Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PIN-4810 clear tenant mail address #985

Open
wants to merge 11 commits into
base: main
Choose a base branch
from
Open

PIN-4810 clear tenant mail address #985

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
332cc69
added email sanitization
rGregnanin Sep 18, 2024
42c1093
Merge branch 'main' into PIN-4818-clearTenantMailAddress
rGregnanin Sep 18, 2024
0ae095d
Added validation to selfcareUpsertTenant
rGregnanin Sep 18, 2024
3a7e704
Merge branch 'main' into PIN-4818-clearTenantMailAddress
rGregnanin Sep 18, 2024
30fe3b8
Merge branch 'main' into PIN-4810-clearTenantMailAddress
rGregnanin Sep 18, 2024
75a8c7a
Merge branch 'main' into PIN-4810-clearTenantMailAddress
rGregnanin Sep 18, 2024
fd4aece
Merge branch 'main' into PIN-4810-clearTenantMailAddress
rGregnanin Sep 18, 2024
5ad5693
Merge branch 'main' into PIN-4810-clearTenantMailAddress
rGregnanin Oct 8, 2024
9c8a986
Merge branch 'main' into PIN-4810-clearTenantMailAddress
rGregnanin Oct 9, 2024
69ccbc7
Merge branch 'main' into PIN-4810-clearTenantMailAddress
rGregnanin Oct 10, 2024
2d9799d
Merge branch 'main' into PIN-4810-clearTenantMailAddress
rGregnanin Oct 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions packages/tenant-process/src/model/domain/errors.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ export const errorCodes = {
certifierWithExistingAttributes: "0024",
attributeNotFoundInTenant: "0025",
tenantNotFoundByExternalId: "0026",
notValidMailAddress: "0027",
};

export type ErrorCodes = keyof typeof errorCodes;
Expand Down Expand Up @@ -292,3 +293,11 @@ export function attributeNotFoundInTenant(
title: "Attribute not found in tenant",
});
}

export function notValidMailAddress(address: string): ApiError<ErrorCodes> {
return new ApiError({
detail: `mail address ${address} not valid`,
code: "notValidMailAddress",
title: "Not valid mail address",
});
}
72 changes: 54 additions & 18 deletions packages/tenant-process/src/services/tenantService.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,7 @@
tenantNotFound,
tenantIsAlreadyACertifier,
verifiedAttributeSelfRevocationNotAllowed,
notValidMailAddress,
} from "../model/domain/errors.js";
import {
assertOrganizationIsInAttributeVerifiers,
Expand Down Expand Up @@ -335,28 +336,14 @@
logger.info(
`Creating tenant with external id ${tenantSeed.externalId} via SelfCare request"`
);
const mails = tenantSeed.digitalAddress
? [
{
id: crypto
.createHash("sha256")
.update(tenantSeed.digitalAddress.address)
.digest("hex"),
kind: tenantMailKind.DigitalAddress,
address: tenantSeed.digitalAddress.address,
description: tenantSeed.digitalAddress.description,
createdAt: new Date(),
},
]
: [];

const newTenant: Tenant = {
id: generateId(),
name: tenantSeed.name,
attributes: [],
externalId: tenantSeed.externalId,
features: [],
mails,
mails: formatTenantMail(tenantSeed.digitalAddress),
selfcareId: tenantSeed.selfcareId,
onboardedAt: new Date(tenantSeed.onboardedAt),
subUnitType: tenantSeed.subUnitType,
Expand Down Expand Up @@ -1093,15 +1080,17 @@

const tenant = await retrieveTenant(tenantId, readModelService);

if (tenant.data.mails.find((m) => m.address === mailSeed.address)) {
const validatedAddress = validateAddress(mailSeed.address);

if (tenant.data.mails.find((m) => m.address === validatedAddress)) {
throw mailAlreadyExists();
}

const newMail: TenantMail = {
kind: mailSeed.kind,
address: mailSeed.address,
address: validatedAddress,
description: mailSeed.description,
id: crypto.createHash("sha256").update(mailSeed.address).digest("hex"),
id: crypto.createHash("sha256").update(validatedAddress).digest("hex"),
createdAt: new Date(),
};

Expand Down Expand Up @@ -1751,4 +1740,51 @@
} satisfies Tenant;
}

function validateAddress(address: string): string {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMHO there are too many steps in order to validate a mail, are these really necessary?
With the regex we don't need the extra steps of removing characters and spaces since it's already included.

I suggest to use this one: ^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}$ (taken from here)? Note: the regex must be case insensitive for it to work properly.

There's no perfect regex for validating a mail, but this one is simpler and covers most of the cases.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would prefer to leave emailPattern as it is so that it is aligned with the frontend as well, since it is the same pattern they use

// Here I am removing the non-printing control characters
const removeNonPrintingcontrolCharacters = address.replace(
// eslint-disable-next-line no-control-regex
/[\x00-\x1F\x7F]/g,
""
);

// Here I am removing the extra spaces and tabs
const removeExtraSpace = removeNonPrintingcontrolCharacters
.replace(/\s+/g, "")
.trim();

// Here I am removing strange characters or special symbols
const sanitizedMail = removeExtraSpace
.replace(/[^\w.@-_]/g, "")

Check warning

Code scanning / CodeQL

Overly permissive regular expression range Medium

Suspicious character range that overlaps with \w in the same character class.

