From ffafc16fe553460f19988cc3cd23e5fa9d040aaf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C4=93teris=20Caune?= Date: Mon, 17 Aug 2020 11:31:24 +0300 Subject: [PATCH] Handle excessively long email addresses in the signup form. --- CHANGELOG.md | 3 +++ hc/accounts/forms.py | 3 +++ hc/accounts/tests/test_signup.py | 8 ++++++++ 3 files changed, 14 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b29ad2f1..585b9725 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,9 @@ All notable changes to this project will be documented in this file. - Django 3.1 - Handle status callbacks from Twilio, show delivery failures in Integrations +## Bug Fixes +- Handle excessively long email addresses in the signup form. + ## v1.16.0 - 2020-08-04 ### Improvements diff --git a/hc/accounts/forms.py b/hc/accounts/forms.py index 48b500b2..3bcc894a 100644 --- a/hc/accounts/forms.py +++ b/hc/accounts/forms.py @@ -20,6 +20,9 @@ class AvailableEmailForm(forms.Form): def clean_identity(self): v = self.cleaned_data["identity"] + if len(v) > 254: + raise forms.ValidationError("Address is too long.") + if User.objects.filter(email=v).exists(): raise forms.ValidationError( "An account with this email address already exists." diff --git a/hc/accounts/tests/test_signup.py b/hc/accounts/tests/test_signup.py index ffba2700..b4bba924 100644 --- a/hc/accounts/tests/test_signup.py +++ b/hc/accounts/tests/test_signup.py @@ -81,3 +81,11 @@ class SignupTestCase(TestCase): form = {"identity": "alice at example org"} r = self.client.post("/accounts/signup/", form) self.assertContains(r, "Enter a valid email address") + + def test_it_checks_length(self): + aaa = "a" * 300 + form = {"identity": f"alice+{aaa}@example.org"} + r = self.client.post("/accounts/signup/", form) + self.assertContains(r, "Address is too long.") + + self.assertFalse(User.objects.exists())