feat(ZMSKVR-238): disallow emails with plus, tighter rules (#1642)

* Anpassung email pattern, kein "+" sowie strengere Regeln

* weitere eingrenzung

* clean(ZMSKVR-238): code

* validation im zmscitizenapi angepasst

* php-version fix

---------

Co-authored-by: Christian Vierthaler <[email protected]>

Author: ChristianVierthaler

zmscitizenapi/src/Zmscitizenapi/Services/Core/ValidationService.php

@@ -25,6 +25,7 @@ class ValidationService
     private const MIN_PROCESS_ID = 1;
     private const PHONE_PATTERN = '/^\+?[0-9]\d{6,14}$/';
     private const SERVICE_COUNT_PATTERN = '/^\d+$/';
+    private const EMAIL_PATTERN = '/^(?!.*\.\.)(?!\.)(?!.*\.$)[^\s@+]+(?<!\.)@(?!\.)[^\s@+]+\.[^\s@]{2,}$/';
     private const MAX_FUTURE_DAYS = 365;
     // Maximum days in the future for appointments
 
@@ -464,7 +465,7 @@ private static function isValidTimestamp(?int $timestamp): bool
 
     private static function isValidEmail(?string $email): bool
     {
-        return !empty($email) && filter_var($email, FILTER_VALIDATE_EMAIL) !== false;
+        return !empty($email) && preg_match(self::EMAIL_PATTERN, $email) === 1;
     }
 
     private static function isValidTelephone(?string $telephone): bool

zmscitizenview/src/components/Appointment/CustomerInfo.vue

@@ -204,7 +204,8 @@ const { isExpired, timeLeftString } = useReservationTimer();
 
 const showErrorMessage = ref<boolean>(false);
 
-const emailPattern = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+const emailPattern =
+  /^(?!.*\.\.)(?!\.)(?!.*\.$)[^\s@+]+(?<!\.)@(?!\.)[^\s@+]+\.[^\s@]{2,}$/;
 const telephonPattern = /^\+?[0-9]\d{6,14}$/;
 
 const errorMessageFirstName = computed(() => {