From 697cb19bde8279e081cb4b644523da9cd4864769 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C4=93teris=20Caune?= <cuu508@gmail.com>
Date: Mon, 17 Aug 2020 12:05:19 +0300
Subject: [PATCH] Handle excessively long email addresses in the team member
 invite form.

---
 CHANGELOG.md                      |  1 +
 hc/accounts/forms.py              |  2 +-
 hc/accounts/tests/test_project.py | 11 +++++++++++
 static/css/settings.css           | 13 ++++++++++++-
 templates/accounts/project.html   |  5 +++--
 5 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 585b9725..25277a46 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,7 @@ All notable changes to this project will be documented in this file.
 
 ## Bug Fixes
 - Handle excessively long email addresses in the signup form.
+- Handle excessively long email addresses in the team member invite form.
 
 ## v1.16.0 - 2020-08-04
 
diff --git a/hc/accounts/forms.py b/hc/accounts/forms.py
index 3bcc894a..2f208042 100644
--- a/hc/accounts/forms.py
+++ b/hc/accounts/forms.py
@@ -98,7 +98,7 @@ class ChangeEmailForm(forms.Form):
 
 
 class InviteTeamMemberForm(forms.Form):
-    email = LowercaseEmailField()
+    email = LowercaseEmailField(max_length=254)
 
 
 class RemoveTeamMemberForm(forms.Form):
diff --git a/hc/accounts/tests/test_project.py b/hc/accounts/tests/test_project.py
index 79ad0b5b..bef114f8 100644
--- a/hc/accounts/tests/test_project.py
+++ b/hc/accounts/tests/test_project.py
@@ -108,6 +108,17 @@ class ProjectTestCase(BaseTestCase):
         q = TokenBucket.objects.filter(value="invite-%d" % self.alice.id)
         self.assertFalse(q.exists())
 
+    def test_it_rejects_too_long_email_addresses(self):
+        self.client.login(username="alice@example.org", password="password")
+
+        aaa = "a" * 300
+        form = {"invite_team_member": "1", "email": f"frank+{aaa}@example.org"}
+        r = self.client.post(self.url, form)
+        self.assertEqual(r.status_code, 200)
+
+        # No email should have been sent
+        self.assertEqual(len(mail.outbox), 0)
+
     @override_settings(SECRET_KEY="test-secret")
     def test_it_rate_limits_invites(self):
         obj = TokenBucket(value="invite-%d" % self.alice.id)
diff --git a/static/css/settings.css b/static/css/settings.css
index a9d6957e..3faf50c3 100644
--- a/static/css/settings.css
+++ b/static/css/settings.css
@@ -61,10 +61,21 @@
     border-top: 0;
 }
 
+#team-table .email {
+    max-width: 340px;
+    word-wrap: break-word;
+
+}
+
+.page-project .panel-footer {
+    max-width: 100%;
+    word-wrap: break-word;
+}
+
 #transfer-request {
     border: 5px solid #ffdc3e;
 }
 
 #transfer-request .settings-block {
     padding: 20px;
-}
\ No newline at end of file
+}
diff --git a/templates/accounts/project.html b/templates/accounts/project.html
index c55214df..eb2c3eee 100644
--- a/templates/accounts/project.html
+++ b/templates/accounts/project.html
@@ -147,13 +147,13 @@
                             <th></th>
                         </tr>
                         <tr>
-                            <td>{{ project.owner.email }}</td>
+                            <td class="email">{{ project.owner.email }}</td>
                             <td>Owner</td>
                             <td></td>
                         </tr>
                         {% for user in project.team %}
                         <tr>
-                            <td>{{ user.email }} </td>
+                            <td class="email">{{ user.email }}</td>
                             <td>Member</td>
                             <td>
                                 {% if is_owner %}
@@ -369,6 +369,7 @@
                                 class="form-control"
                                 id="itm-email"
                                 name="email"
+                                maxlength="254"
                                 placeholder="friend@example.org">
                         </div>
                     </div>