fix(email-validation): add email validation to prevent bouncing, fixed OTP validation#916
Merged
waleedlatif1 merged 4 commits intostagingfrom Aug 9, 2025
Merged
fix(email-validation): add email validation to prevent bouncing, fixed OTP validation#916waleedlatif1 merged 4 commits intostagingfrom
waleedlatif1 merged 4 commits intostagingfrom
Conversation
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
1 Skipped Deployment
|
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Greptile Summary
This PR introduces a comprehensive email validation system to prevent email bouncing and improve deliverability across the Sim platform. The changes replace basic regex-based email validation with a sophisticated validation module that includes RFC 5322 syntax checking, disposable email provider detection, suspicious pattern filtering, and optional MX record verification.
The new validation system provides two main functions: quickValidateEmail for performance-critical scenarios (skips MX record checks) and validateEmail for thorough validation with MX record verification. This dual approach allows the application to balance performance with validation thoroughness based on context.
Key integration points include:
- Authentication flows: Updated login and signup forms to use the new validation before form submission
- Organization management: Enhanced invitation and member management with better email filtering
- Middleware protection: Added verification requirement enforcement to prevent authenticated users from bypassing email verification
- OTP verification: Fixed security vulnerability by properly clearing verification cookies after successful email confirmation
The validation module maintains a hardcoded list of disposable email domains and implements timeout handling for MX record lookups. Test files were updated to use user@company.com instead of test@example.com to ensure compatibility with the new validation rules.
PR Description Notes:
- The PR description is incomplete with empty summary, unchecked type of change, and missing testing details
- Issue reference shows placeholder
#(issue)instead of actual issue number
Confidence score: 3/5
- This PR requires careful review due to the comprehensive changes to email validation across critical authentication flows
- Score reflects concerns about the
@types/nodedowngrade, incomplete test coverage, and potential breaking changes for legitimate emails - Pay close attention to the middleware changes, email validation logic, and the
@types/nodeversion downgrade in package.json
17 files reviewed, 8 comments
Comment on lines
+25
to
39
| const validateEmailField = (emailValue: string): string[] => { | ||
| const errors: string[] = [] | ||
|
|
||
| if (!emailValue || !emailValue.trim()) { | ||
| errors.push('Email is required.') | ||
| return errors | ||
| } | ||
|
|
||
| const validation = quickValidateEmail(emailValue.trim().toLowerCase()) | ||
| if (!validation.isValid) { | ||
| errors.push(validation.reason || 'Please enter a valid email address.') | ||
| } | ||
|
|
||
| return errors | ||
| } |
Contributor
There was a problem hiding this comment.
style: Consider extracting this validation logic into the centralized validation utility to maintain consistency with other forms
Context Used: Context - When defining properties for components, use a dedicated config file (.ts) for configuration and keep rendered components in their respective component files. (link)
| it('should validate quickly without MX check', () => { | ||
| const result = quickValidateEmail('user@example.com') | ||
| expect(result.isValid).toBe(true) | ||
| expect(result.checks.mxRecord).toBe(true) // Skipped, so assumed true |
Contributor
There was a problem hiding this comment.
style: The comment assumes MX record is skipped and set to true, but this might be confusing. The quick validation actually sets mxRecord: true by default, not because it's skipped.
Comment on lines
+212
to
+214
| const validEmails = uniqueEmails.filter( | ||
| (email) => quickValidateEmail(email.trim().toLowerCase()).isValid | ||
| ) |
Contributor
There was a problem hiding this comment.
logic: Email normalization with .trim().toLowerCase() should happen before deduplication on line 211 to ensure duplicate detection works correctly with emails that differ only in case or whitespace.
Comment on lines
+204
to
208
| const normalized = email.trim().toLowerCase() | ||
| const validation = quickValidateEmail(normalized) | ||
| return validation.isValid ? normalized : null | ||
| }) | ||
| .filter(Boolean) as string[] |
Contributor
There was a problem hiding this comment.
style: Email normalization is now done inline instead of using a centralized utility. Consider extracting this normalization logic to maintain consistency across the codebase.
