Properly validate email addresses
Our regexp is rather ehm basic:
This can lead to issues, when for example subscriptions with invalid email addresses are registered, that are later then re-formatted by the mail-gem.
An example of that has been reported as the basis for #482 and went the following way:
- Subscription with email ' my@email.com'
- Key was assigned to subscription
When delivery happends, the following is happening:
gpg_options for mail-gpg gets the following hash (https://0xacab.org/schleuder/schleuder/-/blob/26e8dc880fde033fa9a37e0cacc05fb0e56baa3c/lib/schleuder/subscription.rb#L61):
{'encrypt' => true, 'keys' => { ' my@email.com' => '0x.....' } }receivers is set to mail.to https://github.com/jkraemer/mail-gpg/blob/481d4096c67bac6a4248604dba0d43753f5b2404/lib/mail/gpg.rb#L34 (+ Line 46) which is: 'my@email.com':
Mail.new(to: ' my@email.com').to
=> ["my@email.com"]This is then used to look up the keys for the emails @ https://github.com/jkraemer/mail-gpg/blob/481d4096c67bac6a4248604dba0d43753f5b2404/lib/mail/gpg/gpgme_helper.rb#L14
email_or_shas in this function: https://github.com/jkraemer/mail-gpg/blob/481d4096c67bac6a4248604dba0d43753f5b2404/lib/mail/gpg/gpgme_helper.rb#L121-L154
are the previously recipients, parsed and formatted by Mail. But we then try to find a keyid in the key_data (that is the previously generated keys hash): https://github.com/jkraemer/mail-gpg/blob/481d4096c67bac6a4248604dba0d43753f5b2404/lib/mail/gpg/gpgme_helper.rb#L127-L128
Which obviously fails since, the key for the fingerprint is ' my@email.com', but the recipient is 'my@email.com'
- We should improve checking the validity of an emailaddress
- We might likely want to format (besides downcasing) all the emails for subscriptions how mail will treat them. Like this, we will ensure, they will also be found when used by mail-gpg. E.g.
Mail::Address.new(' my@email').address