the frontend,
since those links became html mailto: links.

Fixes: #3516
---
 Gemfile                  |  3 +++
 Gemfile.lock             |  3 +++
 app/models/user.rb       |  2 +-
 spec/models/user_spec.rb | 21 +++++++++++++++++++++
 4 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/Gemfile b/Gemfile
index b9ef6b1f4..db256ded3 100644
--- a/Gemfile
+++ b/Gemfile
@@ -52,6 +52,9 @@ gem "grape", "~> 0.6.1"
 gem "grape-entity", "~> 0.3.0"
 gem 'rack-cors', require: 'rack/cors'
 
+# Email validation
+gem "email_validator", "~> 1.4.0", :require => 'email_validator/strict'
+
 # Format dates and times
 # based on human-friendly examples
 gem "stamp"
diff --git a/Gemfile.lock b/Gemfile.lock
index 80d98a508..959a52f7e 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -114,6 +114,8 @@ GEM
     email_spec (1.5.0)
       launchy (~> 2.1)
       mail (~> 2.2)
+    email_validator (1.4.0)
+      activemodel
     enumerize (0.7.0)
       activesupport (>= 3.2)
     equalizer (0.0.8)
@@ -567,6 +569,7 @@ DEPENDENCIES
   devise (= 3.0.4)
   devise-async (= 0.8.0)
   email_spec
+  email_validator (~> 1.4.0)
   enumerize
   factory_girl_rails
   ffaker
diff --git a/app/models/user.rb b/app/models/user.rb
index f2cd554f9..a50787cee 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -103,7 +103,7 @@ class User < ActiveRecord::Base
   # Validations
   #
   validates :name, presence: true
-  validates :email, presence: true, format: { with: /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/ }, uniqueness: true
+  validates :email, presence: true, email: {strict_mode: true}, uniqueness: true
   validates :bio, length: { maximum: 255 }, allow_blank: true
   validates :extern_uid, allow_blank: true, uniqueness: {scope: :provider}
   validates :projects_limit, presence: true, numericality: {greater_than_or_equal_to: 0}
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 94bd19f59..cd025c204 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -74,6 +74,27 @@ describe User do
     it { should_not allow_value(-1).for(:projects_limit) }
 
     it { should ensure_length_of(:bio).is_within(0..255) }
+
+    describe 'email' do
+      it 'accepts info@example.com' do
+        user = build(:user, email: 'info@example.com')
+        expect(user).to be_valid
+      end
+      it 'accepts info+test@example.com' do
+        user = build(:user, email: 'info+test@example.com')
+        expect(user).to be_valid
+      end
+
+      it 'rejects test@test@example.com' do
+        user = build(:user, email: 'test@test@example.com')
+        expect(user).to be_invalid
+      end
+
+      it 'rejects mailto:test@example.com' do
+        user = build(:user, email: 'mailto:test@example.com')
+        expect(user).to be_invalid
+      end
+    end
   end
 
   describe "Respond to" do
-- 
2.11.0