Error when validating an existing email with hyphen (-) symbols when having a subdomain

colinhacks / zod

TypeScript-first schema validation with static type inference

https://zod.dev

MIT License

32.99k stars 1.14k forks source link

Error when validating an existing email with hyphen (-) symbols when having a subdomain #2540

Open rafaell-lycan opened 1 year ago

rafaell-lycan commented 1 year ago

Hi,

I'm getting a strange error when parsing an email that contains a hyphen (-) when having a subdomain:

Example of a valid email:

me@.main-domain.com # works
me@subdomain.maindomain.com # works
me@subdomain.main-domain.com # error

Error:

Invalid data: ZodError: [
  {
    "validation": "email",
    "code": "invalid_string",
    "message": "Invalid email",
    "path": [
      "email"
    ]
  }
]

This started happening when upgrading from 3.20.x to 3.21.x

The only I could think about was to use a Regex instead:

z.string().regex(/^[a-zA-Z0-9_!#$%&’*+/=?`{|}~^.-]+@[a-zA-Z0-9.-]+$/)

Any ideas or workaround on it?

askkaz commented 1 year ago

seeing this as well

AllanSimoyi commented 1 year ago

@fvckDesa perhaps PR #1979 could be where hyphens got negated. Regex's not my strong suit, perhaps you could confirm.

fvckDesa commented 1 year ago

@AllanSimoyi the regex that I had wrote in PR #1982 was changed with another

phil-loops commented 1 year ago

I've inspected the latest released package 3.21.4, and it's using the regex/^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[(((25[0-5])|(2[0-4][0-9])|(1[0-9]{2})|([0-9]{1,2}))\.){3}((25[0-5])|(2[0-4][0-9])|(1[0-9]{2})|([0-9]{1,2}))\])|(\[IPv6:(([a-f0-9]{1,4}:){7}|::([a-f0-9]{1,4}:){0,6}|([a-f0-9]{1,4}:){1}:([a-f0-9]{1,4}:){0,5}|([a-f0-9]{1,4}:){2}:([a-f0-9]{1,4}:){0,4}|([a-f0-9]{1,4}:){3}:([a-f0-9]{1,4}:){0,3}|([a-f0-9]{1,4}:){4}:([a-f0-9]{1,4}:){0,2}|([a-f0-9]{1,4}:){5}:([a-f0-9]{1,4}:){0,1})([a-f0-9]{1,4}|(((25[0-5])|(2[0-4][0-9])|(1[0-9]{2})|([0-9]{1,2}))\.){3}((25[0-5])|(2[0-4][0-9])|(1[0-9]{2})|([0-9]{1,2})))\])|([A-Za-z0-9]([A-Za-z0-9-]*[A-Za-z0-9])*(\.[A-Za-z]{2,})+))$/

However, I've noticed that this has been switched out in the current codebase with the regex /^([A-Z0-9_+-]+\.?)*[A-Z0-9_+-]@([A-Z0-9][A-Z0-9\-]*\.)+[A-Z]{2,}$/i; which appears to be an improvement (or at least a bit more accepting).

I dunno when the next version rolls out, but on paper, this change should address the issue we're seeing

rafaell-lycan commented 1 year ago

@phil-loops the current regex you send doesn't validate the presence of hyphens (-) on all scenarios after the first dot (.)

Is there anything we can do to fix it?

phil-loops commented 1 year ago

@rafaell-lycan to get the zod regex modified, you'd have to submit a PR and wait for the next package to come out.

Otherwise, if you want to roll your own email validation, you could do something like z.string().regex(/..../) with whatever rules you want

rafaell-lycan commented 1 year ago

@phil-loops for now I'm using a custom Regex which is the previous one used at v3.20.6 after avoiding updating to v3.21.x which we saw some performance gains.

For anyone else looking for a fix with previous email regex:

const EMAIL_REGEX = /^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|([^-]([a-zA-Z0-9-]*\.)+[a-zA-Z]{2,}))$/;

z.string().regex(EMAIL_REGEX)

mgdigital commented 7 months ago

I'm also seeing this- any progress on a fix?

benln commented 5 months ago

This is fixed in https://github.com/colinhacks/zod/releases/tag/v3.22.0