blob: 1794ad77adbc5aa424337375517ad94397cb019c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
---
layout: post
title: Version 2.0 – email validation
author: matthew
---
When someone enters an email address on FixMyStreet, we try and do some simple
validation before sending a confirmation email, to catch typos and the like. We
do the following:
* Check the address is correctly formed (e.g. that it contains an @ sign and a
domain, and doesn't include irregular characters, etc);
* Check that the email address's domain is a valid top-level domain (TLD) (it's
not going to be delivered anywhere if it's not); and
* Check that the email address's domain has a valid DNS entry (so we'll be
able to try and deliver an email there).
The middle point means using a Perl module,
[Net::Domain::TLD](https://metacpan.org/pod/Net::Domain::TLD), that contains a
list of all valid TLDs. This list has grown since we last updated it, and we
found ourselves incorrectly rejecting an email address that was perfectly valid
(a @domain.cymru address). It was at least easy to update our version of
Net::Domain::TLD to ensure that our list of top-level domains is current.
## Changing your email address
The confirmation email is itself another form of validation, and the only one
that can actually confirm that the user entering the email address has access
to that email inbox.
Version 2 of FixMyStreet now allows users to change their own email address,
which threw up a complication – we can’t update the user’s table to their new
email address until it’s been confirmed.
So we have to store their old email address with the token that is sent to the
new one. When the new address has been confirmed, we deal with it differently
depending on whether or not that address already exists in the database. If it
does, it's a matter of merging the two accounts.
|
