New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Verify emails when creating an email connector, even if allowedDomain… #133859
Verify emails when creating an email connector, even if allowedDomain… #133859
Conversation
…s is not provided.
Pinging @elastic/response-ops (Team:ResponseOps) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! Verified I see validation error when email is invalid but allowedDomains is not set, on all From/To/CC/BCC fields.
It would be awesome if that validator could be added to the form lib field validators. Do you only need it to validate fields? We'd expose a new email validator from: And your current function would live in: WDYT? |
Hi @sebelga |
As Ersin notes, we have some shared logic between client and server, so it could get a little messy, but generally, +1. Note that I'm not sure we use email addresses in any other forms, though it's easy enough to imagine this could be the case - for instance, some auth scheme of a connector that specifically requires an email address as the userid. So, probably not in a big hurry for this. Can we get an issue opened up for this? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This PR does seem to do the correct validation, server side, but the originating issue mentioned client-side checks (red boxes). For example, if I have xpack.actions.email.domain_allowlist: ['elastic.co']
, I'm able to enter in bad@x
as the from when creating a connector, and I get a toast on saving that says error validating action type config: [from]: not allowed emails: bad@x
- but really I should get the red box error highlighting.
Or is that not possible?
I noticed this was true for some of the other cases, like adding an invalid domain on a to
in an alert action - save failed, but should have had the red error outline, but it didn't.
…email-validation
…3342-email-validation
Or i can simply add the following check but wonder if there is a reason behind
|
Yes no hurry for this, if we have an issue to track it it's enough. I just thought that more folks in the future might need to validate email fields in their form and get the validator for free :) Cheers |
I think I may have been testing with some bad env (changed the config, server restarted, but didn't reload the browser). I can now see the red error when I used an allow list and enter a valid but not allowed email in the sender. I tried the other case I mentioned, and can see the read error in the UX, so guessing this was all my fault for not testing this correctly :-( And I'm thinking yup, bad@x is a valid email :-)$ node
Welcome to Node.js v16.14.2.
Type ".help" for more information.
> em = require('email-addresses')
[Function: parse5322] {
parseOneAddress: [Function: parseOneAddressSimple],
parseAddressList: [Function: parseAddressListSimple],
parseFrom: [Function: parseFromSimple],
parseSender: [Function: parseSenderSimple],
parseReplyTo: [Function: parseReplyToSimple]
}
> em.parseOneAddress('bad@x')
{
parts: {
name: null,
address: {
name: 'addr-spec',
tokens: 'bad@x',
semantic: 'bad@x',
children: [Array]
},
local: {
name: 'local-part',
tokens: 'bad',
semantic: 'bad',
children: [Array]
},
domain: { name: 'domain', tokens: 'x', semantic: 'x', children: [Array] },
comments: []
},
type: 'mailbox',
name: null,
address: 'bad@x',
local: 'bad',
domain: 'x',
comments: '',
groupName: null
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I was testing it wrong before - appears to work correctly now ...
LGTM!
💛 Build succeeded, but was flakyFailed CI StepsTest Failures
Metrics [docs]Page load bundle
History
To update your PR or re-run it, just comment with: |
fixes: #133342
We were skipping email address validation on email connector creation UI.
With this PR, email addresses are always validated agains a basic email address template and against allowedDomains list if it is provided.