-
-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[mielecloud] E-Mail check is not RFC compliant #11050
Comments
@BjoernLange Could you comment here? |
I have to admit that the check in the currently stable 3.1.0 binding version is problematic, but we already changed that so everything that follows is about the current state. A version that includes these changes can be found here. The MDN documentation says that the
In #10928 the validation regex was changed to
for both, frontend and backend. The significant differences are:
Imo with #10928 integrated the situation is not as bad as described by @1358 as most e-mail addresses will work fine. However, it is absolutely right that the validation should be as close as possible to the validation Miele is doing when accepting new account registrations. As we can only see what is going on in the frontend, the validation they are using has to be at least as strict as the validation provided by |
Why do you want to validate it for more than not empty? |
tl;dr: We cannot validate the e-mail address via the Miele Cloud. That would also be my favorite solution but sadly things don't work like this. The Miele Cloud Binding uses OAuth2 for authentication with the Miele Cloud. Thus, the binding does never work with the login data needed to sign into the Miele Cloud. We do not have access to the e-mail address (nor password) that is used for the paired account and there is no way to verify that the user provided the e-mail address linked to the account. That's also why the initial contribution of the binding was missing the e-mail parameter, but it was added during the review process because openHAB needs at least one thing parameter to identify a thing. See here for details. Given these circumstances it seems reasonable to me to mimic the validation of the Miele Cloud. I also assume that the validation of the e-mail address isn't changed often or even at all. But before starting a lengthy discussion on this, I would like to wait for a response from Miele on how they validate the e-mail address. Maybe it is just the same validation as provided by |
To be honest, I'm really annoyed. Don't get me wrong, but there is an internet standard defining how an email address should look like. It is defined in RFC 2821 and especially RFC 2822 Section 3.4.1 (https://datatracker.ietf.org/doc/html/rfc2822#section-3.4.1) (and of cause the recent versions 5335+5336) If the binding wants to validate email addresses: Do it right (i.e. standard compliant) or leave it completely. Can you please explain why do you want to "validate" a mail address at all? Why is this necceccary at all? Providing a mail address that does not exist or has no mailbox (e.g. "noreply@...") and providing a mail address with "typos" (that are "catched" by your regex-pattern) does not affect the OAuth2-Path (as both fail, and the error handling is the same) at all? And if the account does not exist at all the error handling codepath is also already existant?
BTW: The validation of the "Miele Cloud" has to be RFC compliant as well. Thats why we have standards. To get around exactly that discussion you just started. It is called "standard" because it is a standard everyone that participants has to comply. Like @lsiepel already mentioned there is no reason to "validate" something in the binding itself. |
tl:dr: We do not have to "mimic" someone (quirky), we have to be standard compliant. Thats what standards for. |
@BjoernLange I would agree with @1358 here. As the e-mail address isn't atm actively used by the binding at all, even a typo in it wouldn't harm the functionality. And it should not be up to a binding to implement any custom e-mail syntax validation - if something is desired, we should probably rather use a basic check like I'd suggest to simply remove the validation logic from the binding. |
I'm perfectly fine with that and will happily do so, @kaikreuzer. |
Thanks! |
I opened #11073 for this purpose, @kaikreuzer. Maybe you can do a quick review? |
The mail address syntax check is not RFC compliant at all. It rejects valid mail addresses for no reason.
Miele simply uses
<input type="email">
and there is no reason to be more restrictive here...The text was updated successfully, but these errors were encountered: