NIHVIVO-2279 When the user enters an email address, confirm that it is in a valid form.

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/RootUserPolicy.java

@@ -126,6 +126,13 @@ public class RootUserPolicy implements PolicyIface {
 								+ PROPERTY_ROOT_USER_EMAIL + "'");
 			}
 
+			if (!Authenticator.isValidEmailAddress(emailAddress)) {
+				throw new IllegalStateException("Value for '"
+						+ PROPERTY_ROOT_USER_EMAIL
+						+ "' is not a valid email address: '" + emailAddress
+						+ "'");
+			}
+
 			if (null != uaDao.getUserAccountByEmail(emailAddress)) {
 				throw new IllegalStateException("Can't create root user - "
 						+ "an account already exists with email address '"

webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/admin/UserAccountsAddPage.java

@@ -10,6 +10,7 @@ import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
 import edu.cornell.mannlib.vitro.webapp.beans.UserAccount.Status;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
 import edu.cornell.mannlib.vitro.webapp.controller.accounts.UserAccountsPage;
+import edu.cornell.mannlib.vitro.webapp.controller.authenticate.Authenticator;
 import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.ResponseValues;
 import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.TemplateResponseValues;
 
@@ -28,6 +29,7 @@ public class UserAccountsAddPage extends UserAccountsPage {
 
 	private static final String ERROR_NO_EMAIL = "errorEmailIsEmpty";
 	private static final String ERROR_EMAIL_IN_USE = "errorEmailInUse";
+	private static final String ERROR_EMAIL_INVALID_FORMAT = "errorEmailInvalidFormat";
 	private static final String ERROR_NO_FIRST_NAME = "errorFirstNameIsEmpty";
 	private static final String ERROR_NO_LAST_NAME = "errorLastNameIsEmpty";
 	private static final String ERROR_NO_ROLE = "errorNoRoleSelected";
@@ -84,6 +86,8 @@ public class UserAccountsAddPage extends UserAccountsPage {
 			errorCode = ERROR_NO_EMAIL;
 		} else if (isEmailInUse()) {
 			errorCode = ERROR_EMAIL_IN_USE;
+		} else if (!isEmailValidFormat()) {
+			errorCode = ERROR_EMAIL_INVALID_FORMAT;
 		} else if (firstName.isEmpty()) {
 			errorCode = ERROR_NO_FIRST_NAME;
 		} else if (lastName.isEmpty()) {
@@ -99,6 +103,10 @@ public class UserAccountsAddPage extends UserAccountsPage {
 		return userAccountsDao.getUserAccountByEmail(emailAddress) != null;
 	}
 
+	private boolean isEmailValidFormat() {
+		return Authenticator.isValidEmailAddress(emailAddress);
+	}
+	
 	public boolean isValid() {
 		return errorCode.isEmpty();
 	}

webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/admin/UserAccountsEditPage.java

@@ -14,6 +14,7 @@ import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
 import edu.cornell.mannlib.vitro.webapp.controller.accounts.UserAccountsPage;
 import edu.cornell.mannlib.vitro.webapp.controller.accounts.user.UserAccountsUserController;
+import edu.cornell.mannlib.vitro.webapp.controller.authenticate.Authenticator;
 import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.ResponseValues;
 import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.TemplateResponseValues;
 
@@ -34,6 +35,7 @@ public class UserAccountsEditPage extends UserAccountsPage {
 
 	private static final String ERROR_NO_EMAIL = "errorEmailIsEmpty";
 	private static final String ERROR_EMAIL_IN_USE = "errorEmailInUse";
+	private static final String ERROR_EMAIL_INVALID_FORMAT = "errorEmailInvalidFormat";
 	private static final String ERROR_NO_FIRST_NAME = "errorFirstNameIsEmpty";
 	private static final String ERROR_NO_LAST_NAME = "errorLastNameIsEmpty";
 	private static final String ERROR_NO_ROLE = "errorNoRoleSelected";
@@ -113,6 +115,8 @@ public class UserAccountsEditPage extends UserAccountsPage {
 			errorCode = ERROR_NO_EMAIL;
 		} else if (emailIsChanged() && isEmailInUse()) {
 			errorCode = ERROR_EMAIL_IN_USE;
+		} else if (!isEmailValidFormat()) {
+			errorCode = ERROR_EMAIL_INVALID_FORMAT;
 		} else if (firstName.isEmpty()) {
 			errorCode = ERROR_NO_FIRST_NAME;
 		} else if (lastName.isEmpty()) {
@@ -132,6 +136,10 @@ public class UserAccountsEditPage extends UserAccountsPage {
 		return userAccountsDao.getUserAccountByEmail(emailAddress) != null;
 	}
 
+	private boolean isEmailValidFormat() {
+		return Authenticator.isValidEmailAddress(emailAddress);
+	}
+	
 	public boolean isValid() {
 		return errorCode.isEmpty();
 	}

webapp/src/edu/cornell/mannlib/vitro/webapp/controller/accounts/user/UserAccountsMyAccountPage.java

