Make email validation only validate @ sign presence, fixes #4547 #9087
Conversation
|
Will fix build errors in case this pull request is considered a good way forward. Awaiting comments. |
|
Cool! 👍 Especially that you didn't forget about a JavaScript part. I'm adding some comments for current changeset and let's proceed after we have an official confirmation such approach is generally acceptable. |
| @@ -336,42 +336,42 @@ protected function _validateInputRule($value) | |||
| __("'%value%' appears to be a DNS hostname but cannot extract TLD part") | |||
| __("'%value%' appears to be a DNS hostname but cannot match TLD against known list") | |||
| */ | |||
| $validator = new \Zend_Validate_EmailAddress(); | |||
| $validator = new \Magento\Framework\Validator\EmailAddress(); | |||
There was a problem hiding this comment.
We won't have anything besides "%1" is not a valid email address. validator error anymore thus all irrelevant cases shall be removed.
| @@ -364,42 +364,42 @@ protected function _validateInputRule($value) | |||
| __("'%value%' appears to be a DNS hostname but cannot extract TLD part") | |||
| __("'%value%' appears to be a DNS hostname but cannot match TLD against known list") | |||
| */ | |||
| $validator = new \Zend_Validate_EmailAddress(); | |||
| $validator = new \Magento\Framework\Validator\EmailAddress(); | |||
There was a problem hiding this comment.
We won't have anything besides "%1" is not a valid email address. validator error anymore thus all irrelevant cases shall be removed.
| }, | ||
| $.mage.__('Please enter a valid email address (Ex: johndoe@domain.com).') | ||
| ], | ||
| 'validate-emailSender': [ | ||
| function (value) { | ||
| return utils.isEmptyNoTrim(value) || /^[\S ]+$/.test(value); | ||
| return utils.isEmptyNoTrim(value) || value.indexOf('@') !== -1; |
There was a problem hiding this comment.
After such change there is no difference between validate-email and validate-emailSender.
I believe it is wrongly copy-pasted from the bottom file:
['validate-emailSender', 'Please use only visible characters and spaces.', function (v) {
return Validation.get('IsEmpty').test(v) || /^[\S ]+$/.test(v) return Validation.get('IsEmpty').test(v) || /^[\S ]+$/.test(v)
So, please just fix message and do not change validation function here.
There was a problem hiding this comment.
Please fix misprint with validate-emailSender if you don't mind (or tell me and I'll report it separately if you believe it is out of scope).
| @@ -9,4 +9,13 @@ | |||
|
|
|||
| class EmailAddress extends \Zend_Validate_EmailAddress implements \Magento\Framework\Validator\ValidatorInterface | |||
There was a problem hiding this comment.
There is no need to keep inheritance from Zend Framework 1 class. Please mark this class as @deprecated without changes and create a new one with proper logic.
As we don't have EmailAnything except EmailAddress, I believe simply Email would be a good name for such class.
| @@ -9,4 +9,13 @@ | |||
|
|
|||
| class EmailAddress extends \Zend_Validate_EmailAddress implements \Magento\Framework\Validator\ValidatorInterface | |||
| { | |||
| public function isValid($value) | |||
| { | |||
| if (false === \strpos($value, '@')) { | |||
There was a problem hiding this comment.
- Please avoid Yoda conditions - JavaScript logic you wrote is much more readable ;) What would be really useful here is unit test
- Remove leading backslash for function, there is no static test which forbids or enforces this but there is no other occurrence of
\strposcurrently. Let's be consistent. strrposwill work faster thanstrposat average as domain is usually shorter than account name ;D
lib/web/mage/validation.js
Outdated
| }, | ||
| $.mage.__('Please enter a valid email address (Ex: johndoe@domain.com).') | ||
| ], | ||
| 'validate-emailSender': [ | ||
| function (v) { | ||
| return $.mage.isEmptyNoTrim(v) || /^[\S ]+$/.test(v); | ||
| return $.mage.isEmptyNoTrim(v) || v.indexOf('@') !== -1; |
There was a problem hiding this comment.
