use supplied regex

harminius · harminius · commit 178020c28f3a · 2025-11-04T15:26:51.000+01:00
diff --git a/server/Pipfile b/server/Pipfile
@@ -42,6 +42,7 @@ typing_extensions = "==4.12.2"
 python-magic = "==0.4.27"
 # requirements for development on windows
 colorama = "==0.4.5"
+regex = "2025.11.3"
 
 [dev-packages]
 pytest = "==8.3.2"
diff --git a/server/Pipfile.lock b/server/Pipfile.lock
diff --git a/server/mergin/auth/forms.py b/server/mergin/auth/forms.py
@@ -1,7 +1,8 @@
 # Copyright (C) Lutra Consulting Limited
 #
 # SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-MerginMaps-Commercial
-import re
+
+import regex
 import safe
 from flask_wtf import FlaskForm
 from sqlalchemy import func
@@ -17,7 +18,6 @@
 
 from .models import MAX_USERNAME_LENGTH, User
 from ..app import UpdateForm, CustomStringField
-from .utils import get_email_domain
 
 
 def username_validation(form, field):
@@ -57,19 +57,20 @@ class ExtendedEmail(Email):
     because they make our email sending service to fail
     """
 
+    EMAIL_PATTERN = regex.compile(
+        r"""(?i)^[\x60#&*\/=?^{!}~'_\p{L}0-9\-\+]+
+            (\.[\x60#&*\/=?^{!}~'_\p{L}0-9\-\+]+)*\.?@
+            ([_a-z0-9-]+(\.[_a-z0-9-]+)*\.)
+            [a-z0-9-]*[a-z0-9]{2,}$""",
+        regex.VERBOSE,
+    )
+
     def __call__(self, form, field):
         super().__call__(form, field)
 
-        if re.search(r"[|'—]", field.data):
-            raise ValidationError(
-                f"Email address '{field.data}' contains an invalid character."
-            )
-
-        domain = get_email_domain(field.data)
-        if not domain.isascii():
-            raise ValidationError(
-                f"Email address '{field.data}' contains non-ASCII characters in the domain part."
-            )
+        value = field.data.strip()
+        if not self.EMAIL_PATTERN.match(value):
+            raise ValidationError(f"Email address '{value}' is invalid.")
 
 
 class PasswordValidator:
