#17276: Fixing email validation

--HG--
branch : dev

src/Orchard.Specs/Users.feature

@@ -260,3 +260,30 @@ Scenario: I should be able to filter users by status
 	Then I should see "<a[^>]*>user1</a>"
 		And I should see "<a[^>]*>user2</a>"
 		And I should see "<a[^>]*>admin</a>"
+@email
+Scenario: I should not be able to add users with invalid email addresses
+    Given I have installed Orchard
+    When I go to "admin/users"
+		And I follow "Add a new user"
+	    And I fill in
+        | name | value |
+        | UserName | user1 |
+        | Email | NotAnEmail |
+        | Password | a12345! |
+        | ConfirmPassword | a12345! |
+        And I hit "Save"
+	Then I should see "You must specify a valid email address."
+@email
+Scenario: I should be able to add users with valid email addresses
+    Given I have installed Orchard
+    When I go to "admin/users"
+		And I follow "Add a new user"
+	    And I fill in
+        | name | value |
+        | UserName | user1 |
+        | Email | user1@domain.com |
+        | Password | a12345! |
+        | ConfirmPassword | a12345! |
+        And I hit "Save"
+		And I am redirected
+	Then I should see "User created"

src/Orchard.Specs/Users.feature.cs

@@ -30,8 +30,8 @@ namespace Orchard.Specs
         public virtual void FeatureSetup()
         {
             testRunner = TechTalk.SpecFlow.TestRunnerManager.GetTestRunner();
-            TechTalk.SpecFlow.FeatureInfo featureInfo = new TechTalk.SpecFlow.FeatureInfo(new System.Globalization.CultureInfo("en-US"), "Users", "In order to prevent users module regressions\nAs a site owner\nI want to create, se" +
-                    "arch and modify user accounts", GenerationTargetLanguage.CSharp, ((string[])(null)));
+            TechTalk.SpecFlow.FeatureInfo featureInfo = new TechTalk.SpecFlow.FeatureInfo(new System.Globalization.CultureInfo("en-US"), "Users", "In order to prevent users module regressions\r\nAs a site owner\r\nI want to create, " +
+                    "search and modify user accounts", GenerationTargetLanguage.CSharp, ((string[])(null)));
             testRunner.OnFeatureStart(featureInfo);
         }
         
@@ -707,6 +707,90 @@ this.ScenarioSetup(scenarioInfo);
   testRunner.And("I should see \"<a[^>]*>user2</a>\"");
 #line 262
   testRunner.And("I should see \"<a[^>]*>admin</a>\"");
+#line hidden
+            testRunner.CollectScenarioErrors();
+        }
+        
+        [NUnit.Framework.TestAttribute()]
+        [NUnit.Framework.DescriptionAttribute("I should not be able to add users with invalid email addresses")]
+        [NUnit.Framework.CategoryAttribute("email")]
+        public virtual void IShouldNotBeAbleToAddUsersWithInvalidEmailAddresses()
+        {
+            TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("I should not be able to add users with invalid email addresses", new string[] {
+                        "email"});
+#line 264
+this.ScenarioSetup(scenarioInfo);
+#line 265
+    testRunner.Given("I have installed Orchard");
+#line 266
+    testRunner.When("I go to \"admin/users\"");
+#line 267
+  testRunner.And("I follow \"Add a new user\"");
+#line hidden
+            TechTalk.SpecFlow.Table table25 = new TechTalk.SpecFlow.Table(new string[] {
+                        "name",
+                        "value"});
+            table25.AddRow(new string[] {
+                        "UserName",
+                        "user1"});
+            table25.AddRow(new string[] {
+                        "Email",
+                        "NotAnEmail"});
+            table25.AddRow(new string[] {
+                        "Password",
+                        "a12345!"});
+            table25.AddRow(new string[] {
+                        "ConfirmPassword",
+                        "a12345!"});
+#line 268
+     testRunner.And("I fill in", ((string)(null)), table25);
+#line 274
+        testRunner.And("I hit \"Save\"");
+#line 275
+ testRunner.Then("I should see \"You must specify a valid email address.\"");
+#line hidden
+            testRunner.CollectScenarioErrors();
+        }
+        
+        [NUnit.Framework.TestAttribute()]
+        [NUnit.Framework.DescriptionAttribute("I should be able to add users with valid email addresses")]
+        [NUnit.Framework.CategoryAttribute("email")]
+        public virtual void IShouldBeAbleToAddUsersWithValidEmailAddresses()
+        {
+            TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("I should be able to add users with valid email addresses", new string[] {
+                        "email"});
+#line 277
+this.ScenarioSetup(scenarioInfo);
+#line 278
+    testRunner.Given("I have installed Orchard");
+#line 279
+    testRunner.When("I go to \"admin/users\"");
+#line 280
+  testRunner.And("I follow \"Add a new user\"");
+#line hidden
+            TechTalk.SpecFlow.Table table26 = new TechTalk.SpecFlow.Table(new string[] {
+                        "name",
+                        "value"});
+            table26.AddRow(new string[] {
+                        "UserName",
+                        "user1"});
+            table26.AddRow(new string[] {
+                        "Email",
+                        "user1@domain.com"});
+            table26.AddRow(new string[] {
+                        "Password",
+                        "a12345!"});
+            table26.AddRow(new string[] {
+                        "ConfirmPassword",
+                        "a12345!"});
+#line 281
+     testRunner.And("I fill in", ((string)(null)), table26);
+#line 287
+        testRunner.And("I hit \"Save\"");
+#line 288
+  testRunner.And("I am redirected");
+#line 289
+ testRunner.Then("I should see \"User created\"");
 #line hidden
             testRunner.CollectScenarioErrors();
         }

src/Orchard.Tests.Modules/Users/Controllers/AccountControllerTests.cs

@@ -154,7 +154,20 @@ namespace Orchard.Tests.Modules.Users.Controllers {
         }
 
         [Test]
-        public void UsersShouldNotBeAbleToRegisterIfInvalidEmail() {
+
+        public void UsersShouldNotBeAbleToRegisterIfInvalidEmail(
+            [Values(
+                @"NotAnEmail", 
+                @"@NotAnEmail",
+                @"""test\blah""@example.com",
+                "\"test\rblah\"@example.com",
+                @"""test""blah""@example.com",
+                @".wooly@example.com",
+                @"wo..oly@example.com",
+                @"pootietang.@example.com",
+                @".@example.com",
+                @"Ima Fool@example.com")]
+            string email) {
 
             var registrationSettings = _container.Resolve<IWorkContextAccessor>().GetContext().CurrentSite.As<RegistrationSettingsPart>();
             registrationSettings.UsersCanRegister = true;
@@ -164,13 +177,29 @@ namespace Orchard.Tests.Modules.Users.Controllers {
             _session.Flush();
 
             _controller.ModelState.Clear();
-            var result = _controller.Register("bar", "notanemailaddress", "66554321", "66554321");
+            var result = _controller.Register("bar", email, "66554321", "66554321");
  
             Assert.That(((ViewResult)result).ViewData.ModelState.Count == 1,"Invalid email address.");
         }
 
         [Test]
-        public void UsersShouldBeAbleToRegisterIfValidEmail() {
+        public void UsersShouldBeAbleToRegisterIfValidEmail(
+            [Values(
+                @"""test\\blah""@example.com",
+                "\"test\\\rblah\"@example.com",
+                @"""test\""blah""@example.com",
+                @"customer/department@example.com",
+                @"$A12345@example.com",
+                @"!def!xyz%abc@example.com",
+                @"_Yosemite.Sam@example.com",
+                @"~@example.com",
+                @"""Austin@Powers""@example.com",
+                @"Ima.Fool@example.com",
+                @"""Ima.Fool""@example.com",
+                @"""Ima Fool""@example.com"
+                )]
+            string email)
+        {
 
             var registrationSettings = _container.Resolve<IWorkContextAccessor>().GetContext().CurrentSite.As<RegistrationSettingsPart>();
             registrationSettings.UsersCanRegister = true;
@@ -180,7 +209,7 @@ namespace Orchard.Tests.Modules.Users.Controllers {
             _session.Flush();
 
             _controller.ModelState.Clear();
-            var result = _controller.Register("bar", "t@t.com", "password", "password");
+            var result = _controller.Register("bar", email, "password", "password");
 
             Assert.That(result, Is.TypeOf<RedirectResult>());
             Assert.That(((RedirectResult)result).Url, Is.EqualTo("~/"));

src/Orchard.Web/Modules/Orchard.Users/Controllers/AccountController.cs

@@ -23,6 +23,7 @@ namespace Orchard.Users.Controllers {
         private readonly IUserService _userService;
         private readonly IOrchardServices _orchardServices;
         
+
         public AccountController(
             IAuthenticationService authenticationService, 
             IMembershipService membershipService,
@@ -320,18 +321,17 @@ namespace Orchard.Users.Controllers {
         private bool ValidateRegistration(string userName, string email, string password, string confirmPassword) {
             bool validate = true;
 
