pagopa · rGregnanin · Sep 18, 2024 · Sep 18, 2024 · Sep 18, 2024 · Sep 18, 2024
@@ -33,6 +33,7 @@ export const errorCodes = {
   certifierWithExistingAttributes: "0024",
   attributeNotFoundInTenant: "0025",
   tenantNotFoundByExternalId: "0026",
+  notValidMailAddress: "0027",
 };
 
 export type ErrorCodes = keyof typeof errorCodes;
@@ -292,3 +293,11 @@ export function attributeNotFoundInTenant(
     title: "Attribute not found in tenant",
   });
 }
+
+export function notValidMailAddress(address: string): ApiError<ErrorCodes> {
+  return new ApiError({
+    detail: `mail address ${address} not valid`,
+    code: "notValidMailAddress",
+    title: "Not valid mail address",
+  });
+}
@@ -65,6 +65,7 @@
   tenantNotFound,
   tenantIsAlreadyACertifier,
   verifiedAttributeSelfRevocationNotAllowed,
+  notValidMailAddress,
 } from "../model/domain/errors.js";
 import {
   assertOrganizationIsInAttributeVerifiers,
@@ -335,28 +336,14 @@
         logger.info(
           `Creating tenant with external id ${tenantSeed.externalId} via SelfCare request"`
         );
-        const mails = tenantSeed.digitalAddress
-          ? [
-              {
-                id: crypto
-                  .createHash("sha256")
-                  .update(tenantSeed.digitalAddress.address)
-                  .digest("hex"),
-                kind: tenantMailKind.DigitalAddress,
-                address: tenantSeed.digitalAddress.address,
-                description: tenantSeed.digitalAddress.description,
-                createdAt: new Date(),
-              },
-            ]
-          : [];
 
         const newTenant: Tenant = {
           id: generateId(),
           name: tenantSeed.name,
           attributes: [],
           externalId: tenantSeed.externalId,
           features: [],
-          mails,
+          mails: formatTenantMail(tenantSeed.digitalAddress),
           selfcareId: tenantSeed.selfcareId,
           onboardedAt: new Date(tenantSeed.onboardedAt),
           subUnitType: tenantSeed.subUnitType,
@@ -1093,15 +1080,17 @@
 
       const tenant = await retrieveTenant(tenantId, readModelService);
 
-      if (tenant.data.mails.find((m) => m.address === mailSeed.address)) {
+      const validatedAddress = validateAddress(mailSeed.address);
+
+      if (tenant.data.mails.find((m) => m.address === validatedAddress)) {
         throw mailAlreadyExists();
       }
 
       const newMail: TenantMail = {
         kind: mailSeed.kind,
-        address: mailSeed.address,
+        address: validatedAddress,
         description: mailSeed.description,
-        id: crypto.createHash("sha256").update(mailSeed.address).digest("hex"),
+        id: crypto.createHash("sha256").update(validatedAddress).digest("hex"),
         createdAt: new Date(),
       };
 
