From 876d8ecbd735a3ad3a00de3b9a604d7126f32417 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sami=20M=C3=A4kinen?= <sami.makinen@nls.fi>
Date: Fri, 24 Mar 2023 12:47:23 +0200
Subject: [PATCH 1/3] Fix email validation

---
 .../control/users/RegistrationUtil.java       |  6 ++--
 .../control/users/RegistrationUtilTest.java   | 31 +++++++++++++++++++
 2 files changed, 35 insertions(+), 2 deletions(-)
 create mode 100644 control-users/src/main/java/fi/nls/oskari/control/users/RegistrationUtilTest.java

diff --git a/control-users/src/main/java/fi/nls/oskari/control/users/RegistrationUtil.java b/control-users/src/main/java/fi/nls/oskari/control/users/RegistrationUtil.java
index 8dcf09bc9..552e9fe20 100755
--- a/control-users/src/main/java/fi/nls/oskari/control/users/RegistrationUtil.java
+++ b/control-users/src/main/java/fi/nls/oskari/control/users/RegistrationUtil.java
@@ -13,6 +13,9 @@
  */
 public class RegistrationUtil {
 
+    // From: https://owasp.org/www-community/OWASP_Validation_Regex_Repository
+    private static final String EMAIL_REGEXP = "^[a-zA-Z0-9_+&*-]+(?:\\.[a-zA-Z0-9_+&*-]+)*@(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,}$";
+
     public static final String getServerAddress(ActionParameters params) {
         final String domain = PropertyUtil.get("oskari.domain", null);
         if(domain != null) {
@@ -23,8 +26,7 @@ public static final String getServerAddress(ActionParameters params) {
     }
 
     public static boolean isValidEmail(String email) {
-        String regex = "^[\\w-_\\.+]*[\\w-_\\.]\\@([\\w]+\\.\\-)+[\\w]+[\\w]$";
-        return email != null && !email.isEmpty() && email.matches(regex);
+        return email != null && !email.isEmpty() && email.matches(EMAIL_REGEXP);
     }
 
     public static boolean isPasswordOk(String passwd) {
diff --git a/control-users/src/main/java/fi/nls/oskari/control/users/RegistrationUtilTest.java b/control-users/src/main/java/fi/nls/oskari/control/users/RegistrationUtilTest.java
new file mode 100644
index 000000000..39370c816
--- /dev/null
+++ b/control-users/src/main/java/fi/nls/oskari/control/users/RegistrationUtilTest.java
@@ -0,0 +1,31 @@
+package fi.nls.oskari.control.users;
+
+import org.junit.Test;
+
+import java.util.Arrays;
+import java.util.List;
+
+import static org.junit.Assert.*;
+
+public class RegistrationUtilTest {
+    @Test
+    public void isValidEmail() {
+        List<String> goodEmails = Arrays.asList(
+            "username@domain.com",
+            "user.name@domain.com",
+            "user-name@domain.com",
+            "user-name@domain-test.com",
+            "username@domain.co.in",
+            "user_name@domain.com");
+        goodEmails.forEach(email -> assertTrue(email, RegistrationUtil.isValidEmail(email)));
+    }
+    @Test
+    public void isNotValidEmail() {
+        List<String> badEmails = Arrays.asList(
+                "username.@domain.com",
+                ".user.name@domain.com",
+                "user-name@domain.com.",
+                "username@.com");
+        badEmails.forEach(email -> assertFalse(email, RegistrationUtil.isValidEmail(email)));
+    }
+}
\ No newline at end of file

From f3efb20c832c725566c0788eb91953ccd8db14f9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Janne=20Heikkil=C3=A4?= <jampukka@users.noreply.github.com>
Date: Fri, 24 Mar 2023 13:32:29 +0200
Subject: [PATCH 2/3] Apply suggestions from code review

Compile the regexp pattern once
---
 .../java/fi/nls/oskari/control/users/RegistrationUtil.java    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/control-users/src/main/java/fi/nls/oskari/control/users/RegistrationUtil.java b/control-users/src/main/java/fi/nls/oskari/control/users/RegistrationUtil.java
index 552e9fe20..71b14db9a 100755
--- a/control-users/src/main/java/fi/nls/oskari/control/users/RegistrationUtil.java
+++ b/control-users/src/main/java/fi/nls/oskari/control/users/RegistrationUtil.java
@@ -15,7 +15,7 @@ public class RegistrationUtil {
 
     // From: https://owasp.org/www-community/OWASP_Validation_Regex_Repository
     private static final String EMAIL_REGEXP = "^[a-zA-Z0-9_+&*-]+(?:\\.[a-zA-Z0-9_+&*-]+)*@(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,}$";
-
+    private static final String EMAIL_PATTERN = Pattern.compile(EMAIL_REGEXP);
     public static final String getServerAddress(ActionParameters params) {
         final String domain = PropertyUtil.get("oskari.domain", null);
         if(domain != null) {
@@ -26,7 +26,7 @@ public static final String getServerAddress(ActionParameters params) {
     }
 
     public static boolean isValidEmail(String email) {
-        return email != null && !email.isEmpty() && email.matches(EMAIL_REGEXP);
+        return email != null && !email.isEmpty() && EMAIL_PATTERN.matcher(email).matches();
     }
 
     public static boolean isPasswordOk(String passwd) {

From cc9ddec9f8022d4527ebbdfd0a047ba35d877c78 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sami=20M=C3=A4kinen?= <sami.makinen@nls.fi>
Date: Fri, 24 Mar 2023 13:58:09 +0200
Subject: [PATCH 3/3] Fix import etc

---
 .../fi/nls/oskari/control/users/RegistrationUtil.java    | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/control-users/src/main/java/fi/nls/oskari/control/users/RegistrationUtil.java b/control-users/src/main/java/fi/nls/oskari/control/users/RegistrationUtil.java
index 71b14db9a..c78b9f264 100755
--- a/control-users/src/main/java/fi/nls/oskari/control/users/RegistrationUtil.java
+++ b/control-users/src/main/java/fi/nls/oskari/control/users/RegistrationUtil.java
@@ -7,6 +7,7 @@
 import javax.servlet.http.HttpServletRequest;
 import java.sql.Timestamp;
 import java.util.Calendar;
+import java.util.regex.Pattern;
 
 /**
  * Created by SMAKINEN on 1.9.2016.
@@ -15,7 +16,7 @@ public class RegistrationUtil {
 
     // From: https://owasp.org/www-community/OWASP_Validation_Regex_Repository
     private static final String EMAIL_REGEXP = "^[a-zA-Z0-9_+&*-]+(?:\\.[a-zA-Z0-9_+&*-]+)*@(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,}$";
-    private static final String EMAIL_PATTERN = Pattern.compile(EMAIL_REGEXP);
+    private static final Pattern EMAIL_PATTERN = Pattern.compile(EMAIL_REGEXP);
     public static final String getServerAddress(ActionParameters params) {
         final String domain = PropertyUtil.get("oskari.domain", null);
         if(domain != null) {
@@ -30,13 +31,13 @@ public static boolean isValidEmail(String email) {
     }
 
     public static boolean isPasswordOk(String passwd) {
-        if(passwd == null) {
+        if (passwd == null) {
             return false;
         }
-        if(passwd.length() < PasswordRules.getMinLength()) {
+        if (passwd.length() < PasswordRules.getMinLength()) {
             return false;
         }
-        if(PasswordRules.getRequireCase() &&
+        if (PasswordRules.getRequireCase() &&
                 (passwd.toLowerCase().equals(passwd) || passwd.toUpperCase().equals(passwd))) {
             return false;
         }