Comment on lines
+405
to
406
| (email: string) => !quickValidateEmail(email.trim().toLowerCase()).isValid | ||
| ), |
Contributor
There was a problem hiding this comment.
logic: Duplicate normalization logic - email is processed twice with trim().toLowerCase(). This creates inconsistency and potential performance impact.
| const checks = { | ||
| syntax: false, | ||
| domain: false, | ||
| mxRecord: true, // Skip MX check for performance |
Contributor
There was a problem hiding this comment.
style: Setting mxRecord to true when skipping the check could be misleading - consider setting to null or adding a 'skipped' field to indicate this check wasn't performed
| try { | ||
| const mxCheckPromise = checkMXRecord(domain) | ||
| const timeoutPromise = new Promise<boolean>((_, reject) => | ||
| setTimeout(() => reject(new Error('MX check timeout')), 5000) |
Contributor
There was a problem hiding this comment.
logic: The timeout promise creates a timer that isn't cleaned up if MX check completes first, which could cause memory leaks in high-volume scenarios
| 'spam4.me', | ||
| 'tempail.com', | ||
| 'tempr.email', | ||
| 'dispostable.com', |
Contributor
There was a problem hiding this comment.
syntax: Typo in domain name - should be 'disposable.com' not 'dispostable.com'
waleedlatif1
changed the title
waleedlatif1
force-pushed
the
fix/email-validation
branch
from
0200861 to
75fd0b8
Compare
waleedlatif1
added a commit
that referenced
this pull request
Aug 9, 2025
…ypes (#919) * feat(execution-filesystem): system to pass files between blocks (#866) * feat(files): pass files between blocks * presigned URL for downloads * Remove latest migration before merge * starter block file upload wasn't getting logged * checkpoint in human readable form * checkpoint files / file type outputs * file downloads working for block outputs * checkpoint file download * fix type issues * remove filereference interface with simpler user file interface * show files in the tag dropdown for start block * more migration to simple url object, reduce presigned time to 5 min * Remove migration 0065_parallel_nightmare and related files - Deleted apps/sim/db/migrations/0065_parallel_nightmare.sql - Deleted apps/sim/db/migrations/meta/0065_snapshot.json - Removed 0065 entry from apps/sim/db/migrations/meta/_journal.json Preparing for merge with origin/staging and migration regeneration * add migration files * fix tests * Update apps/sim/lib/uploads/setup.ts Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> * Update apps/sim/lib/workflows/execution-file-storage.ts Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> * Update apps/sim/lib/workflows/execution-file-storage.ts Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> * cleanup types * fix lint * fix logs typing for file refs * open download in new tab * fixed * Update apps/sim/tools/index.ts Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> * fix file block * cleanup unused code * fix bugs * remove hacky file id logic * fix drag and drop * fix tests --------- Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> * feat(trigger-mode): added trigger-mode to workflow_blocks table (#902) * fix(schedules-perms): use regular perm system to view/edit schedule info (#901) * fix(schedules-perms): use regular perm system to view schedule info * fix perms * improve logging * feat(webhooks): deprecate singular webhook block + add trigger mode to blocks (#903) * feat(triggers): added new trigger mode for blocks, added socket event, ran migrations * Rename old trigger/ directory to background/ * cleaned up, ensured that we display active webhook at the block-level * fix submenu in tag dropdown * keyboard nav on tag dropdown submenu * feat(triggers): add outlook to new triggers system * cleanup * add types to tag dropdown, type all outputs for tools and use that over block outputs * update doc generator to truly reflect outputs * fix docs * add trigger handler * fix active webhook tag * tag dropdown fix for triggers * remove trigger mode schema change * feat(execution-filesystem): system to pass files between blocks (#866) * feat(files): pass files between blocks * presigned URL for downloads * Remove latest migration before merge * starter block file upload wasn't getting logged * checkpoint in human readable form * checkpoint files / file type outputs * file downloads working for block outputs * checkpoint file download * fix type issues * remove filereference interface with simpler user file interface * show files in the tag dropdown for start block * more migration to simple url object, reduce presigned time to 5 min * Remove migration 0065_parallel_nightmare and related files - Deleted apps/sim/db/migrations/0065_parallel_nightmare.sql - Deleted apps/sim/db/migrations/meta/0065_snapshot.json - Removed 0065 entry from apps/sim/db/migrations/meta/_journal.json Preparing for merge with origin/staging and migration regeneration * add migration files * fix tests * Update apps/sim/lib/uploads/setup.ts Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> * Update