magento / magento2-jp

Magento Community Project for providing best experience for Japanese market
Open Software License 3.0
24 stars 34 forks source link

Email address soft check #28

Open vkublytskyi opened 6 years ago

vkublytskyi commented 6 years ago

In Japan email address not corresponding to ISO are widely used. As they are not valid from the standard point of view Magento does not accept them. Core should provide possibility to disable this check. The same issue with recently added top level domains (e.g. magento/magento2#11945 and magento/magento2#11689).

On of possible approach is to provide a configuration option to admin that will allow "soft email validation" which will validate that email has format <username with any characters except @>@<domain with any characters except @>. By default this option should be disabled so behaviour will remain the same.

piotrekkaminski commented 6 years ago

Agree with this task (a configuration option, off by default) (although i would prefer to have a working validator that can recognize also Japanese variations in email addresses). However we should still have some level of validation - eg a newline character cannot be used etc - to avoid abusing functionality as spam generator - we have many reports of create account being used this way with spam content being put in name field.

vkublytskyi commented 6 years ago

@piotrekkaminski I understand security issues related to simplifying validation. But I'm not sure that we can make the decision what would be optimal for all users. That's why my proposal is to provide a basic implementation with a possibility to switch email validation strategy (so merchant will be able to take a decision what is more important allow all users to register or have no spam messages) and will also provide explicit extension point for system integrator programmatically implement solution required for particular merchant if basic implementation is not suitable.

piotrekkaminski commented 6 years ago

ok makes sense