fixed: is_email is now complaint with email specifications

Author: daveoncode

string_utils/_regex.py

@@ -22,7 +22,9 @@
 
 URLS_RE = re.compile(r'({})'.format(URLS_RAW_STRING), re.IGNORECASE)
 
-EMAILS_RAW_STRING = r'[a-zA-Z\d._+-]+@[a-z\d-]+\.?[a-z\d-]+\.[a-z]{2,4}'
+ESCAPED_AT_SIGN = re.compile(r'(?!"[^"]*)@+(?=[^"]*")|\\@')
+
+EMAILS_RAW_STRING = r"[a-zA-Z\d._\+\-'`!%#$&*/=\?\^\{\}\|~\\]+@[a-z\d-]+\.?[a-z\d-]+\.[a-z]{2,4}"
 
 EMAIL_RE = re.compile(r'^{}$'.format(EMAILS_RAW_STRING))
 

string_utils/validation.py

@@ -200,15 +200,22 @@ def is_url(input_string: Any, allowed_schemes: Optional[List[str]] = None) -> bo
     return valid
 
 
+# todo: fix me
+'''
+That limit is a maximum of 64 characters (octets)
+   in the "local part" (before the "@") and a maximum of 255 characters
+   (octets) in the domain part (after the "@") for a total length of 320
+   characters.  Systems that handle email should be prepared to process
+   addresses which are that long, even though they are rarely
+   encountered.
+'''
+
+
 def is_email(input_string: Any) -> bool:
     """
-    Check if a string is an email.
+    Check if a string is a valid email.
 
-    By design, the implementation of this checking does not strictly follow the specification for a valid \
-    email address, but instead it's based on real world cases in order to match more than 99% \
-    of emails and catch user mistakes. For example the percentage sign "%" is a valid sign for an email, \
-    but actually no one use it, instead if such sign is found in a string coming from user input (like a \
-    web form) it's very likely that it's a mistake.
+    Reference: https://tools.ietf.org/html/rfc3696#section-3
 
     *Examples:*
 
@@ -219,7 +226,36 @@ def is_email(input_string: Any) -> bool:
     :type input_string: str
     :return: True if email, false otherwise.
     """
-    return is_full_string(input_string) and EMAIL_RE.match(input_string) is not None
+    # first simple "pre check": it must be a non empty string with max len 320 and cannot start with a dot
+    if not is_full_string(input_string) or len(input_string) > 320 or input_string.startswith('.'):
+        return False
+
+    try:
+        # we expect 2 tokens, one before "@" and one after, otherwise we have an exception and the email is not valid
+        head, tail = input_string.split('@')
+
+        # removes escaped spaces, so that later on the test regex will accept the string
+        head = head.replace('\\ ', '')
+        if head.startswith('"') and head.endswith('"'):
+            head = head.replace(' ', '')[1:-1]
+
+        if head.endswith('.') or len(head) > 64 or len(tail) > 255:
+            return False
+
+        # multiple consecutive dots are forbidden
+        if '..' in head:
+            return False
+
+        return EMAIL_RE.match(head + '@' + tail) is not None
+
+    except ValueError:
+        # borderline case in which we have multiple "@" signs but the head part is correctly escaped
+        if ESCAPED_AT_SIGN.search(input_string) is not None:
+            # replace "@" with "a" in the head
+            sanitized = ESCAPED_AT_SIGN.sub('a', input_string)
+            return is_email(sanitized)
+
+        return False
 
 
 def is_credit_card(input_string: Any, card_type: str = None) -> bool:

tests/test_is_email.py

@@ -44,11 +44,9 @@ def test_domain_extension_should_be_letters_only_from_2_to_4_chars(self):
         self.assertFalse(is_email('me@foo.___'))
         self.assertFalse(is_email('me@foo.toolongext'))
 
-    def test_name_part_cannot_contain_bad_signs(self):
-        self.assertFalse(is_email('#me#@foo.com'))
-        self.assertFalse(is_email('me!@foo.com'))
-        self.assertFalse(is_email('[][]@foo.com'))
-        self.assertFalse(is_email('john%@john5music.net'))
+    def test_name_part_cannot_contain_suqare_brackets(self):
+        self.assertFalse(is_email('[myemail@foo.com'))
+        self.assertFalse(is_email('my]email@foo.com'))
 
