PDJB-904: align notify and app email validation (#1351)

Author: TomHanmer29

src/main/kotlin/uk/gov/communities/prsdb/webapp/validation/EmailConstraintValidator.kt

@@ -1,9 +1,51 @@
 package uk.gov.communities.prsdb.webapp.validation
 
-import org.hibernate.validator.internal.constraintvalidators.bv.EmailValidator
+import java.net.IDN
 
 open class EmailConstraintValidator : PropertyConstraintValidator {
-    override fun isValid(value: Any?): Boolean = EmailValidator().isValid(value as? CharSequence, null)
+    companion object {
+        private const val VALID_LOCAL_CHARS = """a-zA-Z0-9.!#$%&'*+/=?^_`{|}~\-"""
+        private val EMAIL_REGEX = Regex("^[$VALID_LOCAL_CHARS]+@([^.@][^@\\s]+)$")
+        private val HOSTNAME_PART_REGEX = Regex("^(xn|[a-z0-9]+)(-?-[a-z0-9]+)*$", RegexOption.IGNORE_CASE)
+        private val TLD_PART_REGEX = Regex("^([a-z]{2,63}|xn--([a-z0-9]+-)*[a-z0-9]+)$", RegexOption.IGNORE_CASE)
+        private const val MAX_EMAIL_LENGTH = 320
+        private const val MAX_HOSTNAME_LENGTH = 253
+        private const val MAX_HOSTNAME_PART_LENGTH = 63
+    }
+
+    // More or less a copy of
+    // https://github.com/alphagov/notifications-utils/blob/995faf0d925f7e95ecac6ecec383b1d162b2eceb/notifications_utils/recipient_validation/email_address.py
+    // From Notify
+    override fun isValid(value: Any?): Boolean {
+        val email = (value as? CharSequence)?.toString() ?: return false
+        if (email.isBlank()) return false
+
+        val match = EMAIL_REGEX.matchEntire(email) ?: return false
+
+        if (email.length > MAX_EMAIL_LENGTH) return false
+
+        if (".." in email) return false
+
+        val hostname =
+            try {
+                IDN.toASCII(match.groupValues[1])
+            } catch (_: IllegalArgumentException) {
+                return false
+            }
+
+        if (hostname.length > MAX_HOSTNAME_LENGTH) return false
+
+        val parts = hostname.split(".")
+        if (parts.size < 2) return false
+
+        for (part in parts) {
+            if (part.isEmpty() || part.length > MAX_HOSTNAME_PART_LENGTH || !HOSTNAME_PART_REGEX.matches(part)) {
+                return false
+            }
+        }
+
+        return TLD_PART_REGEX.matches(parts.last())
+    }
 }
 
 class OptionalEmailConstraintValidator : EmailConstraintValidator() {

src/main/kotlin/uk/gov/communities/prsdb/webapp/validation/IsValidPrioritisedValidator.kt

@@ -15,13 +15,13 @@ import kotlin.reflect.full.valueParameters
  * Searches for all properties on the class of the instance which have @ValidatedBy annotations (or annotations
  * that are themselves annotated with @ValidatedBy, i.e. composed annotations), then checks each of the
  * constraints in order; if one fails, the message key for that constraint is added to the field and the
- * validator moves on to the next @ValidatedBy annotation.
+ * validator moves on to the next property.
  *
  * Composed annotations are supported: an annotation A can itself be annotated with @ValidatedBy (or with
  * another composed annotation), and placing A on a property will include those constraints. All @ValidatedBy
- * annotations are discovered via depth-first traversal following annotation declaration order, so the order
- * in which constraints are checked matches the order in which annotations (and their meta-annotations) are
- * declared.
+ * annotations are discovered via depth-first traversal following annotation declaration order. Only one
+ * violation is produced per property: the first failing constraint stops evaluation of remaining constraints
+ * for that property.
  */
 class IsValidPrioritisedValidator : ConstraintValidator<IsValidPrioritised, Any> {
     override fun isValid(
@@ -32,6 +32,7 @@ class IsValidPrioritisedValidator : ConstraintValidator<IsValidPrioritised, Any>
 