@@ -13,6 +13,7 @@ import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
 import edu.cornell.mannlib.vitro.webapp.controller.accounts.UserAccountsPage;
 import edu.cornell.mannlib.vitro.webapp.controller.accounts.admin.UserAccountsEditPage;
+import edu.cornell.mannlib.vitro.webapp.controller.authenticate.Authenticator;
 import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.ResponseValues;
 import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.TemplateResponseValues;
 
@@ -30,6 +31,7 @@ public class UserAccountsMyAccountPage extends UserAccountsPage {
 
 	private static final String ERROR_NO_EMAIL = "errorEmailIsEmpty";
 	private static final String ERROR_EMAIL_IN_USE = "errorEmailInUse";
+	private static final String ERROR_EMAIL_INVALID_FORMAT = "errorEmailInvalidFormat";
 	private static final String ERROR_NO_FIRST_NAME = "errorFirstNameIsEmpty";
 	private static final String ERROR_NO_LAST_NAME = "errorLastNameIsEmpty";
 
@@ -87,6 +89,8 @@ public class UserAccountsMyAccountPage extends UserAccountsPage {
 			errorCode = ERROR_NO_EMAIL;
 		} else if (emailIsChanged() && isEmailInUse()) {
 			errorCode = ERROR_EMAIL_IN_USE;
+		} else if (!isEmailValidFormat()) {
+			errorCode = ERROR_EMAIL_INVALID_FORMAT;
 		} else if (firstName.isEmpty()) {
 			errorCode = ERROR_NO_FIRST_NAME;
 		} else if (lastName.isEmpty()) {
@@ -104,6 +108,10 @@ public class UserAccountsMyAccountPage extends UserAccountsPage {
 		return userAccountsDao.getUserAccountByEmail(emailAddress) != null;
 	}
 
+	private boolean isEmailValidFormat() {
+		return Authenticator.isValidEmailAddress(emailAddress);
+	}
+
 	public boolean isValid() {
 		return errorCode.isEmpty();
 	}

webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/Authenticator.java

@@ -6,6 +6,8 @@ import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.util.List;
 
+import javax.mail.internet.AddressException;
+import javax.mail.internet.InternetAddress;
 import javax.servlet.http.HttpServletRequest;
 
 import org.apache.commons.codec.binary.Hex;
@@ -144,8 +146,30 @@ public abstract class Authenticator {
 		}
 	}
 
+	/**
+	 * Check whether the form of the emailAddress is syntactically correct. Does
+	 * not allow multiple addresses. Does not allow local addresses (without a
+	 * hostname).
+	 * 
+	 * Does not confirm that the host actually exists, or has a mailbox by that
+	 * name.
+	 */
 	public static boolean isValidEmailAddress(String emailAddress) {
-		// TODO check for valid syntax.
-		return (emailAddress != null) && (!emailAddress.isEmpty());
+		try {
+			// InternetAddress constructor will throw an exception if the
+			// address does not have valid format (if "strict" is true).
+			@SuppressWarnings("unused")
+			InternetAddress a = new InternetAddress(emailAddress, true);
+
+			// InternetAddress permits a localname without hostname.
+			// Guard against that.
+			if (emailAddress.indexOf('@') == -1) {
+				return false;
+			}
+
+			return true;
+		} catch (AddressException e) {
+			return false;
+		}
 	}
 }

webapp/web/templates/freemarker/body/accounts/userAccounts-add.ftl

@@ -12,6 +12,10 @@
         <#assign errorMessage = "An account with that email address already exists." />
     </#if>
     
+    <#if errorEmailInvalidFormat??>
+        <#assign errorMessage = "'${emailAddress}' is not a valid email address." />
+    </#if>
+    
     <#if errorFirstNameIsEmpty??>
         <#assign errorMessage = "You must supply a first name." />
     </#if>

webapp/web/templates/freemarker/body/accounts/userAccounts-edit.ftl

@@ -12,6 +12,10 @@
         <#assign errorMessage = "An account with that email address already exists." />
     </#if>
     
+    <#if errorEmailInvalidFormat??>
+        <#assign errorMessage = "'${emailAddress}' is not a valid email address." />
+    </#if>
+    
     <#if errorFirstNameIsEmpty??>
         <#assign errorMessage = "You must supply a first name." />
     </#if>

webapp/web/templates/freemarker/body/accounts/userAccounts-myAccount.ftl

@@ -12,6 +12,10 @@
         <#assign errorMessage = "An account with that email address already exists." />
     </#if>
     
+    <#if errorEmailInvalidFormat??>
+        <#assign errorMessage = "'${emailAddress}' is not a valid email address." />
+    </#if>
+    
     <#if errorFirstNameIsEmpty??>
         <#assign errorMessage = "You must supply a first name." />
     </#if>