Disallow non-ASCII in email domain

Author: harminius

server/mergin/auth/forms.py

@@ -48,9 +48,12 @@ class ExtendedEmail(Email):
     1. spaces,
     2. special characters ,:;()<>[]\"
     3, multiple @ symbols,
-    4, leading, trailing, or consecutive dots in the local part
-    5, invalid domain part - missing top level domain (user@example), consecutive dots
-    Custom check for additional invalid characters disallows |'— because they make our email sending service to fail
+    4, leading, trailing, or consecutive dots in the local part,
+    5, invalid domain part - missing top level domain (user@example), consecutive dots,
+    Custom check for
+    - additional invalid characters disallows |'—
+    - non-ASCII characters in the domain part
+    because they make our email sending service to fail
     """
 
     def __call__(self, form, field):
@@ -61,6 +64,17 @@ def __call__(self, form, field):
                 f"Email address '{field.data}' contains an invalid character."
             )
 
+        try:
+            local_part, domain_part = field.data.rsplit("@", 1)
+        except ValueError:
+            raise ValidationError(f"Invalid email address '{field.data}'.")
+
+        # character is one of the standard ASCII characters (0–127)
+        if not all(ord(c) < 128 for c in domain_part):
+            raise ValidationError(
+                f"Email address '{field.data}' contains non-ASCII characters in the domain part."
+            )
+
 
 class PasswordValidator:
     def __init__(self, min_length=8):

server/mergin/tests/test_auth.py

@@ -128,6 +128,7 @@ def test_logout(client):
     ("verylonglonglonglonglonglonglongemail@example.com", "#pwd1234", 201),
     ("us.er@mergin.com", "#pwd1234", 201),  # dot is allowed
     ("us er@mergin.com", "#pwd1234", 400),  # space is disallowed
+    ("test@gmaiñ.com", "#pwd1234", 400),  # non-ASCII character in the domain
 ]