         for (property in instance!!::class.memberProperties) {
             for (validatedBy in property.getValidatedByAnnotations()) {
+                var propertyHasViolation = false
                 for (constraint in validatedBy.constraints) {
                     val validationPassed =
                         when {
@@ -59,9 +60,11 @@ class IsValidPrioritisedValidator : ConstraintValidator<IsValidPrioritised, Any>
                         }
                     if (!validationPassed) {
                         isValid = false
+                        propertyHasViolation = true
                         break
                     }
                 }
+                if (propertyHasViolation) break
             }
         }
 

src/test/kotlin/uk/gov/communities/prsdb/webapp/validation/EmailConstraintValidatorTests.kt

@@ -0,0 +1,103 @@
+package uk.gov.communities.prsdb.webapp.validation
+
+import org.junit.jupiter.api.Named
+import org.junit.jupiter.api.Nested
+import org.junit.jupiter.api.Test
+import org.junit.jupiter.params.ParameterizedTest
+import org.junit.jupiter.params.provider.MethodSource
+import kotlin.test.assertFalse
+import kotlin.test.assertTrue
+
+class EmailConstraintValidatorTests {
+    companion object {
+        @JvmStatic
+        fun provideValidEmails() =
+            arrayOf(
+                Named.of("simple address", "test@example.com"),
+                Named.of("with dots in local part", "first.last@example.com"),
+                Named.of("with plus in local part", "user+tag@example.com"),
+                Named.of("with hyphen in domain", "user@my-domain.com"),
+                Named.of("with subdomain", "user@mail.example.com"),
+                Named.of("with apostrophe in local part", "firstname-o'surname@domain.com"),
+                Named.of("with special chars in local part", "user!#\$%&'*+/=?^_`{|}~@example.com"),
+                Named.of("single char local part", "a@example.com"),
+                Named.of("numeric local part", "123@example.com"),
+                Named.of("long TLD", "user@example.museum"),
+                Named.of("two letter TLD", "user@example.uk"),
+            )
+
+        @JvmStatic
+        fun provideInvalidEmails() =
+            arrayOf(
+                Named.of("null value", null),
+                Named.of("miscellaneous whitespace", " \u180e \u200b"),
+                Named.of("empty string", ""),
+                Named.of("no @ sign", "userexample.com"),
+                Named.of("no domain", "user@"),
+                Named.of("no local part", "@example.com"),
+                Named.of("consecutive dots in local part", "user..name@example.com"),
+                Named.of("consecutive dots in domain", "user@example..com"),
+                Named.of("domain starts with dot", "user@.example.com"),
+                Named.of("no TLD", "user@localhost"),
+                Named.of("space in address", "user @example.com"),
+                Named.of("obscure whitespace in address", "user\u180e@example.com"),
+                Named.of("double quote in local part", "user\"name@example.com"),
+                Named.of("semicolon in local part", "user;name@example.com"),
+                Named.of("single letter TLD", "user@example.a"),
+                Named.of("numeric TLD", "user@example.123"),
+                Named.of("multiple @ signs", "user@@example.com"),
+                Named.of("domain part over 63 chars", "user@${"a".repeat(64)}.com"),
+            )
+    }
+
+    @ParameterizedTest(name = "{0}")
+    @MethodSource("provideValidEmails")
+    fun `isValid returns true for valid email with`(input: String) {
+        assertTrue(EmailConstraintValidator().isValid(input))
+    }
+
+    @ParameterizedTest(name = "{0}")
+    @MethodSource("provideInvalidEmails")
+    fun `isValid returns false for invalid email with`(input: String?) {
+        assertFalse(EmailConstraintValidator().isValid(input))
+    }
+
+    @Test
+    fun `isValid returns false for email longer than 320 characters`() {
+        val longLocal = "a".repeat(310)
+        val email = "$longLocal@example.com"
+        assertTrue(email.length > 320)
+        assertFalse(EmailConstraintValidator().isValid(email))
+    }
+
+    @Test
+    fun `isValid returns false for hostname longer than 253 characters`() {
+        val longHostname = (1..42).joinToString(".") { "abcde" }
+        val email = "user@$longHostname.com"
+        assertFalse(EmailConstraintValidator().isValid(email))
+    }
+
+    @Nested
+    inner class OptionalEmailConstraintValidatorTests {
+        @Test
+        fun `isValid returns true for null`() {
+            assertTrue(OptionalEmailConstraintValidator().isValid(null))
+        }
+
+        @Test
+        fun `isValid returns true for blank string`() {
+            assertTrue(OptionalEmailConstraintValidator().isValid(""))
+            assertTrue(OptionalEmailConstraintValidator().isValid("   "))
+        }
+
+        @Test
+        fun `isValid returns true for valid email`() {
+            assertTrue(OptionalEmailConstraintValidator().isValid("user@example.com"))
+        }
+
+        @Test
+        fun `isValid returns false for invalid email`() {
+            assertFalse(OptionalEmailConstraintValidator().isValid("not-an-email"))
+        }
+    }
+}