     def test_domain_part_cannot_contain_bad_signs(self):
         self.assertFalse(is_email('me@#foo#.com'))
@@ -74,3 +72,100 @@ def test_should_accept_valid_emails(self):
         self.assertTrue(is_email('foo@domamin.subdomain.com'))
         self.assertTrue(is_email('is1email@domain.org'))
         self.assertTrue(is_email('UPPER_CASE_EMAIL@somesite.com'))
+
+    def test_max_email_length_is_respected(self):
+        invalid_email = ('a' * 320) + '@gmail.com'
+        self.assertFalse(is_email(invalid_email))
+
+    def test_local_part_length_is_respected(self):
+        # max local part is 64 (before "@")
+        invalid_email = ('a' * 65) + '@gmail.com'
+        self.assertFalse(is_email(invalid_email))
+
+    def test_octects_part_length_is_respected(self):
+        # max octets part is 255 (after "@")
+        invalid_email = 'a@{}.com'.format(255 * 'x')
+        self.assertFalse(is_email(invalid_email))
+
+    def test_plus_is_valid_char_in_local_part(self):
+        self.assertTrue(is_email("my+mail@gmail.com"))
+
+    def test_minus_is_valid_char_in_local_part(self):
+        self.assertTrue(is_email("my-mail@gmail.com"))
+
+    def test_slash_is_valid_char_in_local_part(self):
+        self.assertTrue(is_email("my/mail@gmail.com"))
+
+    def test_back_slash_is_valid_char_in_local_part(self):
+        self.assertTrue(is_email("my\\mail@gmail.com"))
+
+    def test_equal_is_valid_char_in_local_part(self):
+        self.assertTrue(is_email("my=mail@gmail.com"))
+
+    def test_question_mark_is_valid_char_in_local_part(self):
+        self.assertTrue(is_email("my?mail@gmail.com"))
+
+    def test_sharp_is_valid_char_in_local_part(self):
+        self.assertTrue(is_email("my#mail@gmail.com"))
+
+    def test_dollar_is_valid_char_in_local_part(self):
+        self.assertTrue(is_email("my$mail@gmail.com"))
+
+    def test_and_is_valid_char_in_local_part(self):
+        self.assertTrue(is_email("my&mail@gmail.com"))
+
+    def test_asterisk_is_valid_char_in_local_part(self):
+        self.assertTrue(is_email("my*mail@gmail.com"))
+
+    def test_apostrophe_is_valid_char_in_local_part(self):
+        self.assertTrue(is_email("my'mail@gmail.com"))
+
+    def test_acute_accent_is_valid_char_in_local_part(self):
+        self.assertTrue(is_email("my`mail@gmail.com"))
+
+    def test_percentage_is_valid_char_in_local_part(self):
+        self.assertTrue(is_email("my%mail@gmail.com"))
+
+    def test_exclamation_mark_is_valid_char_in_local_part(self):
+        self.assertTrue(is_email("my!mail@gmail.com"))
+
+    def test_caret_is_valid_char_in_local_part(self):
+        self.assertTrue(is_email("my^mail@gmail.com"))
+
+    def test_pipe_is_valid_char_in_local_part(self):
+        self.assertTrue(is_email("my|mail@gmail.com"))
+
+    def test_tilde_is_valid_char_in_local_part(self):
+        self.assertTrue(is_email("my~mail@gmail.com"))
+
+    def test_curly_braces_are_valid_char_in_local_part(self):
+        self.assertTrue(is_email("my{mail@gmail.com"))
+        self.assertTrue(is_email("my}mail@gmail.com"))
+        self.assertTrue(is_email("{mymail}@gmail.com"))
+
+    def test_local_part_cannot_start_with_period(self):
+        self.assertFalse(is_email('.myemail@gmail.com'))
+
+    def test_local_part_cannot_end_with_period(self):
+        self.assertFalse(is_email('myemail.@gmail.com'))
+
+    def test_local_part_cannot_have_multiple_consecutive_periods(self):
+        self.assertFalse(is_email('my..email@gmail.com'))
+        self.assertFalse(is_email('my.email...nope@gmail.com'))
+
+    def test_empty_spaces_are_allowed_only_if_escaped(self):
+        self.assertFalse(is_email('my mail@gmail.com'))
+        self.assertTrue(is_email('my\\ mail@gmail.com'))
+        self.assertTrue(is_email('"my mail"@gmail.com'))
+
+    def test_local_part_can_be_quoted(self):
+        self.assertTrue(is_email('"foo"@example.com'))
+
+    def test_with_quoted_string_multiple_at_are_accepted(self):
+        self.assertTrue(is_email('"Abc@def"@example.com'))
+
+    def test_with_escape_multiple_at_are_accepted(self):
+        self.assertTrue(is_email('Abc\\@def@example.com'))
+
+    def test_local_part_can_have_self_escape(self):
+        self.assertTrue(is_email('Joe.\\\\Blow@example.com'))