search

rui-han-crh / pe

0 stars 0 forks source link

Adding of a person with a valid email as defined in the program does not work #3

Open rui-han-crh opened 1 year ago

rui-han-crh commented 1 year ago

Description

The program refuses the addition of a person in the email contains symbols with permitted characters adajcent to each other.

This is despite the program allowing such characters to exist without mentioning any restrictions, and that emails like this can exist in the real world as well.

Justification for Severity: Medium

In the worse case, the user will never be able to enter a real email in this format. This may really decrease the utility of the email descriptor. In the best case, the users must keep a memo as a roundabout way to inform themselves of the true email.

Steps to reproduce

  1. In the command box, attempt to add a person with this command,

add n/Samuel Chen m/Medicine e/samuelcheong-+.-doesnotend@gmail.com p/65782310 s/Merit as/pending

  1. Observe the error message, and that this is not allowed.

image.png

Similar email formats:

e/john.apple--seed@gmail.com

e/john+.appleseed@gmail.com

c++_administrator@gmail.com

nus-se-script commented 1 year ago

Team's Response

Justification for downgrade from severity.Medium to severity.Low:

image.png

image.png

Foremost, based on the "real-world" examples provided by the tester, our team tried to create those test accounts, which were rejected by the email servers. Moreover, since our TrackAScholar only contains verified data (administrative staffs will do one round of internal verification before keying in), it is very unlikely the above scenario will happen.

However, our group do acknowledge that we could have modified our error messages, so as to avoid the above misunderstanding. Therefore, the team would like to rate this issue as severity low.

Items for the Tester to Verify

:question: Issue severity

Team chose [severity.Low] Originally [severity.Medium]

Reason for disagreement: I'm just disagreeing with the idea that real world email addresses may not contain the email addresses with adjacent special characters (although I agree with there something wrong with the first and last example I provided). Just because Google's servers do not allow a specific format of emails during registration does not mean that that email format is not allowed at all.

Here's an example of Microsoft's Outlook:

john.apple--seed@outlook.com

image.png

But in TrackAScholar:

image.png

Here's another example in Gmail:

image.png

I've blanked out my email addresses, but if you want to recreate this, here are the steps in Gmail:

  1. Log into your Gmail Account
  2. Click the Settings (Gear Icon on the top right)
  3. When the sidebar opens, click on "See all settings"
  4. When brought to a new page, click on "Accounts and Imports" (4th from the left)
  5. Under the "Send mail as section", click on "Add another email address"
  6. Type the first part of your original local name, followed by "++" and your new email address name, then "@" and the domain part, i.e. <old_address>++<new_address>@gmail.com`

We may verify that this is a valid email address.

I get the point that administrative staff will do a round of validation checking before email entries, but these email addresses are valid by convention, so they'll pass validation checks. I'm maintaining a severity Medium because I think this may cause some occasional inconvenience, but users can still use the product with roundabout ways to bypass this situation.