-            Regex isValidEmail = new Regex("^[a-z0-9_\\+-]+(\\.[a-z0-9_\\+-]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*\\.([a-z]{2,4})$");
-
             if (String.IsNullOrEmpty(userName)) {
                 ModelState.AddModelError("username", T("You must specify a username."));
                 validate = false;
             }
+
             if (String.IsNullOrEmpty(email)) {
                 ModelState.AddModelError("email", T("You must specify an email address."));
                 validate = false;
             }
-
-            if (!isValidEmail.IsMatch(email)) {
+            else if (!Regex.IsMatch(email, UserPart.EmailPattern, RegexOptions.IgnoreCase)) {
+                // http://haacked.com/archive/2007/08/21/i-knew-how-to-validate-an-email-address-until-i.aspx    
                 ModelState.AddModelError("email", T("You must specify a valid email address."));
                 validate = false;
             }

src/Orchard.Web/Modules/Orchard.Users/Controllers/AdminController.cs

@@ -1,5 +1,6 @@
 using System.Collections.Generic;
 using System.Linq;
+using System.Text.RegularExpressions;
 using System.Web.Mvc;
 using System.Web.Routing;
 using Orchard.ContentManagement;
@@ -170,6 +171,11 @@ namespace Orchard.Users.Controllers {
                 }
             }
             
+            if (!Regex.IsMatch(createModel.Email ?? "", UserPart.EmailPattern, RegexOptions.IgnoreCase)) {
+                // http://haacked.com/archive/2007/08/21/i-knew-how-to-validate-an-email-address-until-i.aspx    
+                ModelState.AddModelError("Email", T("You must specify a valid email address."));
+            }
+            
             if (createModel.Password != createModel.ConfirmPassword) {
                 AddModelError("ConfirmPassword", T("Password confirmation must match"));
             }
@@ -229,6 +235,10 @@ namespace Orchard.Users.Controllers {
                 if (!_userService.VerifyUserUnicity(id, editModel.UserName, editModel.Email)) {
                     AddModelError("NotUniqueUserName", T("User with that username and/or email already exists."));
                 }
+                else if (!Regex.IsMatch(editModel.Email ?? "", UserPart.EmailPattern, RegexOptions.IgnoreCase)) {
+                    // http://haacked.com/archive/2007/08/21/i-knew-how-to-validate-an-email-address-until-i.aspx    
+                    ModelState.AddModelError("Email", T("You must specify a valid email address."));
+                }
                 else {
                     // also update the Super user if this is the renamed account
                     if (String.Equals(Services.WorkContext.CurrentSite.SuperUser, previousName, StringComparison.OrdinalIgnoreCase)) {

src/Orchard.Web/Modules/Orchard.Users/Models/UserPart.cs

@@ -3,6 +3,8 @@ using Orchard.Security;
 
 namespace Orchard.Users.Models {
     public sealed class UserPart : ContentPart<UserPartRecord>, IUser {
+        public const string EmailPattern = @"^(?!\.)(""([^""\r\\]|\\[""\r\\])*""|([-a-z0-9!#$%&'*+/=?^_`{|}~]|(?<!\.)\.)*)(?<!\.)@[a-z0-9][\w\.-]*[a-z0-9]\.[a-z][a-z\.]*[a-z]$";
+
         public string UserName {
             get { return Record.UserName; }
             set { Record.UserName = value; }

src/Orchard.Web/Modules/Orchard.Users/ViewModels/UserCreateViewModel.cs

@@ -1,5 +1,6 @@
 using System.ComponentModel.DataAnnotations;
 using Orchard.ContentManagement;
+using Orchard.Users.Models;
 
 namespace Orchard.Users.ViewModels {
     public class UserCreateViewModel  {
@@ -7,7 +8,6 @@ namespace Orchard.Users.ViewModels {
         public string UserName { get; set; }
 
         [Required, DataType(DataType.EmailAddress)]
-        [RegularExpression("^[a-z0-9_\\+-]+(\\.[a-z0-9_\\+-]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*\\.([a-z]{2,4})$")]
         public string Email { get; set; }
 
         [Required, DataType(DataType.Password)]

src/Orchard.Web/Modules/Orchard.Users/ViewModels/UserEditViewModel.cs

@@ -11,7 +11,6 @@ namespace Orchard.Users.ViewModels {
         }
 
         [Required]
-        [RegularExpression("^[a-z0-9_\\+-]+(\\.[a-z0-9_\\+-]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*\\.([a-z]{2,4})$")]
         public string Email {
             get { return User.As<UserPart>().Record.Email; }
             set { User.As<UserPart>().Record.Email = value; }