apps/sim/lib/workflows/execution-file-storage.ts Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> * Update apps/sim/lib/workflows/execution-file-storage.ts Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> * cleanup types * fix lint * fix logs typing for file refs * open download in new tab * fixed * Update apps/sim/tools/index.ts Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> * fix file block * cleanup unused code * fix bugs * remove hacky file id logic * fix drag and drop * fix tests --------- Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> * feat(trigger-mode): added trigger-mode to workflow_blocks table (#902) * fix(schedules-perms): use regular perm system to view/edit schedule info (#901) * fix(schedules-perms): use regular perm system to view schedule info * fix perms * improve logging * cleanup * prevent tooltip showing up on modal open * updated trigger config * fix type issues --------- Co-authored-by: Vikhyath Mondreti <vikhyathvikku@gmail.com> Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> Co-authored-by: Vikhyath Mondreti <vikhyath@simstudio.ai> * fix(helm): fix helm charts migrations using wrong image (#907) * fix(helm): fix helm charts migrations using wrong image * fixed migrations * feat(whitelist): add email & domain-based whitelisting for signups (#908) * improvement(helm): fix duplicate SOCKET_SERVER_URL and add additional envvars to template (#909) * improvement(helm): fix duplicate SOCKET_SERVER_URL and add additional envvars to template * rm serper & freestyle * improvement(tag-dropdown): typed tag dropdown values (#910) * fix(min-chunk): remove minsize for chunk (#911) * fix(min-chunk): remove minsize for chunk * fix tests * improvement(chunk-config): migrate unused default for consistency (#913) * fix(mailer): update mailer to use the EMAIL_DOMAIN (#914) * fix(mailer): update mailer to use the EMAIL_DOMAIn * add more * Improvement(cc): added cc to gmail and outlook (#900) * changed just gmail * bun run lint * fixed bcc * updated docs --------- Co-authored-by: Adam Gough <adamgough@Mac.attlocal.net> Co-authored-by: waleedlatif1 <walif6@gmail.com> * fix(email-validation): add email validation to prevent bouncing, fixed OTP validation (#916) * feat(email-validation): add email validation to prevent bouncing * removed suspicious patterns * fix(verification): fixed OTP verification * fix failing tests, cleanup * fix(otp): fix email not sending (#917) * fix(email): manual OTP instead of better-auth (#921) * fix(email): manual OTP instead of better-auth * lint --------- Co-authored-by: Vikhyath Mondreti <vikhyathvikku@gmail.com> Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> Co-authored-by: Vikhyath Mondreti <vikhyath@simstudio.ai> Co-authored-by: Adam Gough <77861281+aadamgough@users.noreply.github.com> Co-authored-by: Adam Gough <adamgough@Mac.attlocal.net>
arenadeveloper02
pushed a commit
to arenadeveloper02/p2-sim
that referenced
this pull request
Sep 19, 2025
…d OTP validation (simstudioai#916) * feat(email-validation): add email validation to prevent bouncing * removed suspicious patterns * fix(verification): fixed OTP verification * fix failing tests, cleanup
arenadeveloper02
pushed a commit
to arenadeveloper02/p2-sim
that referenced
this pull request
Sep 19, 2025
…ypes (simstudioai#919) * feat(execution-filesystem): system to pass files between blocks (simstudioai#866) * feat(files): pass files between blocks * presigned URL for downloads * Remove latest migration before merge * starter block file upload wasn't getting logged * checkpoint in human readable form * checkpoint files / file type outputs * file downloads working for block outputs * checkpoint file download * fix type issues * remove filereference interface with simpler user file interface * show files in the tag dropdown for start block * more migration to simple url object, reduce presigned time to 5 min * Remove migration 0065_parallel_nightmare and related files - Deleted apps/sim/db/migrations/0065_parallel_nightmare.sql - Deleted apps/sim/db/migrations/meta/0065_snapshot.json - Removed 0065 entry from apps/sim/db/migrations/meta/_journal.json Preparing for merge with origin/staging and migration regeneration * add migration files * fix tests * Update apps/sim/lib/uploads/setup.ts Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> * Update apps/sim/lib/workflows/execution-file-storage.ts Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> * Update apps/sim/lib/workflows/execution-file-storage.ts Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> * cleanup types * fix lint * fix logs typing for file refs * open download in new tab * fixed * Update apps/sim/tools/index.ts Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> * fix file block * cleanup unused code * fix bugs * remove hacky file id logic * fix drag and drop * fix tests --------- Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> * feat(trigger-mode): added trigger-mode to workflow_blocks table (simstudioai#902) * fix(schedules-perms): use regular perm