Verify emails when creating an email connector, even if allowedDomain… #133859
Conversation
…s is not provided.
ersin-erdal
added
release_note:fix
Team:ResponseOps
|
Pinging @elastic/response-ops (Team:ResponseOps) |
|
It would be awesome if that validator could be added to the form lib field validators. Do you only need it to validate fields? We'd expose a new email validator from: And your current function would live in: WDYT? |
|
Hi @sebelga |
As Ersin notes, we have some shared logic between client and server, so it could get a little messy, but generally, +1. Note that I'm not sure we use email addresses in any other forms, though it's easy enough to imagine this could be the case - for instance, some auth scheme of a connector that specifically requires an email address as the userid. So, probably not in a big hurry for this. Can we get an issue opened up for this? |
There was a problem hiding this comment.
This PR does seem to do the correct validation, server side, but the originating issue mentioned client-side checks (red boxes). For example, if I have xpack.actions.email.domain_allowlist: ['elastic.co'], I'm able to enter in bad@x as the from when creating a connector, and I get a toast on saving that says error validating action type config: [from]: not allowed emails: bad@x - but really I should get the red box error highlighting.
Or is that not possible?
I noticed this was true for some of the other cases, like adding an invalid domain on a to in an alert action - save failed, but should have had the red error outline, but it didn't.
…email-validation
i just checked that and it didn't allow me to enter |
…3342-email-validation
|
Or i can simply add the following check but wonder if there is a reason behind |
Yes no hurry for this, if we have an issue to track it it's enough. I just thought that more folks in the future might need to validate email fields in their form and get the validator for free :) Cheers |
|
I think I may have been testing with some bad env (changed the config, server restarted, but didn't reload the browser). I can now see the red error when I used an allow list and enter a valid but not allowed email in the sender. I tried the other case I mentioned, and can see the read error in the UX, so guessing this was all my fault for not testing this correctly :-( And I'm thinking yup, bad@x is a valid email :-)$ node
Welcome to Node.js v16.14.2.
Type ".help" for more information.
> em = require('email-addresses')
[Function: parse5322] {
parseOneAddress: [Function: parseOneAddressSimple],
parseAddressList: [Function: parseAddressListSimple],
parseFrom: [Function: parseFromSimple],
parseSender: [Function: parseSenderSimple],
parseReplyTo: [Function: parseReplyToSimple]
}
> em.parseOneAddress('bad@x')
{
parts: {
name: null,
address: {
name: 'addr-spec',
tokens: 'bad@x',
semantic: 'bad@x',
children: [Array]
},
local: {
name: 'local-part',
tokens: 'bad',
semantic: 'bad',
children: [Array]
},
domain: { name: 'domain', tokens: 'x', semantic: 'x', children: [Array] },
comments: []
},
type: 'mailbox',
name: null,
address: 'bad@x',
local: 'bad',
domain: 'x',
comments: '',
groupName: null
} |
💛 Build succeeded, but was flakyFailed CI StepsTest Failures
Metrics [docs]Page load bundle
History
To update your PR or re-run it, just comment with: |
fixes: #133342
We were skipping email address validation on email connector creation UI.
With this PR, email addresses are always validated agains a basic email address template and against allowedDomains list if it is provided.