Handles invalid unicode in email fields

Author: jbarnsley10

src/server/plugins/engine/components/EmailAddressField.ts

@@ -1,5 +1,8 @@
-import { type EmailAddressFieldComponent } from '@defra/forms-model'
-import joi from 'joi'
+import {
+  preventUnicodeInEmail,
+  type EmailAddressFieldComponent
+} from '@defra/forms-model'
+import joi, { type CustomHelpers } from 'joi'
 
 import { FormComponent } from '~/src/server/plugins/engine/components/FormComponent.js'
 import { messageTemplate } from '~/src/server/plugins/engine/pageControllers/validationOptions.js'
@@ -20,7 +23,15 @@ export class EmailAddressField extends FormComponent {
 
     const { options } = def
 
-    let formSchema = joi.string().email().trim().label(this.label).required()
+    let formSchema = joi
+      .string()
+      .email()
+      .trim()
+      .custom((value, helpers: CustomHelpers<string>) =>
+        preventUnicodeInEmail(value, helpers)
+      )
+      .label(this.label)
+      .required()
 
     if (options.required === false) {
       formSchema = formSchema.allow('')
@@ -69,7 +80,8 @@ export class EmailAddressField extends FormComponent {
     return {
       baseErrors: [
         { type: 'required', template: messageTemplate.required },
-        { type: 'format', template: messageTemplate.format }
+        { type: 'format', template: messageTemplate.format },
+        { type: 'unicode', template: messageTemplate.unicode }
       ],
       advancedSettingsErrors: []
     }

src/server/plugins/engine/pageControllers/helpers/state.ts

@@ -1,5 +1,4 @@
 import { ControllerType, getHiddenFields } from '@defra/forms-model'
-import { validate as isValidUUID } from 'uuid'
 
 import { getCacheService } from '~/src/server/plugins/engine/helpers.js'
 import {
@@ -16,6 +15,7 @@ import {
 } from '~/src/server/plugins/engine/types.js'
 import { type FormQuery } from '~/src/server/routes/types.js'
 import { type Services } from '~/src/server/types.js'
+import { isValidUUID } from '~/src/server/utils/utils.js'
 
 const GUID_LENGTH = 36
 

src/server/plugins/engine/pageControllers/validationOptions.ts

@@ -44,6 +44,7 @@ export const messageTemplate: Record<string, JoiExpression> = {
     'Enter {{lowerFirst(#label)}} in the correct format',
     opts
   ) as JoiExpression,
+  unicode: '{{#label}} includes invalid characters, for example, long dashes',
   number: '{{#label}} must be a number',
   numberPrecision: '{{#label}} must have {{#limit}} or fewer decimal places',
   numberInteger: '{{#label}} must be a whole number',
@@ -69,6 +70,7 @@ export const messages: LanguageMessagesExt = {
   'string.empty': messageTemplate.required,
   'string.max': messageTemplate.max,
   'string.email': messageTemplate.format,
+  'string.unicode': messageTemplate.unicode,
   'string.pattern.base': messageTemplate.pattern,
   'string.maxWords': messageTemplate.maxWords,
 

src/server/utils/utils.js

@@ -1,4 +1,5 @@
 import { getTraceId } from '@defra/hapi-tracing'
+import Joi from 'joi'
 
 import { config } from '~/src/config/index.js'
 
@@ -22,3 +23,13 @@ export function applyTraceHeaders(
 
   return existingHeaders ? Object.assign(existingHeaders, headers) : headers
 }
+
+/**
+ * Validates if a string conforms to the uuid structure
+ * @param {string} str
+ * @returns
+ */
+export function isValidUUID(str) {
+  const { error } = Joi.string().uuid().validate(str)
+  return error === undefined
+}

src/server/utils/utils.test.js

@@ -1,7 +1,7 @@
 import { getTraceId } from '@defra/hapi-tracing'
 
 import { config } from '~/src/config/index.js'
-import { applyTraceHeaders } from '~/src/server/utils/utils.js'
+import { applyTraceHeaders, isValidUUID } from '~/src/server/utils/utils.js'
 
 jest.mock('@defra/hapi-tracing')
 
@@ -51,4 +51,19 @@ describe('Header helper functions', () => {
 
     expect(result).toBe(existingHeaders)
   })
+
+  it.each([
+    { uuid: '1f457a37-7b99-452e-8324-df9e041abff2', valid: true },
+    { uuid: '0c9a2690-9a0c-4a2c-98d7-e9ef95615ac9', valid: true },
+    { uuid: 'f223de3b-5ae5-44b2-8cee-ea8439adc335', valid: true },
+    { uuid: '82ecc90c-bc47-4ec5-80af-1a9fc1c4c08c', valid: true },
+    { uuid: 'd99ff582-ecce-474f-a44b-bc5961d977c5', valid: true },
+    { uuid: '7afffc8a-81ab-4aa6-a8f5-ecf6a600a781', valid: true },
+    { uuid: '7afffc8a81ab4aa6a8f5ecf6a600a781', valid: true },
+    { uuid: '', valid: false },
+    { uuid: 'uuid', valid: false },
+    { uuid: 'h4f84ef8-b5e1-4544-94aa-1b671d50d8cb', valid: false }
+  ])('should validate uuid appropriately %s', ({ uuid, valid }) => {
+    expect(isValidUUID(uuid)).toBe(valid)
+  })
 })