From 9033b918052d322e199ebeb25d472118999fb23e Mon Sep 17 00:00:00 2001 From: James Bennett Date: Sat, 9 Nov 2024 00:49:00 -0800 Subject: [PATCH] Add regression checks on email validator. This is mostly to ensure that it rejects domains (other than "localhost") without dots in them. --- pyproject.toml | 5 +---- src/django_registration/validators.py | 8 ------- tests/test_forms.py | 31 ++++++++++++++++----------- 3 files changed, 19 insertions(+), 25 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index cd87f7a..075a93a 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -46,7 +46,7 @@ exclude_dirs = ["src/django_registration/_backports.py"] skips = ["B101"] [tool.black] -target-version = ["py38", "py39", "py310", "py311", "py312"] +target-version = ["py39", "py310", "py311", "py312", "py313"] [tool.check-manifest] ignore-bad-ideas = ["*.mo"] @@ -114,6 +114,3 @@ disable = [ "missing-module-docstring", "too-many-ancestors", ] - -[dependency-groups] -tests = ["nox"] diff --git a/src/django_registration/validators.py b/src/django_registration/validators.py index 27654b4..af696a2 100644 --- a/src/django_registration/validators.py +++ b/src/django_registration/validators.py @@ -39,7 +39,6 @@ r"(?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$" ) - # Below we construct a large but non-exhaustive list of names which users probably # should not be able to register with, due to various risks: # @@ -67,7 +66,6 @@ "wpad", # Proxy autodiscovery ] - PROTOCOL_HOSTNAMES = [ # Common protocol hostnames. "ftp", @@ -83,7 +81,6 @@ "www", ] - CA_ADDRESSES = [ # Email addresses known used by certificate authorities during # verification. @@ -103,7 +100,6 @@ "webmaster", ] - RFC_2142 = [ # RFC-2142-defined names not already covered. "abuse", @@ -114,7 +110,6 @@ "support", ] - NOREPLY_ADDRESSES = [ # Common no-reply email addresses. "mailer-daemon", @@ -123,7 +118,6 @@ "no-reply", ] - SENSITIVE_FILENAMES = [ # Sensitive filenames. "clientaccesspolicy.xml", # Silverlight cross-domain policy file. @@ -136,7 +130,6 @@ ".htpasswd", ] - OTHER_SENSITIVE_NAMES = [ # Other names which could be problems depending on URL/subdomain # structure. @@ -194,7 +187,6 @@ "xrpc", # Used by Bluesky/AT protocol for domain verification. ] - DEFAULT_RESERVED_NAMES = ( SPECIAL_HOSTNAMES + PROTOCOL_HOSTNAMES diff --git a/tests/test_forms.py b/tests/test_forms.py index 96a7eec..248512f 100644 --- a/tests/test_forms.py +++ b/tests/test_forms.py @@ -49,25 +49,30 @@ def test_email_validation(self): "test+test@example.com", "test.test@example.com", "test_test@example.com", + "test@localhost", # Django's default validator allows this one. ): - user_data = self.valid_data.copy() - user_data["email"] = value - form = forms.RegistrationForm(data=user_data) - assert form.is_valid() + with self.subTest(value=value): + user_data = self.valid_data.copy() + user_data["email"] = value + form = forms.RegistrationForm(data=user_data) + assert form.is_valid() for value in ( "@@@example.com", "test:test@test@example.com", 'test"test@example"test@example.com', + "test@example", + "test@1234", ): - user_data = self.valid_data.copy() - user_data["email"] = value - form = forms.RegistrationForm(data=user_data) - assert not form.is_valid() - assert form.has_error(user_model.get_email_field_name()) - assert ( - str(validators.HTML5EmailValidator.message) - in form.errors[user_model.get_email_field_name()] - ) + with self.subTest(value=value): + user_data = self.valid_data.copy() + user_data["email"] = value + form = forms.RegistrationForm(data=user_data) + assert not form.is_valid() + assert form.has_error(user_model.get_email_field_name()) + assert ( + str(validators.HTML5EmailValidator.message) + in form.errors[user_model.get_email_field_name()] + ) def test_email_validated_once(self): """