system to view/edit schedule info (simstudioai#901) * fix(schedules-perms): use regular perm system to view schedule info * fix perms * improve logging * feat(webhooks): deprecate singular webhook block + add trigger mode to blocks (simstudioai#903) * feat(triggers): added new trigger mode for blocks, added socket event, ran migrations * Rename old trigger/ directory to background/ * cleaned up, ensured that we display active webhook at the block-level * fix submenu in tag dropdown * keyboard nav on tag dropdown submenu * feat(triggers): add outlook to new triggers system * cleanup * add types to tag dropdown, type all outputs for tools and use that over block outputs * update doc generator to truly reflect outputs * fix docs * add trigger handler * fix active webhook tag * tag dropdown fix for triggers * remove trigger mode schema change * feat(execution-filesystem): system to pass files between blocks (simstudioai#866) * feat(files): pass files between blocks * presigned URL for downloads * Remove latest migration before merge * starter block file upload wasn't getting logged * checkpoint in human readable form * checkpoint files / file type outputs * file downloads working for block outputs * checkpoint file download * fix type issues * remove filereference interface with simpler user file interface * show files in the tag dropdown for start block * more migration to simple url object, reduce presigned time to 5 min * Remove migration 0065_parallel_nightmare and related files - Deleted apps/sim/db/migrations/0065_parallel_nightmare.sql - Deleted apps/sim/db/migrations/meta/0065_snapshot.json - Removed 0065 entry from apps/sim/db/migrations/meta/_journal.json Preparing for merge with origin/staging and migration regeneration * add migration files * fix tests * Update apps/sim/lib/uploads/setup.ts Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> * Update apps/sim/lib/workflows/execution-file-storage.ts Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> * Update apps/sim/lib/workflows/execution-file-storage.ts Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> * cleanup types * fix lint * fix logs typing for file refs * open download in new tab * fixed * Update apps/sim/tools/index.ts Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> * fix file block * cleanup unused code * fix bugs * remove hacky file id logic * fix drag and drop * fix tests --------- Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> * feat(trigger-mode): added trigger-mode to workflow_blocks table (simstudioai#902) * fix(schedules-perms): use regular perm system to view/edit schedule info (simstudioai#901) * fix(schedules-perms): use regular perm system to view schedule info * fix perms * improve logging * cleanup * prevent tooltip showing up on modal open * updated trigger config * fix type issues --------- Co-authored-by: Vikhyath Mondreti <vikhyathvikku@gmail.com> Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> Co-authored-by: Vikhyath Mondreti <vikhyath@simstudio.ai> * fix(helm): fix helm charts migrations using wrong image (simstudioai#907) * fix(helm): fix helm charts migrations using wrong image * fixed migrations * feat(whitelist): add email & domain-based whitelisting for signups (simstudioai#908) * improvement(helm): fix duplicate SOCKET_SERVER_URL and add additional envvars to template (simstudioai#909) * improvement(helm): fix duplicate SOCKET_SERVER_URL and add additional envvars to template * rm serper & freestyle * improvement(tag-dropdown): typed tag dropdown values (simstudioai#910) * fix(min-chunk): remove minsize for chunk (simstudioai#911) * fix(min-chunk): remove minsize for chunk * fix tests * improvement(chunk-config): migrate unused default for consistency (simstudioai#913) * fix(mailer): update mailer to use the EMAIL_DOMAIN (simstudioai#914) * fix(mailer): update mailer to use the EMAIL_DOMAIn * add more * Improvement(cc): added cc to gmail and outlook (simstudioai#900) * changed just gmail * bun run lint * fixed bcc * updated docs --------- Co-authored-by: Adam Gough <adamgough@Mac.attlocal.net> Co-authored-by: waleedlatif1 <walif6@gmail.com> * fix(email-validation): add email validation to prevent bouncing, fixed OTP validation (simstudioai#916) * feat(email-validation): add email validation to prevent bouncing * removed suspicious patterns * fix(verification): fixed OTP verification * fix failing tests, cleanup * fix(otp): fix email not sending (simstudioai#917) * fix(email): manual OTP instead of better-auth (simstudioai#921) * fix(email): manual OTP instead of better-auth * lint --------- Co-authored-by: Vikhyath Mondreti <vikhyathvikku@gmail.com> Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> Co-authored-by: Vikhyath Mondreti <vikhyath@simstudio.ai> Co-authored-by: Adam Gough <77861281+aadamgough@users.noreply.github.com> Co-authored-by: Adam Gough <adamgough@Mac.attlocal.net>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Add email validation to prevent bouncing, fixed OTP validation
Type of Change
Testing
Tested manually
Checklist