Fixes for StrictEmailAddressAttribute (#1474)

* Use StrictEmail validation for changing email * Add trailing symbols to illegal chars in emails * Add semicolon as always illegal * Replace regex with MimeKit parsing, add unit test * Add more unit tests * Fix linting
2025-07-01 08:02:49 -05:00 · 2021-07-23 05:59:10 +10:00
parent 7a135ae7cd
commit 757102fd96
3 changed files with 65 additions and 7 deletions
--- a/src/Core/Models/Api/Request/Accounts/EmailTokenRequestModel.cs
+++ b/src/Core/Models/Api/Request/Accounts/EmailTokenRequestModel.cs
@ -1,11 +1,12 @@
 using System.ComponentModel.DataAnnotations;
+using Bit.Core.Utilities;

 namespace Bit.Core.Models.Api
 {
    public class EmailTokenRequestModel
    {
        [Required]
-        [EmailAddress]
+        [StrictEmailAddress]
        [StringLength(256)]
        public string NewEmail { get; set; }
        [Required]
--- a/src/Core/Utilities/StrictEmailAddressAttribute.cs
+++ b/src/Core/Utilities/StrictEmailAddressAttribute.cs
@ -1,6 +1,5 @@
-using System;
-using System.ComponentModel.DataAnnotations;
-using System.Text.RegularExpressions;
+using System.ComponentModel.DataAnnotations;
+using MimeKit;

 namespace Bit.Core.Utilities
 {
@ -18,12 +17,19 @@ namespace Bit.Core.Utilities
                return false;
            }

-            var illegalChars = @"[\s<>()]";
-            if (Regex.IsMatch(emailAddress, illegalChars))
+            try
+            {
+                var parsedEmailAddress = MailboxAddress.Parse(emailAddress).Address;
+                if (parsedEmailAddress != emailAddress)
+                {
+                    return false;
+                }
+            }
+            catch (ParseException e)
            {
                return false;
            }
-             
+
            return new EmailAddressAttribute().IsValid(emailAddress);
        }
    }