Server: Fix requestor e-mail validation

* No longer silently accept pattern 'a@b@c', otherwise stay compatibile. * Valid patterns are: 'user@fqdn', '<user@fqdn>', 'user <user@fqdn>', 'user surname <user@fqdn>', no Unicode support, multiple e-mails separated by comma are allowed. * Replace email.utils.parseaddr() with extended regular expression. * Remove import email.utils as no other users exist. Signed-off-by: Pavel Kácha <ph@cesnet.cz>

Server: Fix requestor e-mail validation
57e6e33c · Radko Krkoš · Pavel Kácha · 736be875 · 57e6e33c
Commit 57e6e33c authored Aug 3, 2018 by Radko Krkoš Committed by Pavel Kácha Aug 9, 2018
--- a/warden3/warden_server/warden_server.py
+++ b/warden3/warden_server/warden_server.py
@@ -14,7 +14,6 @@ import logging
 import logging.handlers
 import json
 import re
-import email.utils
 from traceback import format_tb
 from collections import namedtuple
 from time import sleep
@@ -1466,9 +1465,8 @@ def modify_client(**kwargs):
        return allowed.match(nsid)

    def isValidEmail(mail):
-        mails = (email.utils.parseaddr(m) for m in mail.split(","))
-        allowed = re.compile(r"^[a-zA-Z0-9_.%!+-]+@[a-zA-Z0-9-.]+$")  # just basic check
-        valid = (allowed.match(ms[1]) for ms in mails)
+        allowed = re.compile(r"(^[a-zA-Z0-9_ .%!+-]*(?=<.*>))?(^|(<(?=.*(>))))[a-zA-Z0-9_.%!+-]+@[a-zA-Z0-9-.]+\4?$")   # just basic check
+        valid = (allowed.match(ms.strip())for ms in mail.split(','))
        return all(valid)

    def isValidID(id):