fix: update email regex to support special characters (#12181)

### What? It's impossible to create a user with special characters in their email in Payload CMS 3.35.0. The issue is that currently the regex looks like this: ...payload/packages/payload/src/fields/validations.ts (line 202-203): const emailRegex = /^(?!.*\.\.)[\w.%+-]+@[a-z0-9](?:[a-z0-9-]*[a-z0-9])?(?:\.[a-z0-9](?:[a-z0-9-]*[a-z0-9])?)*\.[a-z]{2,}$/i This allows users that have the following characters in their email to be created: %, ., +, - The regex needs to get updated to the following: const emailRegex = /^(?!.*\.\.)[\w!#$%&'*+/=?^{|}~.-]+@a-z0-9?(?:.a-z0-9?)*.[a-z]{2,}$/i` This way all special characters `!#$%&'*+/=?^_{|}~.-`` are hereby OK to have in the email. I've added more test-cases to cover a couple of more scenarios in the forked repo. ### Why? The regex is missing some special characters that are allowed according to standards. ### How? * Go to the admin ui and try to create a user with any of the newly added special characters meaning (!#$%&'*+/=?^_{|}~.-`) * You should get a validation error. However with the addition of the above code it should all check out. Fixes # https://github.com/payloadcms/payload/issues/12180 --------- Co-authored-by: Mattias Grenhall <mattias.grenhall@assaabloy.com>
2025-04-29 19:43:24 +02:00
parent 1b17df9e0b
commit 8fee0163b5
3 changed files with 9 additions and 2 deletions
--- a/packages/payload/src/fields/validations.ts
+++ b/packages/payload/src/fields/validations.ts
@@ -200,7 +200,7 @@ export const email: EmailFieldValidation = (
   * Supports multiple subdomains (e.g., user@sub.domain.example.com)
   */
  const emailRegex =
-    /^(?!.*\.\.)[\w.%+-]+@[a-z0-9](?:[a-z0-9-]*[a-z0-9])?(?:\.[a-z0-9](?:[a-z0-9-]*[a-z0-9])?)*\.[a-z]{2,}$/i
+    /^(?!.*\.\.)[\w!#$%&'*+/=?^`{|}~-](?:[\w!#$%&'*+/=?^`{|}~.-]*[\w!#$%&'*+/=?^`{|}~-])?@[a-z0-9](?:[a-z0-9-]*[a-z0-9])?(?:\.[a-z0-9](?:[a-z0-9-]*[a-z0-9])?)*\.[a-z]{2,}$/i

  if ((value && !emailRegex.test(value)) || (!value && required)) {
    return t('validation:emailAddress')
--- a/test/auth/int.spec.ts
+++ b/test/auth/int.spec.ts
@@ -1016,6 +1016,7 @@ describe('Auth', () => {
      expect(emailValidation('user.name+alias@example.co.uk', mockContext)).toBe(true)
      expect(emailValidation('user-name@example.org', mockContext)).toBe(true)
      expect(emailValidation('user@ex--ample.com', mockContext)).toBe(true)
+      expect(emailValidation("user'payload@example.org", mockContext)).toBe(true)
    })

    it('should not allow emails with double quotes', () => {
@@ -1045,5 +1046,11 @@ describe('Auth', () => {
      expect(emailValidation('user@-example.com', mockContext)).toBe('validation:emailAddress')
      expect(emailValidation('user@example-.com', mockContext)).toBe('validation:emailAddress')
    })
+    it('should not allow emails that start with dot', () => {
+      expect(emailValidation('.user@example.com', mockContext)).toBe('validation:emailAddress')
+    })
+    it('should not allow emails that have a comma', () => {
+      expect(emailValidation('user,name@example.com', mockContext)).toBe('validation:emailAddress')
+    })
  })
 })
--- a/tsconfig.base.json
+++ b/tsconfig.base.json
@@ -31,7 +31,7 @@
      }
    ],
    "paths": {
-      "@payload-config": ["./test/query-presets/config.ts"],
+      "@payload-config": ["./test/_community/config.ts"],
      "@payloadcms/admin-bar": ["./packages/admin-bar/src"],
      "@payloadcms/live-preview": ["./packages/live-preview/src"],
      "@payloadcms/live-preview-react": ["./packages/live-preview-react/src/index.ts"],