Merge pull request #723 from GeorgKott/fix_nothing_personal_validator…

…_error fix: nothing personal validator error with bad email value
codeigniter4 · May 2, 2023 · 1225c80 · 1225c80
2 parents 0ceb817 + 57f35b9
commit 1225c80
Show file tree

Hide file tree

Showing 3 changed files with 64 additions and 4 deletions.
diff --git a/src/Authentication/Passwords/NothingPersonalValidator.php b/src/Authentication/Passwords/NothingPersonalValidator.php
@@ -72,10 +72,15 @@ protected function isNotPersonal(string $password, ?User $user): bool
             $needles = $this->strip_explode($userName);
 
             // extract local-part and domain parts from email as separate needles
-            [
-                $localPart,
-                $domain,
-            ] = explode('@', $email);
+            if (str_contains($email, '@')) {
+                [
+                    $localPart,
+                    $domain,
+                ] = explode('@', $email);
+            } else {
+                $localPart = $email;
+                $domain    = null;
+            }
             // might be john.doe@example.com and we want all the needles we can get
             $emailParts = $this->strip_explode($localPart);
             if (! empty($domain)) {

diff --git a/tests/Controllers/RegisterTest.php b/tests/Controllers/RegisterTest.php
@@ -294,6 +294,24 @@ public function testRegisterActionRedirectsIfLoggedIn(): void
         $result->assertRedirectTo(config('Auth')->registerRedirect());
     }
 
+    public function testRegisterActionWithBadEmailValue(): void
+    {
+        $result = $this->withSession()->post('/register', [
+            'username'         => 'JohnDoe',
+            'email'            => 'john.doe',
+            'password'         => '123456789aa',
+            'password_confirm' => '123456789aa',
+        ]);
+
+        $result->assertStatus(302);
+        $result->assertRedirect();
+        $result->assertSessionMissing('error');
+        $result->assertSessionHas(
+            'errors',
+            ['email' => 'The Email Address field must contain a valid email address.']
+        );
+    }
+
     protected function setupConfig(): void
     {
         $config             = config('Validation');

diff --git a/tests/Unit/NothingPersonalValidatorTest.php b/tests/Unit/NothingPersonalValidatorTest.php
@@ -287,4 +287,41 @@ public static function maxSimilarityProvider()
             ],
         ];
     }
+
+    /**
+     * @dataProvider badEmailsProvider
+     */
+    public function testCheckPasswordWithBadEmail(string $email, bool $expected): void
+    {
+        $config          = new Auth();
+        $this->validator = new NothingPersonalValidator($config);
+
+        $user = new User([
+            'username' => 'CaptainJoe',
+            'email'    => $email,
+        ]);
+
+        $password = '123456789a';
+
+        $result = $this->validator->check($password, $user);
+
+        $this->assertSame($expected, $result->isOK());
+    }
+
+    public static function badEmailsProvider()
+    {
+        return [
+            [
+                'test',
+                true,
+            ], [
+                'test@example',
+                true,
+            ],
+            [
+                'test@example.com',
+                true,
+            ],
+        ];
+    }
 }