fix: validate email format and add defensive mailer checks

- Add email format validation to Member model (conditional on can_log_in)
- Add defensive validation in EmailHeaderHelper with warning logs
- Add tests for email format validation
- Add tests for EmailHeaderHelper#mail_args

The SMTP error was caused by invalid email addresses in the database.
Member 2413 had 'emmalepinay.yahoo.com' (missing @) causing 501 errors.

Resolves the root cause at three layers:
1. Database cleanup (set NULL for bad emails)
2. Member model validation (reject invalid at registration)
3. Mailer defense (skip invalid with log warning)

Author: mroderick

app/helpers/email_header_helper.rb

@@ -1,11 +1,22 @@
 module EmailHeaderHelper
+  EMAIL_REGEX = /\A[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}\z/
+
   private
 
   def mail_args(member, subject, from_email = 'meetings@codebar.io', cc = '', bcc = '')
+    return nil if invalid_email?(member.email, member.id)
+
     { from: "codebar.io <#{from_email}>",
       to: member.email,
       cc: cc,
       bcc: bcc,
       subject: subject }
   end
+
+  def invalid_email?(email, member_id)
+    return false if email.present? && email.match?(EMAIL_REGEX)
+
+    Rails.logger.warn("[EmailHeaderHelper] Invalid email for member_id=#{member_id}: #{email}")
+    true
+  end
 end

app/models/member.rb

@@ -23,9 +23,12 @@ class Member < ApplicationRecord
   has_many :announcements, -> { distinct }, through: :groups
   has_many :meeting_invitations
 
+  EMAIL_REGEX = /\A[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}\z/
+
   validates :auth_services, presence: true
   validates :name, :surname, :email, :about_you, presence: true, if: :can_log_in?
   validates :email, uniqueness: true
+  validates :email, format: { with: EMAIL_REGEX }, if: :can_log_in?
   validates :about_you, length: { maximum: 255 }
 
   DIETARY_RESTRICTIONS = %w[vegan vegetarian pescetarian halal gluten_free dairy_free other].freeze

spec/helpers/email_header_helper_spec.rb

@@ -0,0 +1,65 @@
+RSpec.describe EmailHeaderHelper do
+  subject do
+    Class.new do
+      include EmailHeaderHelper
+      public :mail_args
+    end.new
+  end
+
+  describe '#mail_args' do
+    let(:member) { Struct.new(:id, :email).new(1, 'test@example.com') }
+
+    it 'returns mail arguments for valid email' do
+      result = subject.mail_args(member, 'Test Subject')
+      expect(result[:to]).to eq('test@example.com')
+      expect(result[:subject]).to eq('Test Subject')
+    end
+
+    it 'returns nil for nil email' do
+      member = Struct.new(:id, :email).new(1, nil)
+      result = subject.mail_args(member, 'Test Subject')
+      expect(result).to be_nil
+    end
+
+    it 'returns nil for blank email' do
+      member = Struct.new(:id, :email).new(1, '')
+      result = subject.mail_args(member, 'Test Subject')
+      expect(result).to be_nil
+    end
+
+    it 'returns nil for invalid email format' do
+      member = Struct.new(:id, :email).new(1, 'invalid-email')
+      result = subject.mail_args(member, 'Test Subject')
+      expect(result).to be_nil
+    end
+
+    it 'returns nil for email missing @ symbol' do
+      member = Struct.new(:id, :email).new(1, 'invalidexample.com')
+      result = subject.mail_args(member, 'Test Subject')
+      expect(result).to be_nil
+    end
+
+    it 'returns nil for email missing TLD' do
+      member = Struct.new(:id, :email).new(1, 'invalid@example')
+      result = subject.mail_args(member, 'Test Subject')
+      expect(result).to be_nil
+    end
+
+    it 'returns mail arguments for valid email with plus addressing' do
+      member = Struct.new(:id, :email).new(1, 'user+tag@example.com')
+      result = subject.mail_args(member, 'Test Subject')
+      expect(result[:to]).to eq('user+tag@example.com')
+    end
+
+    it 'includes from email when provided' do
+      result = subject.mail_args(member, 'Test Subject', 'custom@codebar.io')
+      expect(result[:from]).to eq('codebar.io <custom@codebar.io>')
+    end
+
+    it 'includes cc and bcc when provided' do
+      result = subject.mail_args(member, 'Test Subject', 'from@codebar.io', 'cc@codebar.io', 'bcc@codebar.io')
+      expect(result[:cc]).to eq('cc@codebar.io')
+      expect(result[:bcc]).to eq('bcc@codebar.io')
+    end
+  end
+end

spec/models/member_spec.rb

@@ -14,6 +14,37 @@
         it { expect(member).to validate_presence_of(:surname) }
         it { expect(member).to validate_presence_of(:email) }
         it { expect(member).to validate_presence_of(:about_you) }
+
+        it 'accepts valid email format' do
+          member.email = 'valid@example.com'
+          expect(member).to be_valid
+        end
+
+        it 'rejects invalid email format' do
+          member.email = 'invalid-email'
+          expect(member).not_to be_valid
+          expect(member.errors[:email]).to include('is invalid')
+        end
+
+        it 'rejects email missing @ symbol' do
+          member.email = 'invalidexample.com'
+          expect(member).not_to be_valid
+        end
+
+        it 'rejects email missing TLD' do
+          member.email = 'invalid@example'
+          expect(member).not_to be_valid
+        end
+
+        it 'accepts email with valid subdomains' do
+          member.email = 'user@mail.example.com'
+          expect(member).to be_valid
+        end
+
+        it 'accepts email with plus addressing' do
+          member.email = 'user+tag@example.com'
+          expect(member).to be_valid
+        end
       end
     end