From ab2c2ea60543f70621f930122b641e38e6913e06 Mon Sep 17 00:00:00 2001
From: Arpit Jalan <arpit@techapj.com>
Date: Wed, 6 Feb 2019 22:38:06 +0530
Subject: [PATCH] FIX: validate Invite email against
 `EmailValidator.email_regex` (#6975)

---
 app/models/invite.rb                     | 2 +-
 spec/models/invite_spec.rb               | 8 +++++++-
 spec/requests/invites_controller_spec.rb | 3 ++-
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/app/models/invite.rb b/app/models/invite.rb
index 2a7f96876aa..b2012405365 100644
--- a/app/models/invite.rb
+++ b/app/models/invite.rb
@@ -16,7 +16,7 @@ class Invite < ActiveRecord::Base
   has_many :topic_invites
   has_many :topics, through: :topic_invites, source: :topic
   validates_presence_of :invited_by_id
-  validates :email, email: true
+  validates :email, email: true, format: { with: EmailValidator.email_regex }
 
   before_create do
     self.invite_key ||= SecureRandom.hex
diff --git a/spec/models/invite_spec.rb b/spec/models/invite_spec.rb
index 6ed73ee5383..15ebea3f32d 100644
--- a/spec/models/invite_spec.rb
+++ b/spec/models/invite_spec.rb
@@ -25,9 +25,15 @@ describe Invite do
 
   context 'email validators' do
     let(:coding_horror) { Fabricate(:coding_horror) }
-    let(:invite) { Invite.create(email: "test@mailinator.com", invited_by: coding_horror) }
+
+    it "should not allow an invite with unformatted email address" do
+      expect {
+        Fabricate(:invite, email: "John Doe <john.doe@example.com>")
+      }.to raise_error(ActiveRecord::RecordInvalid)
+    end
 
     it "should not allow an invite with blacklisted email" do
+      invite = Invite.create(email: "test@mailinator.com", invited_by: coding_horror)
       expect(invite).not_to be_valid
     end
 
diff --git a/spec/requests/invites_controller_spec.rb b/spec/requests/invites_controller_spec.rb
index b2b7f4152ca..9da47143384 100644
--- a/spec/requests/invites_controller_spec.rb
+++ b/spec/requests/invites_controller_spec.rb
@@ -214,8 +214,9 @@ describe InvitesController do
     end
 
     context 'with an invalid invite record' do
-      let(:invite) { Fabricate(:invite, email: "John Doe <john.doe@example.com>") }
+      let(:invite) { Fabricate(:invite) }
       it "responds with error message" do
+        invite.update_attribute(:email, "John Doe <john.doe@example.com>")
         put "/invites/show/#{invite.invite_key}.json"
         expect(response.status).to eq(200)
         json = JSON.parse(response.body)