From 59ebff24d93d32aeface0d5874f326f2539467da Mon Sep 17 00:00:00 2001
From: Sam Chatfield <samuel.chatfield@digital.homeoffice.gov.uk>
Date: Fri, 1 Nov 2024 10:16:42 +0000
Subject: [PATCH] Make email validator stricter

Blocks leading, trailing and consecutive dots in the local part of the email.

Also add more test cases.
---
 lib/validation/validators.js       |  2 +-
 test/validation/spec.validators.js | 36 +++++++++++++++++++++++++++++-
 2 files changed, 36 insertions(+), 2 deletions(-)

diff --git a/lib/validation/validators.js b/lib/validation/validators.js
index 9330b5a..95a01b5 100644
--- a/lib/validation/validators.js
+++ b/lib/validation/validators.js
@@ -23,7 +23,7 @@ let validators = {
     },
 
     email(value) {
-        return value === '' || validators.regex(value, /^[a-z0-9._%+-]+@([a-z0-9]+([a-z0-9-]*[a-z0-9]+)?\.)+[a-z]{2,6}$/i);
+        return value === '' || validators.regex(value, /^(?!.*\.\.)[a-z0-9_%+-](?:[a-z0-9._%+-]*[a-z0-9_%+-])?@([a-z0-9]+([a-z0-9-]*[a-z0-9]+)?\.)+[a-z]{2,6}$/i);
     },
 
     minlength(value, length) {
diff --git a/test/validation/spec.validators.js b/test/validation/spec.validators.js
index fb7565c..be253a5 100644
--- a/test/validation/spec.validators.js
+++ b/test/validation/spec.validators.js
@@ -64,15 +64,46 @@ describe('validators', () => {
                 null,
                 'asdf.com',
                 'asdf.',
+                '.asdf',
+                '.asdf.',
                 'asdf@com.',
+                'asdf@.com',
                 'asdf@.com.',
+                '@com',
                 '@.com',
                 '@com.',
+                '@.com.',
+                '@example.com',
                 'test.com@',
                 'test@test@test.com',
+                'test@@test.com',
+                '.test@example.com',
+                'test.@example.com',
+                '.test.@example.com',
+                'user..name@example.com',
                 'test@.example.com',
+                'test@example.com.',
+                'test@.example.com.',
+                'test@example..com',
+                'test@exa mple.com',
+                'te st@example.com',
+                'test@x',
+                'test@example.x',
+                'test@somewhere',
+                'test@example.somewhere',
                 'test@example-.com',
-                'test@-.com'
+                'test@-.com',
+                'test@example,com',
+                'test@example com',
+                '<test>@example.com',
+                'user,name@example.com',
+                'user`name@example.com',
+                'user\'name@example.com',
+                ' test@example.com',
+                'test @example.com',
+                'test@example.com ',
+                'test!#$%&\'*+/=?^_`{|}~@example.com',
+                'test@example.com<'
             ];
             _.each(inputs, i => {
                 it(testName(i), () => {
@@ -86,6 +117,9 @@ describe('validators', () => {
                 '',
                 't@i.co',
                 'test@example.com',
+                '_@example.com',
+                '_%+-test@example.com',
+                'test-+%_@example.com',
                 'test+suffix@gmail.com',
                 'test+suffix@digital.cabinet-office.gov.uk',
                 'test.suffix@digital.cabinet-office.gov.uk',