Copilot Autofix AI about 7 hours ago

To fix the problem, we need to adjust the regular expression to avoid the overly permissive range. Specifically, we should remove the redundant underscore _ from the range and ensure that only the intended characters are included.

  • General Fix: Replace the problematic character range with a more precise set of characters.
  • Detailed Fix: Modify the regular expression on line 1758 to remove the redundant underscore and ensure that only the intended characters are included.
  • Specific Changes: Update the regular expression in the validateAddress function to use a more precise character set.
  • Requirements: No additional methods, imports, or definitions are needed to implement this change.
Suggested changeset 1
packages/tenant-process/src/services/tenantService.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/packages/tenant-process/src/services/tenantService.ts b/packages/tenant-process/src/services/tenantService.ts
--- a/packages/tenant-process/src/services/tenantService.ts
+++ b/packages/tenant-process/src/services/tenantService.ts
@@ -1757,3 +1757,3 @@
   const sanitizedMail = removeExtraSpace
-    .replace(/[^\w.@-_]/g, "")
+    .replace(/[^\w.@-]/g, "")
     .replace(/\^/g, "");
EOF
@@ -1757,3 +1757,3 @@
const sanitizedMail = removeExtraSpace
.replace(/[^\w.@-_]/g, "")
.replace(/[^\w.@-]/g, "")
.replace(/\^/g, "");
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
.replace(/\^/g, "");

// same path used by the frontend
// Taken from HTML spec: https://html.spec.whatwg.org/multipage/input.html#valid-e-mail-address
const emailPattern =
// eslint-disable-next-line no-useless-escape
/^[a-zA-Z0-9.!#$%&'*+\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/;
if (!emailPattern.test(sanitizedMail)) {
throw notValidMailAddress(address);
}
return sanitizedMail;
}

function formatTenantMail(
digitalAddress: tenantApi.MailSeed | undefined
): TenantMail[] {
if (!digitalAddress) {
return [];
}
const validatedAddress = validateAddress(digitalAddress.address);
return [
{
id: crypto.createHash("sha256").update(validatedAddress).digest("hex"),
kind: tenantMailKind.DigitalAddress,
address: validatedAddress,
description: digitalAddress.description,
createdAt: new Date(),
},
];
}

export type TenantService = ReturnType<typeof tenantServiceBuilder>;
70 changes: 70 additions & 0 deletions packages/tenant-process/test/addTenantMail.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ import { tenantApi } from "pagopa-interop-api-clients";
import { getMockTenant } from "pagopa-interop-commons-test";
import {
mailAlreadyExists,
notValidMailAddress,
tenantNotFound,
} from "../src/model/domain/errors.js";
import { addOneTenant, postgresDB, tenantService } from "./utils.js";
Expand Down Expand Up @@ -77,6 +78,53 @@ describe("addTenantMail", async () => {
};
expect(writtenPayload.tenant).toEqual(toTenantV2(updatedTenant));
});
it("Should correctly add email by cleaning the address from unwanted characters", async () => {
const mailSeedWithStrangeCharacters: tenantApi.MailSeed = {
kind: "CONTACT_EMAIL",
address: " test#°¶^ Mail@test.$%*it",
description: "mail description",
};
await addOneTenant(mockTenant);
await tenantService.addTenantMail(
{
tenantId: mockTenant.id,
mailSeed: mailSeedWithStrangeCharacters,
organizationId: mockTenant.id,
correlationId: generateId(),
},
genericLogger
);
const writtenEvent = await readLastEventByStreamId(
mockTenant.id,
"tenant",
postgresDB
);

expect(writtenEvent).toMatchObject({
stream_id: mockTenant.id,
version: "1",
type: "TenantMailAdded",
event_version: 2,
});

const writtenPayload: TenantMailAddedV2 | undefined = protobufDecoder(
TenantMailAddedV2
).parse(writtenEvent.data);

const updatedTenant: Tenant = {
...mockTenant,
mails: [
{
...mailSeed,
id: writtenPayload.mailId,
createdAt: new Date(),
},
],
updatedAt: new Date(),
};
expect(writtenPayload.tenant).toEqual(toTenantV2(updatedTenant));
});

it("Should throw tenantNotFound if the tenant doesn't exists", async () => {
expect(
tenantService.addTenantMail(
Expand Down Expand Up @@ -132,4 +180,26 @@ describe("addTenantMail", async () => {
)
).rejects.toThrowError(mailAlreadyExists());
});

it("Should throw notValidMailAddress if the address doesn't respect the valid pattern", async () => {
const mailSeedWithStrangeCharacters: tenantApi.MailSeed = {
kind: "CONTACT_EMAIL",
address: " test#°¶^ Mail@test.$%*@@it",
description: "mail description",
};
await addOneTenant(mockTenant);
expect(
tenantService.addTenantMail(
{
tenantId: mockTenant.id,
mailSeed: mailSeedWithStrangeCharacters,
organizationId: mockTenant.id,
correlationId: generateId(),
},
genericLogger
)
).rejects.toThrowError(
notValidMailAddress(mailSeedWithStrangeCharacters.address)
);
});
});