From d4c5042991a1a8d49ffe7ca4793792a8da140932 Mon Sep 17 00:00:00 2001
From: Marcin Kulik <m@ku1ik.com>
Date: Tue, 14 May 2024 12:06:19 +0200
Subject: [PATCH] Improve email validation regex

---
 lib/asciinema/accounts.ex        |  2 +-
 test/asciinema/accounts_test.exs | 14 ++++++++++----
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/lib/asciinema/accounts.ex b/lib/asciinema/accounts.ex
index ec2e59af3..87f0d6cf2 100644
--- a/lib/asciinema/accounts.ex
+++ b/lib/asciinema/accounts.ex
@@ -6,7 +6,7 @@ defmodule Asciinema.Accounts do
   alias Asciinema.{Fonts, Repo, Themes}
   alias Ecto.Changeset
 
-  @valid_email_re ~r/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}$/i
+  @valid_email_re ~r/^[A-Z0-9._%+-]+@([A-Z0-9-]+\.)+[A-Z]{2,}$/i
   @valid_username_re ~r/^[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]$/
 
   def fetch_user(id) do
diff --git a/test/asciinema/accounts_test.exs b/test/asciinema/accounts_test.exs
index c999d8e9d..22ea5bbdd 100644
--- a/test/asciinema/accounts_test.exs
+++ b/test/asciinema/accounts_test.exs
@@ -36,17 +36,23 @@ defmodule Asciinema.AccountsTest do
     end
 
     test "non-existing user, by email" do
-      assert Accounts.generate_login_url("new@example.com", true, Routes) ==
-               {:ok, {:signup, "http://signup", "new@example.com"}}
+      assert Accounts.generate_login_url("foo@example.com", true, Routes) ==
+               {:ok, {:signup, "http://signup", "foo@example.com"}}
+
+      assert Accounts.generate_login_url("foo@ex.ample.com", true, Routes) ==
+               {:ok, {:signup, "http://signup", "foo@ex.ample.com"}}
     end
 
     test "non-existing user, by email, when sign up is disabled" do
-      assert Accounts.generate_login_url("new@example.com", false, Routes) ==
+      assert Accounts.generate_login_url("foo@example.com", false, Routes) ==
                {:error, :user_not_found}
     end
 
     test "non-existing user, by email, when email is invalid" do
-      assert Accounts.generate_login_url("new@", true, Routes) == {:error, :email_invalid}
+      assert Accounts.generate_login_url("foo@", true, Routes) == {:error, :email_invalid}
+
+      assert Accounts.generate_login_url("foo@ex.ample..com", true, Routes) ==
+               {:error, :email_invalid}
     end
 
     test "non-existing user, by username" do