Do not validate the email

Signed-off-by: Radoslav Dimitrov <[email protected]>
mindersec · Jun 20, 2024 · 62fadcc · 62fadcc
1 parent d727e2a
commit 62fadcc
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 42 deletions.
diff --git a/internal/controlplane/handlers_authz.go b/internal/controlplane/handlers_authz.go
@@ -18,7 +18,6 @@ import (
 	"context"
 	"database/sql"
 	"errors"
-	"regexp"
 	"time"
 
 	"github.com/google/uuid"
@@ -323,11 +322,11 @@ func (s *Server) AssignRole(ctx context.Context, req *minder.AssignRoleRequest)
 		if errors.Is(err, sql.ErrNoRows) {
 			return nil, util.UserVisibleError(codes.InvalidArgument, "target project with ID %s not found", targetProject)
 		}
-		return nil, status.Errorf(codes.InvalidArgument, "error getting project: %v", err)
+		return nil, status.Errorf(codes.Internal, "error getting project: %v", err)
 	}
 
 	// Validate the subject and email - decide if it's an invitation or a role assignment
-	if sub == "" && email != "" && isEmail(email) {
+	if sub == "" && email != "" {
 		if flags.Bool(ctx, s.featureFlags, flags.UserManagement) {
 			return s.inviteUser(ctx, targetProject, authzRole, email)
 		}
@@ -513,7 +512,7 @@ func (s *Server) RemoveRole(ctx context.Context, req *minder.RemoveRoleRequest)
 	}
 
 	// Validate the subject and email - decide if it's about removing an invitation or a role assignment
-	if sub == "" && email != "" && isEmail(email) {
+	if sub == "" && email != "" {
 		if flags.Bool(ctx, s.featureFlags, flags.UserManagement) {
 			return s.removeInvite(ctx, targetProject, authzRole, email)
 		}
@@ -604,14 +603,6 @@ func (s *Server) removeRole(
 	}, nil
 }
 
-// isEmail checks if the subject is an email address or not
-func isEmail(subject string) bool {
-	// Define the regular expression for validating an email address
-	const emailRegexPattern = `^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$`
-	emailRegex := regexp.MustCompile(emailRegexPattern)
-	return emailRegex.MatchString(subject)
-}
-
 // UpdateRole updates a role for a user on a project
 func (s *Server) UpdateRole(ctx context.Context, req *minder.UpdateRoleRequest) (*minder.UpdateRoleResponse, error) {
 	// For the time being, ensure only one role is updated at a time

diff --git a/internal/controlplane/handlers_authz_test.go b/internal/controlplane/handlers_authz_test.go
@@ -594,36 +594,6 @@ func (_ *SimpleResolver) Validate(_ context.Context, _ jwt.Token) (*auth.Identit
 	panic("unimplemented")
 }
 
-func TestIsSubjectEmail(t *testing.T) {
-	t.Parallel()
-
-	tests := []struct {
-		name     string
-		subject  string
-		expected bool
-	}{
-		{"Valid email", "[email protected]", true},
-		{"Invalid email missing @", "testexample.com", false},
-		{"Invalid email missing domain", "test@", false},
-		{"Invalid email missing tld", "test@example", false},
-		{"Valid email with subdomain", "[email protected]", true},
-		{"Valid email with multiple dots", "[email protected]", true},
-		{"Invalid email missing domain and tld", "example@com", false},
-		{"Invalid email with spaces", "user @example.com", false},
-		{"Invalid email with special characters", "user@exa!mple.com", false},
-		{"Invalid email", "91abede98a29dbfec05daa22e2bf80850ba4ca3d209bd78d0f84adc402638446", false},
-	}
-
-	for _, tt := range tests {
-		tt := tt
-		t.Run(tt.name, func(t *testing.T) {
-			t.Parallel()
-			result := isEmail(tt.subject)
-			require.Equal(t, tt.expected, result)
-		})
-	}
-}
-
 // createSignedJWTToken creates a signed JWT token with the specified subject and email.
 func createSignedJWTToken(subject, email string, privateKey *rsa.PrivateKey) (string, error) {
 	token := gojwt.NewWithClaims(gojwt.SigningMethodRS256, gojwt.MapClaims{