…r to other Magento validators, fix code errors
|
Hi @orlangur that follows Currency validator practice: Is this okay, or should I look into how AllowedProcotols validator is implemented, and have Email validator extend from AbstractValidator and implement ValidatorInteface as well, like here: |
|
Attempting to implement this validator by extending AbstractValidator and implementing ValidatorInteface. As AbstractValidator is missing some key components to compete with Zend_Validate_Abstract, I have added some methods to this Email validator, so we can add messages by key, like we can for all Zend validators. If we're looking to implement our own validators for some parts of the system, moving forward, we should have an implementation for setMessage, _error, and _createMessage in AbstractValidator. That way, adding new validators will be easier. |
|
@sambolek thanks, I'll look deeper into implementation today and share my thoughts. Anticipatorily I believe we should not have anything ZF-specific like Also, we need to think about ZF1 validators replacement. I'll check how ZF2 validators differ from ZF1, for instance. |
|
@orlangur any news on this one? |
|
@sambolek sorry, forgot to review that evening and then had no time. Will review asap today and this time will not forget. |
|
Hi @sambolek! I left some comments in review and let me clarify approach I find the best one here.
This one is a bad example I believe, it does not implement any interface in fact :D I believe when the The closest good example I see is |
| "'%value%' appears to be a DNS hostname, but the given punycode notation cannot be decoded." | ||
| ), | ||
| \Zend_Validate_Hostname::CANNOT_DECODE_PUNYCODE | ||
| \Magento\Framework\Validator\Email::INVALID |
There was a problem hiding this comment.
Please encapsulate it in validator.
| }, | ||
| $.mage.__('Please enter a valid email address (Ex: johndoe@domain.com).') | ||
| ], | ||
| 'validate-emailSender': [ | ||
| function (value) { | ||
| return utils.isEmptyNoTrim(value) || /^[\S ]+$/.test(value); | ||
| return utils.isEmptyNoTrim(value) || value.indexOf('@') !== -1; |
There was a problem hiding this comment.
Please fix misprint with validate-emailSender if you don't mind (or tell me and I'll report it separately if you believe it is out of scope).
| */ | ||
| namespace Magento\Framework\Validator; | ||
|
|
||
| class Email extends AbstractValidator implements \Magento\Framework\Validator\ValidatorInterface |
There was a problem hiding this comment.
I believe the plan was to avoid inheritance from AbstractValidator whenever possible, by just implementing a couple of \Zend_Validate_Interface methods.
|
Thank you for your contribution! Can you adjust the failing tests to the new implementation? And please revert the changes in jQuery, modifications of third party libraries should not be allowed (see also: #7593 (comment)) So we either have to live with that regex validation or replace its usages. |
Is it officially prohibited somewhere? As to me changing third-party libraries behavior is perfectly fine until we do not break upgradeability. Probably, we can move this change to the bottom of file so that it is consistent with other basic functionality extensions there. But moving such change to a separate file is not a good idea as third-party developers can accidentally use original jQuery version instead of patched one. |
|
Any movement on this? Lots of new TLD's that aren't supported in Magento2 right now. |
|
@chreds yes. As there are two possible implementation approaches an approval from Magento Product Team was requested to make an informed decision. After that we will be able to proceed with this PR acceptance. |
|
Hi @orlangur and @sambolek Thank you for working on this issue. ZF2 resolves the problem described in #4547 (see hostname validator and support of IANA) We would like to update validator library from ZF1 to ZF2 in the entire application and eliminate direct knowledge about ZF1 validator from the code base. We should introduce Magento adapters and interfaces (where needed) and use only Magento code though the code base. Update of ZF1 validator to ZF2 is a big task and we would like to have it done for sure. Closing this PR. We would like to avoid the validation only by |
|
@okorshenko that's sad to hear as validating only Don't forget to report https://github.com/magento/magento2/pull/8420/files#r99476657 as technical debt then ;) |
Could you please share the motivation for this decision? IMHO it is much more acceptable from UX perspective to have some invalid emails pass through rather than deny a customer from using a perfectly valid address. And thus having a less restrictive validator is much better than having a broken one. It puzzles me: why not use this one at least temporarily, until a Magento-style (c), adapter-wrapped, ZF2 validator is actually implemented (which might take months or years for all we know) |
[Support Tier-4 aplapana] 07-16-2024 Regular delivery of bugfixes and improvements
Description
New TLDs aren't valid because of Zend Framework Email validator, which is too strict. As some pointed out, this might not be necessary. See discussion: https://github.com/magento/magento2/pull/8420/files#r99476657
Fixed Issues (if relevant)
.techTLD and others required #4547: Support for new.techTLD and others requiredManual testing scenarios
"Email" is not a valid hostname. 'test.swiss' looks like a DNS hostname but we cannot match the TLD against known list. 'test.swiss' looks like a local network name, which is not an acceptable format.Contribution checklist