Add support for international domain names (IDN) in email addresses (#1512)

* Adjust email address checking to handle unicode * ASCII only in local part * allow unicode in second-level and top-level domain * Add PunyEncoding/Decoding methods and tests * Use PunyEncoding for outbound email recipients * Use MailKit for punycode, handle edge cases * Punyencode all email addresses in mailServices * Remove punyencoding from HandlebarsMailService * Add to punyencoding tests * Use more inclusive e-mail error * Fix comment wording * Apply StrictEmail checking to emergency access invite * Remove punyDecode helper
2025-07-02 00:22:50 -05:00 · 2021-08-31 13:49:11 +10:00
parent dbf82385c9
commit e1908cd6b5
8 changed files with 89 additions and 15 deletions
--- a/src/Core/Utilities/CoreHelpers.cs
+++ b/src/Core/Utilities/CoreHelpers.cs
@ -27,6 +27,7 @@ using Bit.Core.Enums.Provider;
 using Azure.Storage.Queues;
 using Azure.Storage.Queues.Models;
 using System.Threading;
+using MimeKit;

 namespace Bit.Core.Utilities
 {
@ -488,6 +489,31 @@ namespace Bit.Core.Utilities
            return Convert.FromBase64String(output);
        }

+        public static string PunyEncode(string text)
+        {
+            if (text == "")
+            {
+                return "";
+            }
+
+            if (text == null)
+            {
+                return null;
+            }
+
+            if (!text.Contains("@"))
+            {
+                // Assume domain name or non-email address
+                var idn = new IdnMapping();
+                return idn.GetAscii(text);
+            }
+            else
+            {
+                // Assume email address
+                return MailboxAddress.EncodeAddrspec(text);
+            }
+        }
+
        public static string FormatLicenseSignatureValue(object val)
        {
            if (val == null)
--- a/src/Core/Utilities/StrictEmailAddressAttribute.cs
+++ b/src/Core/Utilities/StrictEmailAddressAttribute.cs
@ -7,7 +7,7 @@ namespace Bit.Core.Utilities
    public class StrictEmailAddressAttribute : ValidationAttribute
    {
        public StrictEmailAddressAttribute()
-            : base("The {0} field is not a valid e-mail address.")
+            : base("The {0} field is not a supported e-mail address format.")
        {}
        
        public override bool IsValid(object value)
@ -31,7 +31,18 @@ namespace Bit.Core.Utilities
                return false;
            }

-            if (!Regex.IsMatch(emailAddress, @"@.+\.[A-Za-z0-9]+$"))
+            /**
+            The regex below is intended to catch edge cases that are not handled by the general parsing check above.
+            This enforces the following rules:
+            * Requires ASCII only in the local-part (code points 0-127)
+            * Requires an @ symbol
+            * Allows any char in second-level domain name, including unicode and symbols
+            * Requires at least one period (.) separating SLD from TLD
+            * Must end in a letter (including unicode)
+            See the unit tests for examples of what is allowed.
+            **/
+            var emailFormat = @"[\x00-\x7F]+@.+\.\p{L}+$";
+            if (!Regex.IsMatch(emailAddress, emailFormat))
            {
                return false;
            }