@@ -1751,4 +1740,51 @@
   } satisfies Tenant;
 }
 
+function validateAddress(address: string): string {
+  // Here I am removing the non-printing control characters
+  const removeNonPrintingcontrolCharacters = address.replace(
+    // eslint-disable-next-line no-control-regex
+    /[\x00-\x1F\x7F]/g,
+    ""
+  );
+
+  // Here I am removing the extra spaces and tabs
+  const removeExtraSpace = removeNonPrintingcontrolCharacters
+    .replace(/\s+/g, "")
+    .trim();
+
+  // Here I am removing strange characters or special symbols
+  const sanitizedMail = removeExtraSpace
+    .replace(/[^\w.@-_]/g, "")
@@ -1757,3 +1757,3 @@
  const sanitizedMail = removeExtraSpace
-    .replace(/[^\w.@-_]/g, "")
+    .replace(/[^\w.@-]/g, "")
    .replace(/\^/g, "");
@@ -1757,3 +1757,3 @@
  const sanitizedMail = removeExtraSpace
-    .replace(/[^\w.@-_]/g, "")
+    .replace(/[^\w.@-]/g, "")
    .replace(/\^/g, "");
+    .replace(/\^/g, "");
+
+  // same path used by the frontend
+  // Taken from HTML spec: https://html.spec.whatwg.org/multipage/input.html#valid-e-mail-address
+  const emailPattern =
+    // eslint-disable-next-line no-useless-escape
+    /^[a-zA-Z0-9.!#$%&'*+\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/;
+  if (!emailPattern.test(sanitizedMail)) {
+    throw notValidMailAddress(address);
+  }
+  return sanitizedMail;
+}
+
+function formatTenantMail(
+  digitalAddress: tenantApi.MailSeed | undefined
+): TenantMail[] {
+  if (!digitalAddress) {
+    return [];
+  }
+  const validatedAddress = validateAddress(digitalAddress.address);
+  return [
+    {
+      id: crypto.createHash("sha256").update(validatedAddress).digest("hex"),
+      kind: tenantMailKind.DigitalAddress,
+      address: validatedAddress,
+      description: digitalAddress.description,
+      createdAt: new Date(),
+    },
+  ];
+}
+
 export type TenantService = ReturnType<typeof tenantServiceBuilder>;
@@ -15,6 +15,7 @@ import { tenantApi } from "pagopa-interop-api-clients";
 import { getMockTenant } from "pagopa-interop-commons-test";
 import {
   mailAlreadyExists,
+  notValidMailAddress,
   tenantNotFound,
 } from "../src/model/domain/errors.js";
 import { addOneTenant, postgresDB, tenantService } from "./utils.js";
@@ -77,6 +78,53 @@ describe("addTenantMail", async () => {
     };
     expect(writtenPayload.tenant).toEqual(toTenantV2(updatedTenant));
   });
+  it("Should correctly add email by cleaning the address from unwanted characters", async () => {
+    const mailSeedWithStrangeCharacters: tenantApi.MailSeed = {
+      kind: "CONTACT_EMAIL",
+      address: "         test#°¶^            Mail@test.$%*it",
+      description: "mail description",
+    };
+    await addOneTenant(mockTenant);
+    await tenantService.addTenantMail(
+      {
+        tenantId: mockTenant.id,
+        mailSeed: mailSeedWithStrangeCharacters,
+        organizationId: mockTenant.id,
+        correlationId: generateId(),
+      },
+      genericLogger
+    );
+    const writtenEvent = await readLastEventByStreamId(
+      mockTenant.id,
+      "tenant",
+      postgresDB
+    );
+
+    expect(writtenEvent).toMatchObject({
+      stream_id: mockTenant.id,
+      version: "1",
+      type: "TenantMailAdded",
+      event_version: 2,
+    });
+
+    const writtenPayload: TenantMailAddedV2 | undefined = protobufDecoder(
+      TenantMailAddedV2
+    ).parse(writtenEvent.data);
+
+    const updatedTenant: Tenant = {
+      ...mockTenant,
+      mails: [
+        {
+          ...mailSeed,
+          id: writtenPayload.mailId,
+          createdAt: new Date(),
+        },
+      ],
+      updatedAt: new Date(),
+    };
+    expect(writtenPayload.tenant).toEqual(toTenantV2(updatedTenant));
+  });
+
   it("Should throw tenantNotFound if the tenant doesn't exists", async () => {
     expect(
       tenantService.addTenantMail(
@@ -132,4 +180,26 @@ describe("addTenantMail", async () => {
       )
     ).rejects.toThrowError(mailAlreadyExists());
   });
+
+  it("Should throw notValidMailAddress if the address doesn't respect the valid pattern", async () => {
+    const mailSeedWithStrangeCharacters: tenantApi.MailSeed = {
+      kind: "CONTACT_EMAIL",
+      address: "         test#°¶^            Mail@test.$%*@@it",
+      description: "mail description",
+    };
+    await addOneTenant(mockTenant);
+    expect(
+      tenantService.addTenantMail(
+        {
+          tenantId: mockTenant.id,
+          mailSeed: mailSeedWithStrangeCharacters,
+          organizationId: mockTenant.id,
+          correlationId: generateId(),
+        },
+        genericLogger
+      )
+    ).rejects.toThrowError(
+      notValidMailAddress(mailSeedWithStrangeCharacters.address)
+    );
+  });
 });