BUG FIX: country-code-aware phone-number parsing
Symptoms:
Suppose alice has the phone number +1-333-222-1111 and bob tries to add her as an admin from a US phone number (ie: a number we know to have country code +1:G
-
+333-222-1111is treated like a valid phone number (but should not be, because it omits the country code1necessary for us to recognize it as a US number and creates the possibility that it will be interpreted as a French phone number. -
333-222-1111is not treated like a valid phone number, even though we could have inferred it was a US number given the sender had a US number.
Desired Behavior
GIVEN a command (INVITE, ADD, etc..) containing a payload with an invalid combination of country code and trailing numbers
- THEN reject the phone number with a parse error
GIVEN a command (INVITE, ADD, etc...) containing a payload lacking a country code
- THEN attempt to infer the payload's country code from the sender's country code
- WHEN this is a valid e164 number
- THEN assume the payload has the same country code as the command-issuer
- WHEN this is an invalid number
- THEN reject with a parse error
GIVEN a boost cli command with a phone number payload
- THEN it should be validated according to the same rules above
Implementation Notes:
- use this library: https://github.com/google/libphonenumber
- move
boostvalidation from bash/cli to the server (and consolidate all phone number validation in one module not in the model layer)
Other cards
Edited by aguestuser