Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Email validation enhancement #650

Open
wants to merge 11 commits into
base: main
Choose a base branch
from

Conversation

msamgan
Copy link
Contributor

@msamgan msamgan commented Sep 21, 2024

The email:rfc,dns validation rule in Laravel ensures that the email address is both correctly formatted and belongs to an actual domain that is capable of receiving emails, resulting in more reliable, secure, and accurate email handling.

@msamgan
Copy link
Contributor Author

msamgan commented Sep 21, 2024

@nunomaduro @MrPunyapal

tests/Http/Profile/EditTest.php Outdated Show resolved Hide resolved
tests/Http/Profile/EditTest.php Outdated Show resolved Hide resolved
tests/Http/Profile/EditTest.php Outdated Show resolved Hide resolved
tests/Http/Profile/EditTest.php Outdated Show resolved Hide resolved
tests/Http/Profile/EditTest.php Outdated Show resolved Hide resolved
@msamgan
Copy link
Contributor Author

msamgan commented Sep 24, 2024

@MrPunyapal thanks for letting me know about free email faker. it will be a great help in future.

tests/Http/Profile/EditTest.php Outdated Show resolved Hide resolved
Copy link
Collaborator

@CamKem CamKem left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that on some of the tests we are just testing the happy path. It might be a good idea to assert the count of error messages.

For example, the CreateTest there is multiple tests where 'terms' => true, should be in the payload, but it's not, so effectively we have a stray message in the bag we are not accounting for.

We could strengthen the tests, adding something this, ensuring the count of errors are expecting for the tests were we have failing messages.

    expect(collect(session('errors')->getBags())
        ->flatMap(fn ($bag) => $bag->all())
        ->count())->toBe(1);

Alternatively, you could use:

        ->assertValid(['name', 'username', 'password', 'password_confirmation', 'terms'])

However, if we miss adding a value to the array or later fields are added in code, a validation message could be thrown which is not picked up, or expected.

Not a huge deal & could be a seperate PR as it doesn't effect this, I just feel we need to ensure that we are making our tests more robust. With @MrPunyapal requested changes, everything else looks good.

@msamgan
Copy link
Contributor Author

msamgan commented Sep 26, 2024

@MrPunyapal can you please approve this. @steven-fox whats your opinion on this ?

Copy link
Collaborator

@steven-fox steven-fox left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only code adjustments we may need: the dns validation requires the 'intl' extension to be installed with PHP, so we may want to add that requirement to our composer file. The production server already has this installed, so no issue there, but including it in composer would be more explicit for other devs locally.

This seems OK and I suppose it would reduce a minimal amount of spam user registrations. So I don't see a big reason to not merge this;

It's just not suuuper important because we require email verification to actually sign in. If someone registers with a dud email, they won't be able to verify->login, so it's a mute point. And we already delete unverified users after 24 hours.

@msamgan
Copy link
Contributor Author

msamgan commented Sep 26, 2024

Only code adjustments we may need: the dns validation requires the 'intl' extension to be installed with PHP, so we may want to add that requirement to our composer file. The production server already has this installed, so no issue there, but including it in composer would be more explicit for other devs locally.

This seems OK and I suppose it would reduce a minimal amount of spam user registrations. So I don't see a big reason to not merge this;

It's just not suuuper important because we require email verification to actually sign in. If someone registers with a dud email, they won't be able to verify->login, so it's a mute point. And we already delete unverified users after 24 hours.

As per the request I have updated the composer.json.

@msamgan
Copy link
Contributor Author

msamgan commented Sep 29, 2024

where are we on this one ?

@MrPunyapal
Copy link
Collaborator

It has conflicts

What do you say about adding a description to it? 🤔

@msamgan
Copy link
Contributor Author

msamgan commented Sep 30, 2024

It has conflicts

What do you say about adding a description to it? 🤔

conflict resolved.
And i guess everyone know what the PR is about but still if you want, i'll definitely add a description.

@MrPunyapal
Copy link
Collaborator

It's for devs who are gonna see this PR in future.

@msamgan
Copy link
Contributor Author

msamgan commented Sep 30, 2024

It's for devs who are gonna see this PR in future.

Make sense. Thanks for the reminder.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants