From 3b0c1da1ab3b4b0f93943e69171b0d84095283be Mon Sep 17 00:00:00 2001
From: Moritz <moritz.m@local-it.org>
Date: Thu, 16 Oct 2025 13:54:57 +0200
Subject: [PATCH] User email validation

---
 lib/accounts/user.ex | 30 +++++++++++++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

diff --git a/lib/accounts/user.ex b/lib/accounts/user.ex
index d50642f..bc64e39 100644
--- a/lib/accounts/user.ex
+++ b/lib/accounts/user.ex
@@ -166,6 +166,28 @@ defmodule Mv.Accounts.User do
       where: [action_is([:register_with_password, :admin_set_password])],
       message: "must have length of at least 8"
 
+    # Email validation with EctoCommons.EmailValidator (same as Member)
+    # This ensures consistency between User and Member email validation
+    validate fn changeset, _ ->
+      # Get email from attribute (Ash.CiString) and convert to string
+      email = Ash.Changeset.get_attribute(changeset, :email)
+      email_string = if email, do: to_string(email), else: nil
+
+      # Only validate if email is present
+      if email_string do
+        changeset2 =
+          {%{}, %{email: :string}}
+          |> Ecto.Changeset.cast(%{email: email_string}, [:email])
+          |> EctoCommons.EmailValidator.validate_email(:email, checks: [:html_input, :pow])
+
+        if changeset2.valid? do
+          :ok
+        else
+          {:error, field: :email, message: "is not a valid email"}
+        end
+      else
+        :ok
+      end
     end
 
     # Prevent overwriting existing member relationship
@@ -204,7 +226,13 @@ defmodule Mv.Accounts.User do
   attributes do
     uuid_primary_key :id
 
-    attribute :email, :ci_string, allow_nil?: false, public?: true
+    attribute :email, :ci_string do
+      allow_nil? false
+      public? true
+      # Same constraints as Member email for consistency
+      constraints min_length: 5, max_length: 254
+    end
+
     attribute :hashed_password, :string, sensitive?: true, allow_nil?: true
     attribute :oidc_id, :string, allow_nil?: true
   end