src/test/kotlin/uk/gov/communities/prsdb/webapp/validation/IsValidPrioritisedValidatorTest.kt

@@ -16,14 +16,14 @@ import org.junit.jupiter.api.assertThrows
 @Retention(AnnotationRetention.RUNTIME)
 @ValidatedBy(
     constraints = [
-        ConstraintDescriptor(validatorType = NotBlankConstraintValidator::class, messageKey = "notblank"),
+        ConstraintDescriptor(validatorType = LengthConstraintValidator::class, validatorArgs = ["0", "7"], messageKey = "toolong"),
     ],
 )
-annotation class SharedNotBlankValidation
+annotation class SharedMaxLengthValidation
 
 @Target(AnnotationTarget.PROPERTY, AnnotationTarget.ANNOTATION_CLASS)
 @Retention(AnnotationRetention.RUNTIME)
-@SharedNotBlankValidation
+@SharedMaxLengthValidation
 @ValidatedBy(
     constraints = [
         ConstraintDescriptor(validatorType = EmailConstraintValidator::class, messageKey = "notemail"),
@@ -128,28 +128,28 @@ class IsValidPrioritisedValidatorTest {
     inner class ComposedAnnotationConstraintPropertyTests {
         @Test
         fun `no violations for object with satisfied constraints from composed annotations`() {
-            val instance = ComposedAnnotationConstraintProperty("test@example.com")
+            val instance = ComposedAnnotationConstraintProperty("a@b.com")
 
             val violations = validator.validate(instance)
 
             assertTrue(violations.isEmpty())
         }
 
         @Test
-        fun `first violation comes from constraints earlier in declaration order, even via composed annotations`() {
-            val instance = ComposedAnnotationConstraintProperty("")
+        fun `violation comes from constraints earlier in declaration order, even via composed annotations`() {
+            val instance = ComposedAnnotationConstraintProperty("toolongAndNotAnEmail")
 
             val violations = validator.validate(instance)
 
             assertEquals(1, violations.size)
             val violation = violations.first()
-            assertEquals("notblank", violation.messageTemplate)
+            assertEquals("toolong", violation.messageTemplate)
             assertEquals("email", violation.propertyPath.toString())
         }
 
         @Test
-        fun `later violation comes from constraints later in declaration order when earlier ones pass`() {
-            val instance = ComposedAnnotationConstraintProperty("not an email")
+        fun `violation comes from constraints later in declaration order when earlier ones pass`() {
+            val instance = ComposedAnnotationConstraintProperty("short")
 
             val violations = validator.validate(instance)