search

arokor / pernr

Validation functions for Swedish national identification numbers
MIT License
3 stars 1 forks source link

Regex allows strings longern than an ssn #5

Open markysand opened 4 years ago

markysand commented 4 years ago

Regex check does not have start and end check - that means that the check is valid when a string contains and ssn, it does not have tobe an ssn.

arokor commented 4 years ago

It's been a while since I wrote this code but I think my idea here was to make the parser accept non-perfect input. The use case was mainly a user that copies a ssn into an input field may accidentally get som leading or trailing whitespace.

That being said, I fully agree that it is a little strange that "adfjasd010101-4095asdfhukdjlfsg" is parsed as a valid ssn, but I don't think I can just change the logic so that only well formed ssns are accepted, as that will break things for people using this as at fault tolerant ssn parsing lib.

Alternatives

  1. Add some kind of strict flag that tells the parser not to accept padding (but would it then accept missing '-' and two digit year?)
  2. Change the Regex so that only padding spaces are allowed (would still allow " 010101-4095 " but not "xy010101-4095x")
  3. Leave it as it is. If someone has a padded ssn they probably want to get rid of the padding which they can through this lib with new Pernr("padding010101-4095morepadding").toString({fullYear: true}) -> '20010101-4095';

I think I need to understand you use case better to determine the best way forward. What kind of padded data do you have and what do you want to do with it?

Cheers Aron

markysand commented 4 years ago

Hi Aron! Thanks for your quick response.

The use case was parsing different data to see if it was a valid ssn. At one time a Norwegian (11 digit) ssn came in and was parsed as valid. (Cut to 10 digits and by coincidence parsed as valid.

arokor commented 4 years ago

Ok, I see. Maybe the best solution would be number 2 above, i.e. change the regex so that it only allows for whitespace padding but rejects anything else (such as additional digits or characters). Would this work for you?

markysand commented 4 years ago

Totally ok with me. We already implemented a pre check with a regex before trying to instantiate perNr. So problem solved. But it would be hard for someone else to foresee that something that is not a swedish ssn could be parsed as one.