From 57e6e33c22c4e5e8390d2e3c766a0888c6c84fc7 Mon Sep 17 00:00:00 2001
From: Radko Krkos <krkos@cesnet.cz>
Date: Fri, 3 Aug 2018 17:01:21 +0200
Subject: [PATCH] Server: Fix requestor e-mail validation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* No longer silently accept pattern 'a@b@c', otherwise stay compatibile.
* Valid patterns are: 'user@fqdn', '<user@fqdn>', 'user <user@fqdn>',
'user surname <user@fqdn>', no Unicode support, multiple e-mails
separated by comma are allowed.
* Replace email.utils.parseaddr() with extended regular expression.
* Remove import email.utils as no other users exist.
Signed-off-by: Pavel Kácha <ph@cesnet.cz>
---
warden3/warden_server/warden_server.py | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
mode change 100644 => 100755 warden3/warden_server/warden_server.py
diff --git a/warden3/warden_server/warden_server.py b/warden3/warden_server/warden_server.py
old mode 100644
new mode 100755
index 5b78c3d..d111eb3
--- a/warden3/warden_server/warden_server.py
+++ b/warden3/warden_server/warden_server.py
@@ -14,7 +14,6 @@ import logging
import logging.handlers
import json
import re
-import email.utils
from traceback import format_tb
from collections import namedtuple
from time import sleep
@@ -1466,9 +1465,8 @@ def modify_client(**kwargs):
return allowed.match(nsid)
def isValidEmail(mail):
- mails = (email.utils.parseaddr(m) for m in mail.split(","))
- allowed = re.compile(r"^[a-zA-Z0-9_.%!+-]+@[a-zA-Z0-9-.]+$") # just basic check
- valid = (allowed.match(ms[1]) for ms in mails)
+ allowed = re.compile(r"(^[a-zA-Z0-9_ .%!+-]*(?=<.*>))?(^|(<(?=.*(>))))[a-zA-Z0-9_.%!+-]+@[a-zA-Z0-9-.]+\4?$") # just basic check
+ valid = (allowed.match(ms.strip())for ms in mail.split(','))
return all(valid)
def isValidID(id):
--
GitLab